[CoovaChilli] Documentation about xt_coova/ipt-coova/nfcoova
pparent at comminter.com
Mon Jun 6 16:55:01 BST 2016
Thanks a lot for your message.
It kind of works with some iptables, I succeed in getting 100Mbps throughput
(instead of 25Mpbs before). But I had to change the iptables described in the
iptables -I FORWARD -i eth0.1 -m coova --name chilli -j ACCEPT
iptables -I FORWARD -o eth0.1 -j ACCEPT
iptables -I FORWARD -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -j ACCEPT
iptables -A FORWARD -j DROP
iptables -I INPUT -d 188.8.131.52 -j ACCEPT
Notably I had to allow any incoming packet for eth0.1 (lan), without filtering
with xt_coova. When Filtering with xt_coova for incoming packet for eth0.1 the
rule was never matched, not sure why. I don't know whether using these
iptables can be problematic or not. If the user cannot send any packet,
routing incoming packets should not allow him to do anything. But this does
not seem very normal either.
I still have a big problem, during the authentication process, the TCP
connections very often fails, most often when connecting to 184.108.40.206:3990, but
also sometimes when connecting to the distant server specified in uamhomepage
or at some other point of the identification process. It generally requires 1
to 5 attempts to actually access 220.127.116.11:3900.
I made a packet capture with Wireshark, I see that some packages always flow in
both ways (from and to 18.104.22.168), but I see a lot of [TCP previous segment not
captured] [TCP Retransmission] [TCP Out-of-Order] [TCP Dup ACK].
Do you have any information about this problem? Also, I have a quick question;
is xt_coova supposed to be stable or is it still somewhat experimental?
Thanks in advance!
I use the version currently used in openwrt: commit
Here is my /etc/chilli.conf
Le mercredi 1 juin 2016, 09:57:35 Brian Andrews a écrit :
> Hi Pierre
> You need a very specific configuration to get kmod-coova/xt_coova to work.
> You need specific firewall rules and you need to change your ip setup. See
> David’s original post here:
> There are also some more clues in this thread:
> > On 1/06/2016, at 1:42 AM, Pierre Parent <pparent at comminter.com> wrote:
> > Hi,
> > I'm lacking documentation on how to have chili working with xt_coova.
> > I compiled it (in openwrt) with --with-nfcoova option, I have the xt_coova
> > linux module running, and I don't observe any improvement on performances,
> > or CPU usage.
> > Also lsmod shows that the module xt_coova is not called:
> > [...]
> > xt_connlimit 3296 0
> > xt_connmark 960 3
> > xt_conntrack 2064 14
> > xt_coova 5312 0
> > xt_dscp 928 0
> > xt_ecn 1216 0
> > xt_helper 800 0
> > xt_hl 720 0
> > xt_id 400 0
> > [...]
> > I guess, I must be missing something, but I don't find any documentation
> > on how to setup xt-coova. Is there a special option to set in the config
> > file, or special iptables to setup?
> > Thanks in advance!
> > Pierre.
> > _______________________________________________
> > CoovaChilli mailing list
> > CoovaChilli at brightonchilli.org.uk
> > https://www.brightonchilli.org.uk/mailman/listinfo/coovachilli
> CoovaChilli mailing list
> CoovaChilli at brightonchilli.org.uk
More information about the CoovaChilli