AuthPuppy

Bug #1044155
Comment #8

Comment 8 for bug 1044155

Revision history for this message

jackson (neojack34-isf) wrote on 2012-09-06: Re: [Bug 1044155] Re: Reaching our own authpuppy server from the wan side

Salut,

lorsque j'accède à
http://www.libresansfil.org/login/?gw_address=192.168.5.125&gw_port=2060&gw_id=00:1D:60:6B:B3:B5&url=http%3A//www.google.com/

j'obtiens la page d'authentification splash only.

Envoie moi ton image pour que je puisse tester sur un ubiquiti que j'ai ici.

Jacksn

2012/9/4 Andrei <email address hidden>

> I found the problem of my server.
>
> Tt was a series of missing iptables lines who were blocking any
> connection attempt to whatever the port was.
>
> So by correcting it, my server is now available from the wan side. I
> don't know how this lines went to the state of being erased. It may be
> something near to this particular soho router attack named "sql
> injection".
>
> The router may run properly or may block any type of connections to it
> as it can go from high to low performances. This is a known hack attack
> who are made especially for soho routers (Ubiquiti antenna for example)
> Anyway that's not what i want to talk about.
>
> Everything's fine as long as we have the apache2 config files
> (httpd.conf) build. So now i have my server up and running, and the proc
> is describe in the post i wrote about the "DD-WRT Side" is running nice
> it is very very stable.
>
> But my main problem is to made my server working on a typical way it is
> used until now. I flashed a ubiquiti device with my domain name adress
> now accessible through the internet but as soon as there is something
> else that's where the problems occurs.
>
> So
>
> http://www.libresansfil.org
>
> work good but if i made this :
>
>
> http://www.libresansfil.org/login/?gw_address=192.168.5.125&gw_port=2060&gw_id=00:1D:60:6B:B3:B5&url=http%3A//www.google.com/
>
> Yes there is a login screen and suprisingly a token coming out the
> server as it is known, but there is always this page with the
> "192.168.5.125 as been rejected" erroir. Somehow, by having my mouse
> over the "actualisez" part of the error page i can see the token value
> at the bottom of the page.
>
> Any idea about it ?
>
> --
> You received this bug notification because you are subscribed to
> AuthPuppy.
> https://bugs.launchpad.net/bugs/1044155
>
> Title:
> Reaching our own authpuppy server from the wan side
>
> Status in AuthPuppy authentication server for Wifidog networks:
> New
>
> Bug description:
> It would solve a lot of issues about whatever the firmware we use, DD-
> WRT, Openwrt, Ubiquiti airmax. Yes my server is working great locally,
> i mean peoples can connect to it, from an SSID and getting in all the
> process to have internet access after a login page.
>
> In the installation instructions of authpuppy, nothing's documented
> about sharing my authpuppy server from a domain name. Even the
> installation process is based on localhost, which point to 127.0.0.1
> commonly know as the loop adress. Yes it would be acccessible for the
> a lan by typing the adress pointing to the fixed adress of the server,
> for example 192.168.2.100, if my authpuppy server is behind a fix
> local ip adress, yes it is reachable locally.
>
> But how to have something like i don't know something that i saw
> yesterday in a plugin documentation or question (i do not remember)
> having this running :
>
> <form action="http://www.mysite.com" method="POST">
> <input type="hidden" name="gw_id" value="default"/>
> <input type="hidden" name="gw_address"
> value="192.168.2.1"/>
> <input type="hidden" name="gw_port" value="2060"/>
> <input type="submit"
> name="submit[apAuthSplashOnlyConnect]" value="Connect" />
> </form>
>
>
> I made a php files and i test it on my server, and the wan adresss
> (point by www.mysite.com) couldn't be open. So is there something to
> do in the apache configuration to make it work ? As long as
> "www.mysite.com" will give me server couldn't be reach or unabled to
> open ##.##.##.## wan adress (who is the wan adress of my server) it
> give a lot of problem a lot. Someone already told me that i do not
> have to configured the NAT/QOS part of my router, i do not have to
> open ports in my router.
>
> It would be very very appreciated not only by me but by many many
> peoples i know, to have some tips about have this authpuppy server
> reachable by a domain name. Thanks in advance.
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/authpuppy/+bug/1044155/+subscriptions
>

Salut,

lorsque j'accède à
http://www.libresansfil.org/login/?gw_address=192.168.5.125&gw_port=2060&gw_id=00:1D:60:6B:B3:B5&url=http%3A//www.google.com/

j'obtiens la page d'authentification splash only.

Envoie moi ton image pour que je puisse tester sur un ubiquiti que j'ai ici.

Jacksn

2012/9/4 Andrei <andrei.halle@live.com>

> I found the problem of my server.
>
> Tt was a series of missing iptables lines who were blocking any
> connection attempt to whatever the port was.
>
> So by correcting it, my server is now available from the wan side. I
> don't know how this lines went to the state of being erased.  It may be
> something near to this particular soho router attack named "sql
> injection".
>
> The router may run properly or may block any type of connections to it
> as it can go from high to low performances. This is a known hack attack
> who are made especially for soho routers (Ubiquiti antenna for example)
> Anyway that's not what i want to talk about.
>
> Everything's fine as long as we have the apache2 config files
> (httpd.conf) build. So now i have my server up and running, and the proc
> is describe in the post i wrote about the "DD-WRT Side" is running nice
> it is very very stable.
>
> But my main problem is to made my server working on a typical way it is
> used until now. I flashed a ubiquiti device with my domain name adress
> now accessible through the internet but as soon as there is something
> else that's where the problems occurs.
>
> So
>
> http://www.libresansfil.org
>
> work good but if i made this :
>
>
> http://www.libresansfil.org/login/?gw_address=192.168.5.125&gw_port=2060&gw_id=00:1D:60:6B:B3:B5&url=http%3A//www.google.com/
>
> Yes there is a login screen and suprisingly a token coming out the
> server as it is known, but there is always this page with  the
> "192.168.5.125 as been rejected" erroir. Somehow,  by having my mouse
> over the "actualisez" part of the error page i can see the token value
> at the bottom of the page.
>
> Any idea about it ?
>
> --
> You received this bug notification because you are subscribed to
> AuthPuppy.
> https://bugs.launchpad.net/bugs/1044155
>
> Title:
>   Reaching our own authpuppy server from the wan side
>
> Status in AuthPuppy authentication server for Wifidog networks:
>   New
>
> Bug description:
>   It would solve a lot of issues about whatever the firmware we use, DD-
>   WRT, Openwrt, Ubiquiti airmax. Yes my server is working great locally,
>   i mean peoples can connect to it, from an SSID and getting  in all the
>   process to have internet access after a login page.
>
>   In the installation instructions of authpuppy, nothing's documented
>   about sharing my authpuppy server from a domain name. Even the
>   installation process is based on localhost, which point to 127.0.0.1
>   commonly know as the loop adress. Yes it would be acccessible for the
>   a lan by typing the adress pointing to the fixed adress of the server,
>   for example 192.168.2.100, if my authpuppy server is behind a fix
>   local ip adress, yes it is reachable locally.
>
>   But how to have something like i don't know something that i saw
>   yesterday in a plugin documentation or question (i do not remember)
>   having this running  :
>
>   <form action="http://www.mysite.com" method="POST">
>                       <input type="hidden" name="gw_id" value="default"/>
>                      <input type="hidden" name="gw_address"
> value="192.168.2.1"/>
>                      <input type="hidden" name="gw_port" value="2060"/>
>                       <input type="submit"
> name="submit[apAuthSplashOnlyConnect]" value="Connect" />
>   </form>
>
>
>   I made a php files and i test it on my server, and the wan adresss
>   (point by www.mysite.com) couldn't be open. So is there something to
>   do in the apache configuration to make it work ? As long as
>   "www.mysite.com" will give me server couldn't be reach or unabled to
>   open ##.##.##.## wan adress (who is the wan adress of my server) it
>   give a lot of problem a lot. Someone already told me that i do not
>   have to configured the NAT/QOS part of my router, i do not have to
>   open ports in my router.
>
>   It would be very very appreciated not only by me but by many many
>   peoples i know, to have some tips about have this authpuppy server
>   reachable by a domain name.  Thanks in advance.
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/authpuppy/+bug/1044155/+subscriptions
>