2012-07-04 - Re: [GRASE-Hotspot] Weird Bug I really Need Help

Header Data

From: Timothy White <ti***8@gmail.com>
Message Hash: cd7eb5abee4a1438a4f00f7bb4d144e805af96dfd07d33de7aa134b3fda3d1eb
Message ID: <CAESLx0K1w_2km8boH5dbWc=e_QrnAXOJTnQttcSJNZf2hQq5zA@mail.gmail.com>
Reply To: <CAESLx0Kh9SdZ=suArneP0mx_KwwN1-xn6UM129QnNPkm+Q=Czw@mail.gmail.com>
UTC Datetime: 2012-07-04 15:07:40 UTC
Raw Date: Thu, 05 Jul 2012 08:07:40 +1000

Raw message 

I can confirm that commenting out the 2 lines in ipup.sh will disable
the squid redirection, and all users should still have internet
access.

So the following is what it looks like by default

    ipt -I PREROUTING -t mangle -p tcp -s $NET/$MASK -d $ADDR --dport
3128 -j DROP
    ipt -I PREROUTING -t nat -i $TUNTAP -p tcp -s $NET/$MASK -d !
$ADDR --dport 80 -j REDIRECT --to 3128
# MASQUERADE
    ipt -I POSTROUTING -t nat -o $HS_WANIF -j MASQUERADE

And this is what you should change it to, to test if squid is the problem.

#    ipt -I PREROUTING -t mangle -p tcp -s $NET/$MASK -d $ADDR --dport
3128 -j DROP
#    ipt -I PREROUTING -t nat -i $TUNTAP -p tcp -s $NET/$MASK -d !
$ADDR --dport 80 -j REDIRECT --to 3128
# MASQUERADE
    ipt -I POSTROUTING -t nat -o $HS_WANIF -j MASQUERADE

Note, make sure you DON'T comment out he MASQUERADE lines, otherwise
everything will stop working. Only the lines with 3128 in them should
be commented out.

Tim
On Thu, Jul 5, 2012 at 7:19 AM, Timothy White <ti***8@gmail.com> wrote:
> Hi Dave.
>
> Let me try and make sure I'm understanding it correctly, so nothing is
> getting lost in the English.
>
> Firstly, the AP's are in bridge, so we don't need to worry about their
> IP's. As can be seen, the campers get an ip in the 10.1.0.1 range, and
> the wireless bridge acts just like a network cable carrying layer 2
> info.
>
> Now here is where I get lost a bit. Every website works #1? Do you
> mean, that every website works the first time you access it, and then
> after that the googles and facebook's stop working? Does google and
> facebook work only for the first user, and then not for other uses?
> Once it stops working, is there anything that does work? Can you ping
> it. What about if you access the https version?
> (https://www.google.com)? Can you access the https version from the
> very start before everything breaks?
>
> What I'd like to see you do, is connect the laptop via a cable to eth0
> of the hotspot server, and see if it still stops working. If it does
> stop working, let me know the session id in the admin interface, so I
> can see what's in the squid logs for that session. (And the vpn ip
> address again)
>
> The timeout page, is it a squid timeout page, or browser timeout page?
>
> Also, try setting your DNS server in the admin interface, to point to
> your RT-N16 router, so DNS is consistent. It's possible that you are
> getting DNS from external to Canada, but there being routing issues,
> and your RT-N16 gives DNS internal to Canada which doesn't have
> routing issues.
>
> I'm going to confirm disabling squid, to take that out of the picture.
> But seeing the squid logs for a session that doesn't work, will really
> help. I'm a little worried it's actually a layer2 routing issue on the
> wireless bridge, and while I'm planning on getting some Ubiquiti gear
> myself in the future, I don't have any to test with currently. If the
> problem doesn't exist when the laptop is plugged into eth0 of the
> hotspot, it rules the hotspot out and we can try and work out what the
> ubiquiti gear is doing wrong. Also, what is the distance the link
> covers?
>
> Tim
>
> On Thu, Jul 5, 2012 at 12:55 AM, ABC Informatique (Dave)
> <ab***c@abcinformatique.ca> wrote:
>> I make plan of the equipment i use and how its configured actually.
>>
>>
>>
>> http://www.abcinformatique.ca/camping%20st-louis.png
>>
>>
>>
>> Now here are everything i tried.
>>
>>
>>
>> Problem : every webpage work #1 but www.google.ca or www.google.com or
>> www.google.whatever dont work … www.facebook.com dont work either.
>>
>>
>>
>> 1.       If i plug a laptop directly to router RT-N16 everything is working
>> #1
>>
>> 2.       If i plug a laptop directly to eth0 in replacement of antenna and
>> use hotspot login and password its working #1
>>
>> 3.       I replace computer with another one with 2 network card and use
>> ubuntu 11.04 with fresh install of grase hotspot i also use last version the
>> dev5 one and still not working.
>>
>> 4.       If i plug the antenna that is plugued to eth0 directly to rt-n16
>> (so i bypass the hotspot system) its working #1
>>
>> 5.       Tried everything you ask me to tried and still not working
>>
>> 6.       The new computer i use have only 1 account on it and no special
>> configuration. So it dont seem to be a parameter in admin page.
>>
>>
>>
>>
>>
>> It really seem to be hotspot problem but i cant understand why it always
>> work #1 and it start to bugged without any reason…
>>
>>
>>
>> For now i plugued the antenna directly to rt-n16 and bypass hotspot system
>> so everyone can connect without restriction but thats not the best way L
>>
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Live Security Virtual Conference
>> Exclusive live event will cover all the ways today's security and
>> threat landscape has changed and how IT managers can respond. Discussions
>> will include endpoint security, mobile security and the latest in malware
>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>> _______________________________________________
>> Grase-hotspot mailing list
>> Gr***t@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/grase-hotspot
>>

Thread