iptables, and allowing hosting through on captive portal ?

This is a discussion on iptables, and allowing hosting through on captive portal ? within the Linux Networking forums, part of the Linux Forums category; Hi, I'm using nocatsplash which is setting up iptables , and routing authorized users through to nocat. Now it its ...


Go Back   Usenet Forums > Linux Forums > Linux Networking

Reload this Page iptables, and allowing hosting through on captive portal ?

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 05-20-2004
Ian White
 
Posts: n/a
Default iptables, and allowing hosting through on captive portal ?
Hi, I'm using nocatsplash which is setting up iptables , and routing
authorized users through to nocat. Now it its suppose to allow access
to certain websites without the authorization , but I can't under way
it isn't. Can some check the iptables for something obvious.

216.67.248.222 is an example that I would like to get through ,
requests coming in on 192.168.201.x

iptables -L -n -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 10.0.0.0/8 0.0.0.0/0
ACCEPT all -- 1.0.0.0/8 0.0.0.0/0
NoCat_Capture all -- 0.0.0.0/0 0.0.0.0/0

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 192.168.0.0/16 0.0.0.0/0
MASQUERADE all -- 172.16.0.0/16 0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain NoCat_Capture (1 references)
target prot opt source destination
DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 MARK match
0x4 tcp dpt:443 to:1.165.22.29:5280
DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 MARK match
0x4 tcp dpt:80 to:1.165.22.29:5280
RETURN tcp -- 192.168.0.0/16 1.165.22.29 tcp dpt:80
RETURN tcp -- 192.168.0.0/16 1.165.22.29 tcp
dpt:443
RETURN tcp -- 192.168.0.0/16 216.67.247.87 tcp
dpt:443
RETURN tcp -- 192.168.0.0/16 216.67.248.222 tcp dpt:80
RETURN tcp -- 192.168.0.0/16 216.67.248.222 tcp
dpt:443

Chain NoCat_NAT (0 references)
target prot opt source destination
MASQUERADE all -- 192.168.0.0/16 0.0.0.0/0 MARK
match 0x1
MASQUERADE all -- 192.168.0.0/16 0.0.0.0/0 MARK
match 0x2
MASQUERADE all -- 192.168.0.0/16 0.0.0.0/0 MARK
match 0x3
MASQUERADE all -- 192.168.0.0/16 0.0.0.0/0 MARK
match 0x5
MASQUERADE tcp -- 192.168.0.0/16 1.165.22.29 tcp
dpt:80
MASQUERADE tcp -- 192.168.0.0/16 1.165.22.29 tcp
dpt:443
MASQUERADE tcp -- 192.168.0.0/16 216.67.247.87 tcp
dpt:443
MASQUERADE tcp -- 192.168.0.0/16 216.67.248.222 tcp
dpt:80
MASQUERADE tcp -- 192.168.0.0/16 216.67.248.222 tcp
dpt:443


-------------------

iptables -L -n -t mangle
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DECRYPT 177 -- 0.0.0.0/0 255.255.255.255
DECRYPT 177 -- 0.0.0.0/0 192.168.1.2
DECRYPT 177 -- 0.0.0.0/0 1.165.22.29
DECRYPT 177 -- 0.0.0.0/0 1.165.22.29
DECRYPT 177 -- 0.0.0.0/0 255.255.255.255
NoCat all -- 0.0.0.0/0 0.0.0.0/0
DECRYPT 177 -- 0.0.0.0/0 0.0.0.0/0 length 92
STRING match test

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination
MARK all -- 0.0.0.0/0 0.0.0.0/0 MAC
00:40:F4:9E:0D:B3 MARK set 0x2

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
TCPMSS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
dpt:!51010 flags:0x06/0x02 TCPMSS set 1300
TCPMSS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
dpt:51010 flags:0x06/0x02 TCPMSS set 1416
NoCatfwd all -- 0.0.0.0/0 0.0.0.0/0

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
TCPMSS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
dpt:!51010 flags:0x06/0x02 TCPMSS set 1300
TCPMSS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
dpt:51010 flags:0x06/0x02 TCPMSS set 1416
TTL icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type
14 TTL set to 1
TTL icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type
13 TTL set to 1
NoCatfwd all -- 0.0.0.0/0 0.0.0.0/0
CRYPT tcp -- 0.0.0.0/0 1.80.129.114 tcp
spt:!10083 key: 16a542e algo: 0

CRYPT udp -- 0.0.0.0/0 1.80.129.114 udp
dpt:!654 key: 16a542e algo: 0

CRYPT tcp -- 0.0.0.0/0 1.215.116.3 tcp
spt:!10083 key: cdbf599 algo: 0

CRYPT udp -- 0.0.0.0/0 1.215.116.3 udp
dpt:!654 key: cdbf599 algo: 0


Chain NoCat (1 references)
target prot opt source destination
MARK all -- 0.0.0.0/0 0.0.0.0/0 MARK set
0x4
MARK all -- 10.0.0.0/8 0.0.0.0/0 MARK set
0x5
MARK all -- 1.0.0.0/8 0.0.0.0/0 MARK set
0x5
MARK all -- 172.16.0.0/16 0.0.0.0/0 MARK set
0x5
MARK all -- 0.0.0.0/0 0.0.0.0/0 MAC
00:40:F4:9E:0D:B3 MARK set 0x2

Chain NoCatfwd (2 references)
target prot opt source destination
MARK all -- 172.16.0.0/16 0.0.0.0/0 MARK set
0x5
MARK all -- 0.0.0.0/0 10.0.0.0/8 MARK set
0x5
MARK all -- 0.0.0.0/0 1.0.0.0/8 MARK set
0x5
MARK all -- 0.0.0.0/0 255.255.255.255 MARK set
0x6


-----------

iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP all -- 10.255.255.254 0.0.0.0/0
DROP all -- 1.255.255.254 0.0.0.0/0
DROP all -- 0.0.0.0/0 10.255.255.254
DROP all -- 0.0.0.0/0 1.255.255.254
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
dpt:10083 reject-with icmp-port-unreachable
lmticmp icmp -- !172.16.0.0/16 0.0.0.0/0

Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCT all -- 0.0.0.0/0 0.0.0.0/0
TCPMSS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x06/0x02 TCPMSS set 1300
NoCat all -- 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
dpt:10083 reject-with icmp-port-unreachable

Chain ACCT (1 references)
target prot opt source destination

Chain NoCat (1 references)
target prot opt source destination
NoCat_Ports all -- 0.0.0.0/0 0.0.0.0/0
NoCat_Inbound all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 192.168.0.0/16 0.0.0.0/0 MARK match
0x1
ACCEPT all -- 192.168.0.0/16 0.0.0.0/0 MARK match
0x2
ACCEPT all -- 192.168.0.0/16 0.0.0.0/0 MARK match
0x3
ACCEPT all -- 192.168.0.0/16 0.0.0.0/0 MARK match
0x5
ACCEPT tcp -- 192.168.0.0/16 1.165.22.29 tcp dpt:80
ACCEPT tcp -- 1.165.22.29 192.168.0.0/16 tcp spt:80
ACCEPT tcp -- 192.168.0.0/16 1.165.22.29 tcp
dpt:443
ACCEPT tcp -- 1.165.22.29 192.168.0.0/16 tcp
spt:443
ACCEPT tcp -- 216.67.247.87 192.168.0.0/16 tcp spt:80
ACCEPT tcp -- 192.168.0.0/16 216.67.247.87 tcp
dpt:443
ACCEPT tcp -- 216.67.247.87 192.168.0.0/16 tcp
spt:443
ACCEPT tcp -- 192.168.0.0/16 216.67.248.222 tcp dpt:80
ACCEPT tcp -- 216.67.248.222 192.168.0.0/16 tcp spt:80
ACCEPT tcp -- 192.168.0.0/16 216.67.248.222 tcp
dpt:443
ACCEPT tcp -- 216.67.248.222 192.168.0.0/16 tcp
spt:443
ACCEPT all -- 10.0.0.0/8 0.0.0.0/0
ACCEPT all -- 1.0.0.0/8 0.0.0.0/0
ACCEPT udp -- 0.0.0.0/0 172.16.0.0/16 udp dpt:53
DROP all -- 0.0.0.0/0 0.0.0.0/0

Chain NoCat_Inbound (1 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 MAC
00:40:F4:9E:0D:B3

Chain NoCat_Ports (1 references)
target prot opt source destination
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
MARK match 0x3
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:25
MARK match 0x3
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
dpt:111 MARK match 0x3
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp
dpt:111 MARK match 0x3

Chain lmticmp (1 references)
target prot opt source destination
ACCEPT all -- !192.168.0.0/16 0.0.0.0/0
ACCEPT all -- 192.168.0.0/16 0.0.0.0/0 limit: avg
30/sec burst 5
LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg
5/min burst 5 LOG flags 0 level 0 prefix `STORMWARNING: '
DROP all -- 0.0.0.0/0 0.0.0.0/0
Reply With Quote
Reply
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On




All times are GMT +1. The time now is 01:10 AM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0