[NoCat] nocat reauth problem

eb2bjx@hispavista.com eb2bjx at hispavista.com
Mon, 23 Aug 2004 08:40:03 +0200 

Hi all,

         I suffered for this problem too. Nocat
seems to create 2 duplicated iptables rules when
some users get authenticated. The problem is that
when the user logs out, just one of them is
removed, but the one left permits an authenticated
connection.

To get rid of this, I modified my access.fw this
way

-------------------------------------------------------------------------=
------
#!/bin/sh

action=3D$1
mac=3D$2
ip=3D$3
class=3D$4

if [ -z "$action" -o -z "$mac" -o -z "$ip" -o -z
"$class" ]; then
    echo Uso: $0 [permit\|deny] [MAC] [IP] [Class]
    echo Ejemplo: $0 permit 00:02:2d:aa:bb:cc
10.0.0.105 member
    exit 1
fi

if [ "$action" =3D "permit" ]; then
    cmd=3D-A
elif [ "$action" =3D "deny" ]; then
    cmd=3D-D
else
    echo "ERROR: Acci=F3n inv=E1lida: $action!"
    exit 1
fi

if [ "$class" =3D "Owner" ]; then
    mark=3D1
elif [ "$class" =3D "Member" ]; then
    mark=3D2
elif [ "$class" =3D "Public" ]; then
    mark=3D3
else
    echo "ERROR: Class inv=E1lida: $class!"
    exit 1
fi

if [ "$IgnoreMAC" ]; then
    match_mac=3D""
else
    match_mac=3D"-m mac --mac-source $mac"
fi

if [ "$action" =3D "deny" ]; then
    ips=3D`iptables -L -t mangle -n | grep -i "$mac"
| awk {'print $4'}`
    for ip in $ips; do
        iptables -t mangle $cmd AuthControl
$match_mac -s $ip -j MARK --set-mark $mark
        iptables -t filter $cmd
AuthControl_Inbound -d $ip -j ACCEPT
        iptables -t mangle $cmd AuthControl -d $ip
-j MARK --set-mark $mark
    done
    exit 0
fi

iptables -t mangle $cmd AuthControl $match_mac -s
$ip -j MARK --set-mark $mark
iptables -t filter $cmd AuthControl_Inbound -d $ip
-j ACCEPT
iptables -t mangle $cmd AuthControl -d $ip -j MARK
--set-mark $mark
-------------------------------------------------------------------------=
------

Hope it helps!

---
eb2bjx@hispavista.com
http://www.euskalwireless.net
http://joseba.scoope.org
-------------------------------------------------------------------------=
----------
50 MB de espacio para el correo con Outlook o por Web:
http://www.hispavista.com/

-------------------------------------------------------------------------=
----------
=BFConoces eBay, el mayor centro de compra y venta en internet?
M=F3viles, port=E1tiles, pda=B4s, cd=B4s, c=E1maras digitales, videocamar=
as...
=A1Compra ahora a los mejores precios! http://ebay.hispavista.com/