Closed xewonder closed 1 year ago
to answer my own question,
adding this solved my issue iptables -I INPUT_tun0 -d 192.170.1.1 -j ACCEPT
now it looks like this and "works".
`Chain INPUT (policy ACCEPT 39 packets, 2351 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- enp5s0 0.0.0.0/0 11.1.0.1 tcp dpt:3990coova: name: chilli side: source
0 0 INPUT_tun0 all -- tun0 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- enp5s0 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- tun0 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
1 181 ACCEPT all -- enp1s0 tun0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- tun0 enp1s0 0.0.0.0/0 0.0.0.0/0
1 324 ACCEPT all -- enp1s0 enp5s0 0.0.0.0/0 0.0.0.0/0 coova: name: chilli side: dest
4 208 ACCEPT all -- enp5s0 enp1s0 0.0.0.0/0 0.0.0.0/0 coova: name: chilli side: source
0 0 DROP all -- enp5s0 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- tun0 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 37 packets, 82121 bytes) pkts bytes target prot opt in out source destination
Chain INPUT_tun0 (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- tun0 0.0.0.0/0 11.1.0.1 tcp dpt:3990
0 0 ACCEPT all -- 0.0.0.0/0 192.170.1.1
0 0 RETURN all -- * 0.0.0.0/0 0.0.0.0/0 `
Thank you
Good day,
On Ubuntu 20.04.5 LTS
coova-chilli 1.6
Compiled with ENABLE_DEBUG ENABLE_ACCOUNTING_ONOFF ENABLE_BINSTATFILE ENABLE_CHILLIQUERY ENABLE_COA ENABLE_RADPROXY ENABLE_CHILLIREDIR ENABLE_DHCPRADIUS ENABLE_IEEE8021Q ENABLE_IPV6 ENABLE_JSON ENABLE_LEAKYBUCKET ENABLE_STATFILE ENABLE_TAP ENABLE_TCPRESET ENABLE_UAMANYIP ENABLE_UAMUIPORT HAVE_NETFILTER_COOVA HAVE_OPENSSL
I have a problem with XT_COOVA and my iptables. (and i have no idea what I am doing)
enp1s0 = dhcp assigned (wan) enp5s0 = 192.168.182.1/16 (coova interface) enp6s0 = 192.170.1.1/24 (internal net)
I can not access my internal network where my splash page is. With the below iptables i just get a timeout
`Chain INPUT (policy ACCEPT 6624 packets, 578K bytes) pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- enp5s0 0.0.0.0/0 11.1.0.1 tcp dpt:3990coova: name: chilli side: source 0 0 INPUT_tun0 all -- tun0 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- enp5s0 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- tun0 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 383 packets, 110K bytes) pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- enp1s0 tun0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- tun0 enp1s0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- enp1s0 enp5s0 0.0.0.0/0 0.0.0.0/0 coova: name: chilli side: dest 0 0 ACCEPT all -- enp5s0 enp1s0 0.0.0.0/0 0.0.0.0/0 coova: name: chilli side: source 0 0 DROP all -- enp5s0 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- tun0 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 6240 packets, 4031K bytes) pkts bytes target prot opt in out source destination
Chain INPUT_tun0 (1 references) pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- tun0 0.0.0.0/0 11.1.0.1 tcp dpt:3990 0 0 RETURN all -- * 0.0.0.0/0 0.0.0.0/0 `
If I add
iptables -I INPUT -d 192.170.1.0/24 -j ACCEPT
then i get a TCP RESET error.To be noted that this config works perfectly if my splash page is on the internet. Once authenticated i can access my internal lan.
my config:
`HS_WANIF=enp1s0 # WE ALSO Need to specify this HS_LANIF=enp5s0 # Subscriber Interface for client devices
HS_NETWORK=192.168.182.0 HS_NETMASK=255.255.0.0 HS_UAMLISTEN=11.1.0.1 HS_UAMPORT=3990
HS_UAMUIPORT=4990
HS_DYNIP=192.168.182.0 HS_DYNIP_MASK=255.255.255.0 HS_STATIP=192.168.182.0 HS_STATIP_MASK=255.255.255.0 HS_DNS_DOMAIN=waveloc.com HS_DNS1=8.8.8.8 HS_DNS2=8.8.4.4 HS_NASID=SERVER HS_RADIUS=192.170.1.1 HS_RADIUS2=192.170.1.1 HS_UAMALLOW=waveloc.com,192.170.1.1 HS_RADSECRET=LETUSIN HS_UAMSECRET=xxxxxx HS_SSID=hotspot-express HS_UAMFORMAT=http://192.170.1.1/cake3/rd_cake/dynamic-details/chilli-browser-detect/ HS_MACAUTH=on HS_TCP_PORTS="80 443" HS_LOC_NAME="My HotSpot"
HS_DHCPLISTEN=192.168.182.1 HS_DHCPIF=enp5s0 HS_SESKEEPALIVE=on HS_ACCTUPDATE=on
for testing
HS_NATANYIP=on
HS_ANYIP=on
HS_LAN_ACCESS=allow`
I even tried https://github.com/coova/coova-chilli/issues/62
Thank you in advance