Networking Forums
Home Register Members Search Links
Member Login:

Networking Forums > Computer Networking > Linux Networking > iptables, and allowing hosting through on captive portal ?

Reply
Thread Tools Display Modes

iptables, and allowing hosting through on captive portal ?

 
 
Ian White
Guest
Posts: n/a

 
      05-20-2004, 08:20 PM
Hi, I'm using nocatsplash which is setting up iptables , and routing
authorized users through to nocat. Now it its suppose to allow access
to certain websites without the authorization , but I can't under way
it isn't. Can some check the iptables for something obvious.

216.67.248.222 is an example that I would like to get through ,
requests coming in on 192.168.201.x

iptables -L -n -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 10.0.0.0/8 0.0.0.0/0
ACCEPT all -- 1.0.0.0/8 0.0.0.0/0
NoCat_Capture all -- 0.0.0.0/0 0.0.0.0/0

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 192.168.0.0/16 0.0.0.0/0
MASQUERADE all -- 172.16.0.0/16 0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain NoCat_Capture (1 references)
target prot opt source destination
DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 MARK match
0x4 tcp dpt:443 to:1.165.22.29:5280
DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 MARK match
0x4 tcp dpt:80 to:1.165.22.29:5280
RETURN tcp -- 192.168.0.0/16 1.165.22.29 tcp dpt:80
RETURN tcp -- 192.168.0.0/16 1.165.22.29 tcp
dpt:443
RETURN tcp -- 192.168.0.0/16 216.67.247.87 tcp
dpt:443
RETURN tcp -- 192.168.0.0/16 216.67.248.222 tcp dpt:80
RETURN tcp -- 192.168.0.0/16 216.67.248.222 tcp
dpt:443

Chain NoCat_NAT (0 references)
target prot opt source destination
MASQUERADE all -- 192.168.0.0/16 0.0.0.0/0 MARK
match 0x1
MASQUERADE all -- 192.168.0.0/16 0.0.0.0/0 MARK
match 0x2
MASQUERADE all -- 192.168.0.0/16 0.0.0.0/0 MARK
match 0x3
MASQUERADE all -- 192.168.0.0/16 0.0.0.0/0 MARK
match 0x5
MASQUERADE tcp -- 192.168.0.0/16 1.165.22.29 tcp
dpt:80
MASQUERADE tcp -- 192.168.0.0/16 1.165.22.29 tcp
dpt:443
MASQUERADE tcp -- 192.168.0.0/16 216.67.247.87 tcp
dpt:443
MASQUERADE tcp -- 192.168.0.0/16 216.67.248.222 tcp
dpt:80
MASQUERADE tcp -- 192.168.0.0/16 216.67.248.222 tcp
dpt:443


-------------------

iptables -L -n -t mangle
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DECRYPT 177 -- 0.0.0.0/0 255.255.255.255
DECRYPT 177 -- 0.0.0.0/0 192.168.1.2
DECRYPT 177 -- 0.0.0.0/0 1.165.22.29
DECRYPT 177 -- 0.0.0.0/0 1.165.22.29
DECRYPT 177 -- 0.0.0.0/0 255.255.255.255
NoCat all -- 0.0.0.0/0 0.0.0.0/0
DECRYPT 177 -- 0.0.0.0/0 0.0.0.0/0 length 92
STRING match test

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination
MARK all -- 0.0.0.0/0 0.0.0.0/0 MAC
00:40:F4:9E:0D:B3 MARK set 0x2

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
TCPMSS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
dpt:!51010 flags:0x06/0x02 TCPMSS set 1300
TCPMSS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
dpt:51010 flags:0x06/0x02 TCPMSS set 1416
NoCatfwd all -- 0.0.0.0/0 0.0.0.0/0

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
TCPMSS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
dpt:!51010 flags:0x06/0x02 TCPMSS set 1300
TCPMSS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
dpt:51010 flags:0x06/0x02 TCPMSS set 1416
TTL icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type
14 TTL set to 1
TTL icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type
13 TTL set to 1
NoCatfwd all -- 0.0.0.0/0 0.0.0.0/0
CRYPT tcp -- 0.0.0.0/0 1.80.129.114 tcp
spt:!10083 key: 16a542e algo: 0

CRYPT udp -- 0.0.0.0/0 1.80.129.114 udp
dpt:!654 key: 16a542e algo: 0

CRYPT tcp -- 0.0.0.0/0 1.215.116.3 tcp
spt:!10083 key: cdbf599 algo: 0

CRYPT udp -- 0.0.0.0/0 1.215.116.3 udp
dpt:!654 key: cdbf599 algo: 0


Chain NoCat (1 references)
target prot opt source destination
MARK all -- 0.0.0.0/0 0.0.0.0/0 MARK set
0x4
MARK all -- 10.0.0.0/8 0.0.0.0/0 MARK set
0x5
MARK all -- 1.0.0.0/8 0.0.0.0/0 MARK set
0x5
MARK all -- 172.16.0.0/16 0.0.0.0/0 MARK set
0x5
MARK all -- 0.0.0.0/0 0.0.0.0/0 MAC
00:40:F4:9E:0D:B3 MARK set 0x2

Chain NoCatfwd (2 references)
target prot opt source destination
MARK all -- 172.16.0.0/16 0.0.0.0/0 MARK set
0x5
MARK all -- 0.0.0.0/0 10.0.0.0/8 MARK set
0x5
MARK all -- 0.0.0.0/0 1.0.0.0/8 MARK set
0x5
MARK all -- 0.0.0.0/0 255.255.255.255 MARK set
0x6


-----------

iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP all -- 10.255.255.254 0.0.0.0/0
DROP all -- 1.255.255.254 0.0.0.0/0
DROP all -- 0.0.0.0/0 10.255.255.254
DROP all -- 0.0.0.0/0 1.255.255.254
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
dpt:10083 reject-with icmp-port-unreachable
lmticmp icmp -- !172.16.0.0/16 0.0.0.0/0

Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCT all -- 0.0.0.0/0 0.0.0.0/0
TCPMSS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x06/0x02 TCPMSS set 1300
NoCat all -- 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
dpt:10083 reject-with icmp-port-unreachable

Chain ACCT (1 references)
target prot opt source destination

Chain NoCat (1 references)
target prot opt source destination
NoCat_Ports all -- 0.0.0.0/0 0.0.0.0/0
NoCat_Inbound all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 192.168.0.0/16 0.0.0.0/0 MARK match
0x1
ACCEPT all -- 192.168.0.0/16 0.0.0.0/0 MARK match
0x2
ACCEPT all -- 192.168.0.0/16 0.0.0.0/0 MARK match
0x3
ACCEPT all -- 192.168.0.0/16 0.0.0.0/0 MARK match
0x5
ACCEPT tcp -- 192.168.0.0/16 1.165.22.29 tcp dpt:80
ACCEPT tcp -- 1.165.22.29 192.168.0.0/16 tcp spt:80
ACCEPT tcp -- 192.168.0.0/16 1.165.22.29 tcp
dpt:443
ACCEPT tcp -- 1.165.22.29 192.168.0.0/16 tcp
spt:443
ACCEPT tcp -- 216.67.247.87 192.168.0.0/16 tcp spt:80
ACCEPT tcp -- 192.168.0.0/16 216.67.247.87 tcp
dpt:443
ACCEPT tcp -- 216.67.247.87 192.168.0.0/16 tcp
spt:443
ACCEPT tcp -- 192.168.0.0/16 216.67.248.222 tcp dpt:80
ACCEPT tcp -- 216.67.248.222 192.168.0.0/16 tcp spt:80
ACCEPT tcp -- 192.168.0.0/16 216.67.248.222 tcp
dpt:443
ACCEPT tcp -- 216.67.248.222 192.168.0.0/16 tcp
spt:443
ACCEPT all -- 10.0.0.0/8 0.0.0.0/0
ACCEPT all -- 1.0.0.0/8 0.0.0.0/0
ACCEPT udp -- 0.0.0.0/0 172.16.0.0/16 udp dpt:53
DROP all -- 0.0.0.0/0 0.0.0.0/0

Chain NoCat_Inbound (1 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 MAC
00:40:F4:9E:0D:B3

Chain NoCat_Ports (1 references)
target prot opt source destination
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
MARK match 0x3
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:25
MARK match 0x3
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
dpt:111 MARK match 0x3
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp
dpt:111 MARK match 0x3

Chain lmticmp (1 references)
target prot opt source destination
ACCEPT all -- !192.168.0.0/16 0.0.0.0/0
ACCEPT all -- 192.168.0.0/16 0.0.0.0/0 limit: avg
30/sec burst 5
LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg
5/min burst 5 LOG flags 0 level 0 prefix `STORMWARNING: '
DROP all -- 0.0.0.0/0 0.0.0.0/0
 
Reply With Quote
 
 
 
Reply

« Samba response slow - related to invalid guest access error? | Suggestions for remote admin of linux machines »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Radius or captive portal? nick Wireless Internet 3 10-04-2006 05:08 PM
Implementing a captive portal with iptables. jaXvi Linux Networking 4 06-12-2006 09:08 PM
question on captive portal rhltechie@gmail.com Wireless Internet 4 01-05-2006 08:25 PM
Captive Portal for Windows Peter Phillips Wireless Internet 4 11-09-2004 04:44 PM
WISP / Captive Portal lists Wireless Internet 4 07-14-2004 03:43 AM


Forum Software Powered by vBulletin®, Copyright Jelsoft Enterprises Ltd.
SEO by vBSEO 3.3.2 ©2009, Crawlability, Inc.
Contact Us - Archive - Privacy Statement - Top

1 2 3 4 5 6 7 8 9 10 11