My Hotspot is passing some sites without authentication

mohammed farouk mfaroukg at gmail.com
Mon Jan 11 07:52:35 CET 2016


Weird issue since users once connected to the Coovachilli and not login
login yet to correct freeradius credential they still can brows google and
watch youtube.

Freeradius can't feel there is packet flow to count or to block from the
"freeradius -X"

google keeps hopping between lots of IP's which skips the blocked ones and
passes another one which not blocked,

hotspot creates the following iptables:
  iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -i eth1 -j DROP
-A INPUT -d 10.42.0.1/32 -i tun0 -p icmp -j ACCEPT
-A INPUT -d 10.42.0.1/32 -i tun0 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -d 10.42.0.1/32 -i tun0 -p udp -m udp --dport 67:68 -j ACCEPT
-A INPUT -d 255.255.255.255/32 -i tun0 -p udp -m udp --dport 67:68 -j ACCEPT
-A INPUT -d 10.42.0.1/32 -i tun0 -p tcp -m tcp --dport 10000 -j ACCEPT
-A INPUT -d 10.42.0.1/32 -i tun0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -d 10.42.0.1/32 -i tun0 -p tcp -m tcp --dport 8080 -j ACCEPT
-A INPUT -d 10.42.0.1/32 -i tun0 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -d 10.42.0.1/32 -i tun0 -p tcp -m tcp --dport 4990 -j ACCEPT
-A INPUT -d 10.42.0.1/32 -i tun0 -p tcp -m tcp --dport 3990 -j ACCEPT
-A INPUT -d 10.42.0.1/32 -i tun0 -j DROP
-A FORWARD -i tun0 -o eth0 -j ACCEPT
-A FORWARD -i tun0 ! -o eth0 -j DROP
-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS
--clamp-mss-to-pmtu
-A FORWARD -o tun0 -j ACCEPT
-A FORWARD -i tun0 -j ACCEPT
-A FORWARD -o eth1 -j DROP
-A FORWARD -i eth1 -j DROP

*Best regards,*

*Mohammed Farouk*

*+20(0)1144767555*


*goo.gl/WWUQrB <http://goo.gl/WWUQrB>*


More information about the Freeradius-Users mailing list