Professional Documents
Culture Documents
..
..
" .. "
""
()
()
""
.
" "
""
..
()
. (Telecommunication and
Broadcast Carrier) .
. (Access Service Provider)
.
. (Host Service Provider)
.
. .
() () (Content Service Provider)
(Application Service Provider)
.
.
() () .
.
() () .
.
() () .
.
() () .
.
() ()
.
() (Media) (Integrity) (Identification)
()
()
Centralized Log Server Data Archiving Data Hashing
(IT Auditor)
()
..
() (Identification and
Authentication) Proxy Server, Network Address Translation (NAT) Proxy Cache
Cache Engine Free Internet 1222 Wi-Fi Amnat-EDv2
()
(Identification and Authentication)
(Stratum 0)
() () .
() () . (ISP)
() ()
..
Linux CentOS
.. OS
CentOS 5.5 Linux Distribution
Intranet Internet Server
Windows Server (Windows Server 2003, Windows
Server 2008), Linux Server (RedHat, Fedora, CentOS, Ubuntu, Debian, Slackware, SuSE,
Mandriva, OpenNA, IPCop, Linux-SIS), BSD Server (FreeBSD, OpenBSD, NetBSD), Solaris
(Sun Solaris, OpenSolaris)
Admin
Linux
Admin
Google Admin
CentOS
1. CentOS
(
Google.com)
2. CentOS
Web Server(Apache), FTP
Server(ProFTPd/VSFTPd),MailServer(Sendmail/Postfix/Dovecot),Database Server(MySQL/P ostgreSQL), File and
Printer Server(Samba), Proxy Server(Squid), DNS Server(BIND), DHCP Server(DHCPd), Antivirus
Server(ClamAV), Streaming Server, RADIUS Server(FreeRADIUS), Control Panel(ISPConfig)
3. (Private IP Address)
Log Files
2550
CentOS
CD CentOS
CD
CD 6
http://mirror.unl.edu/centos/5.2/isos/i386/CentOS-5.2-i386-bin-1of6.iso
http://mirror.unl.edu/centos/5.2/isos/i386/CentOS-5.2-i386-bin-2of6.iso
http://mirror.unl.edu/centos/5.2/isos/i386/CentOS-5.2-i386-bin-3of6.iso
http://mirror.unl.edu/centos/5.2/isos/i386/CentOS-5.2-i386-bin-4of6.iso
http://mirror.unl.edu/centos/5.2/isos/i386/CentOS-5.2-i386-bin-5of6.iso
http://mirror.unl.edu/centos/5.2/isos/i386/CentOS-5.2-i386-bin-6of6.iso
link http://mirror.unl.edu/centos/5.2/isos/i386/
Mirror : http://mirror1.ku.ac.th/centos-dvd/
Admin
http://www.linuxthai.org/forum/index.php?topic=197
39.0
Authentication + LOG
1. SPEC COMPUTER
CPU 1.5 GHz
HDD 160 GB
RAM 512 MB
DVD-ROM ( CentOS 5.5 DVD)
VGA ONBOARD
( TextMode)
SOUND USB
2. NETWORK
LAN CARD 2 CARD ONBOARD CentOS 5.5
Real Tek SMC Zyxel 3COM D-Link
3. UTP 2
1 Computer Switch HUB Internet 2 Computer
Computer Client Config
4. OS Linux CentOS 5.5 DVD - I386
5. Computer Client Config ( NoteBook
)
6. DOS Network ()
(Install)
Linux CentOS 5.5
1. BIOS Computer DVD-ROM
2. CentOS 5.5 I386 DVD ()
3. Boot CentOS 5.5
DVD
Skip ( DVD
CentOS Installation OK
English OK
Keyboard us OK
Partition
Yes Enter
Partition
Yes Partition
Harddisk Partition
TAB OK Enter
Boot Loader
Use GRUB Boot Loader TAB OK Enter
GateWay DNS
HostName localhost
TAB OK Enter
Server Asia/Bangkok
TAB OK Enter
Root Login
rootadmin TAB OK Enter
Package (
Customize Software Selection) Spacebar TAB OK Enter
[*] Java
[*] Java Development
TAB OK Enter
Check Packages
Package
OK Enter
Format Harddisk
Copy
Copy
Copy
Enter (Reboot)
Check .
ChilliSpot
chillispot dhcp server dhcp server
# service dhcpd stop
Class IP ChilliSpot Class DHCP Server Class
DHCP Authen
# nano /etc/sysconfig/network-scripts/ifcfg-eth1
# Intel Corporation 82557/8/9/0/1 Ethernet Pro 100 DEVICE=eth1
HWADDR=00:06:29:89:E5:9C
ONBOOT=yes
BOOTPROTO=none
server dhcp
! chillispot dhcp 2
# cat /etc/resolv.conf
search localhost
nameserver 192.168.1.1
DNS Server ADSL modem ISP
bios update
delete --
-- login server package server update Internet
package
SSH Server
server port ssh port 22 remote
# nano /etc/ssh/ssh_config
# Port 22
# Protocol 2,1
Port 22
Protocol 2,1
# chkconfig sshd on
sshd (start auto) boot
# /etc/init.d/sshd start
Starting sshd: [ OK ]
Grub
# nano /boot/grub/grub.conf
# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE: You have a /boot partition. This means that
# all kernel and initrd paths are relative to /boot/, eg.
# root (hd0,0)
# kernel /vmlinuz-version ro root=/dev/VolGroup01/LogVol00
# initrd /initrd-version.img
#boot=/dev/hda
default=0
timeout=1
#splashimage=(hd0,0)/grub/splash.xpm.gz
#hiddenmenu
title CentOS 5.2 Server (2.6.18-92.el5)
root (hd0,0)
kernel /vmlinuz-2.6.18-92.el5 ro root=/dev/VolGroup01/LogVol00 rhgb quiet
initrd /initrd-2.6.18-92.el5.img
* list download
server
package package
package download download
Download Package Upload
Server FTP SSH server
Update (--) 10
package crontab version
# rpm -aq | grep cron
crontabs-1.10-8
anacron-2.3-45.el5.centos
vixie-cron-4.1-72.el5
# nano /etc/crontab
crontab run-time
# crontab -e
Editor vi
Insert I
copy
Esc
Shift : w q !
==>
:wq! ==>
Enter !
* crontab 1 1 run-time
# nano /etc/crontab
==>
# crontab -e ==> Run-time
restart service reload
# /etc/rc.d/init.d/crond restart
Stopping crond: [ OK ]
Starting crond: [ OK ]
# /sbin/chkconfig crond on
Installing Apache2
Complete!
# /etc/rc.d/init.d/httpd restart
OR
# /etc/init.d/httpd start
Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName [ OK ]
# /sbin/chkconfig httpd on
https
UserDir disable
# UserDir public_html
#UserDir disable
UserDir public_html
# nano +370 /etc/httpd/conf/httpd.conf
<Directory /home/*/public_html>
AllowOverride FileInfo AuthConfig Limit
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec <Limit GET POST OPTIONS>
Order allow,deny
Allow from all
</Limit>
<LimitExcept GET POST OPTIONS>
Order deny,allow
Deny from all
</LimitExcept>
</Directory>
# nano +778 /etc/httpd/conf/httpd.conf
# ServerName www.example.com:80
# ServerName www.example.com:80
ServerName localhost:80
# nano +391 /etc/httpd/conf/httpd.conf
==> http://192.168.1.100
( MySQL rootadmin )
OR
# mysqladmin -h localhost -u root password rootadmin
# /usr/bin/mysql -u root prootadmin
Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 3
Server version: 5.0.77 Source distribution
Type 'help;' or '\h' for help. Type '\c' to clear the buffer. mysql>
show databases;
mysql> exit
Bye
# yum -y install php php-mysql php-gd php-imap php-ldap php-mcrypt php-mbstring php-odbc php-pear php-xml php-xmlrpc
Total download size: 9.7 M
Is this ok [y/N]: y
Downloading Packages:
(1/21): php-pear-1.4.9-6. 100% |=========================| 344 kB 00:29
(2/21): php-mysql-5.1.6-2 100% |=========================| 86 kB 00:07
(3/21): php-xmlrpc-5.1.6- 100% |=========================| 57 kB 00:06
(4/21): php-ldap-5.1.6-27 100% |=========================| 37 kB 00:04
(5/21): php-xml-5.1.6-27. 100% |=========================| 96 kB 00:07
(6/21): libc-client-2004g 100% |=========================| 516 kB 00:28
(7/21): unixODBC-2.2.11-7 100% |=========================| 832 kB 00:43
(8/21): php-gd-5.1.6-27.e 100% |=========================| 117 kB 00:09
(9/21): php-5.1.6-27.el5. 100% |=========================| 2.3 MB 01:26
(10/21): libmcrypt-2.5.8- 100% |=========================| 116 kB 00:00
(11/21): php-devel-5.1.6- 100% |=========================| 503 kB 00:53
(12/21): php-mbstring-5.1 100% |=========================| 995 kB 01:07
(13/21): php-imap-5.1.6-2 100% |=========================| 54 kB 00:06
(14/21): automake-1.9.6-2 100% |=========================| 476 kB 00:27
(15/21): php-cli-5.1.6-27 100% |=========================| 2.1 MB 02:26
(16/21): php-odbc-5.1.6-2 100% |=========================| 53 kB 00:06
(17/21): php-mcrypt-5.1.6 100% |=========================| 16 kB 00:00
(18/21): imake-1.0.2-3.i3 100% |=========================| 319 kB 00:21
(19/21): php-common-5.1.6 100% |=========================| 152 kB 00:07
(20/21): php-pdo-5.1.6-27 100% |=========================| 65 kB 00:04
(21/21): autoconf-2.59-12 100% |=========================| 647 kB 00:29
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Updating : php-common #######################[1/25]
Installing: php-pdo ###################### [2/25]
Updating : php-cli ####################### [ 3/25]
Updating : php ####################### [ 4/25]
Installing: libc-client ####################### [ 5/25]
Installing: unixODBC ####################### [ 6/25]
Installing: libmcrypt ####################### [ 7/25]
Installing: imake ####################### [ 8/25]
Installing: autoconf ####################### [ 9/25]
Installing: automake ####################### [10/25]
Installing: php-devel ####################### [11/25]
Installing: php-mcrypt ####################### [12/25]
Installing: php-odbc ####################### [13/25]
Installing: php-imap ####################### [14/25]
Installing: php-mbstring ####################### [15/25]
Installing: php-gd ####################### [16/25]
Installing: php-xml ####################### [17/25]
Updating : php-ldap ####################### [18/25]
Installing: php-xmlrpc ####################### [19/25]
Installing: php-mysql ####################### [20/25]
Installing: php-pear ####################### [21/25]
Cleanup : php-common ####################### [22/25]
Cleanup : php-cli ####################### [23/25]
Cleanup : php ####################### [24/25]
Cleanup : php-ldap ####################### [25/25]
Installed: php-gd.i386 0:5.1.6-27.el5 php-imap.i386 0:5.1.6-27.el5 php-mbstring.i386 0:5.1.6-27.el5
php-mcrypt.i386 0:5.1.6-15.el5.centos.1 php-mysql.i386 0:5.1.6-27.el5 php-odbc.i386 0:5.1.6-27.el5
php-pear.noarch 1:1.4.9-6.el5 php-xml.i386 0:5.1.6-27.el5 php-xmlrpc.i386 0:5.1.6-27.el5
Dependency Installed: autoconf.noarch 0:2.59-12 automake.noarch 0:1.9.6-2.3.el5 imake.i386 0:1.0.2-3 libcclient.i386
0:2004g-2.2.1 libmcrypt.i386 0:2.5.8-4.el5.centos php-devel.i386 0:5.1.6-27.el5
php-pdo.i386 0:5.1.6-27.el5 unixODBC.i386 0:2.2.11-7.1
Updated: php.i386 0:5.1.6-27.el5 php-cli.i386 0:5.1.6-27.el5 php-common.i386 0:5.1.6-27.el5
php-ldap.i386 0:5.1.6-27.el5
Complete!
# /etc/rc.d/init.d/httpd restart
# nano /var/www/html/phpinfo.php
==> http://192.168.1.100/phpinfo.php
/usr/local/Zend/
---- > /usr/local/lib/Zend/
/etc/php.ini [Zend]
zend_extension_manager.optimizer=/usr/local/lib/Zend/lib/Optimizer-3.2.6
zend_extension_manager.optimizer_ts=/usr/local/lib/Zend/lib/Optimizer_TS-3.2.6 zend_optimizer.version=3.2.6
zend_extension=/usr/local/lib/Zend/lib/ZendExtensionManager.so
zend_extension_ts=/usr/local/lib/Zend/lib/ZendExtensionManager_TS.so
phpMyAdmin
# cd /tmp/temp/
# wget http://download1082.mediafire.com/dolv36ud144g/ws20473ro89bmvd/phpMyAdmin-2.11.11-all-languages.tar.gz
# tar -zxvf phpMyAdmin-2.11.11-all-languages.tar.gz
# mv phpMyAdmin-2.11.11-all-languages /var/www/html/phpmyadmin/
# cp /var/www/html/phpmyadmin/config.sample.inc.php /var/www/html/phpmyadmin/config.inc.php
# nano +17 /var/www/html/phpmyadmin/config.inc.php
//
$cfg['blowfish_secret'] = 'cookie'; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */
.
$cfg['Servers'][$i]['auth_type'] = 'http';
.
$cfg['Servers'][$i]['controluser'] = 'root';
$cfg['Servers'][$i]['controlpass'] = 'rootadmin';
.
$cfg['Servers'][$i]['pmadb'] = ' ';
User = root
Password = mysql
User = root
Password = mysql
phpsysinfo-2.5.4.tar.gz
# cd /tmp/temp/
# wget http://download505.mediafire.com/md19toevco4g/3jqwzvbtq2c63fj/phpsysinfo-2.5.4.tar.gz
# tar -zxvf phpsysinfo-2.5.4.tar.gz
# mv phpsysinfo /var/www/html/
# cp /var/www/html/phpsysinfo/config.php.new /var/www/html/phpsysinfo/config.php
Open web browser
http://ip-server/phpsysinfo/ ==> http://192.168.1.100/phpsysinfo/
net.ipv4.ip_forward = 0
net.ipv4.ip_forward = 1
Authentication 1.0
MySQL php-extension
# cd /tmp/temp/
# wget http://download401.mediafire.com/a827ff24e4fg/e8xcfmcnck0k8rg/phpwifi.tar
download http://www.linuxthai.org/forum/index.php?topic=19739.0
# tar -xvf phpwifi.tar
# mv phpwifi /var/www/html/
# chmod -R 755 /var/www/html/*
# chmod -R 777 /var/www/html/phpwifi/admin/upload/
# chmod -R 777 /var/www/html/phpwifi/admin/ThaiPDF/
# chown -R root:apache /var/www/html/*
# nano /etc/php.ini
memory_limit = 8M
register_globals = Off
register_long_arrays = Off
register_argc_argv = Off
post_max_size = 8M
;default_charset = "iso-8859-1"
upload_max_filesize = 8M
memory_limit = 128M
register_globals = On
register_long_arrays = On
register_argc_argv = On
post_max_size = 32M
default_charset = "utf-8,tis-620"
upload_max_filesize = 100M
# /etc/rc.d/init.d/httpd reload ---- > ..
portsproDB
phpmyadmin
http://IP-SERVER/phpmyadmin (http://192.168.1.100/phpmyadmin )
portsproDB
Brownse..
( )
()
table 14 table
command Line
# mysql -u root -prootadmin
mysql > create database portsproDB;
Query OK, 1 row affected (0.00 sec)
mysql > show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| portsproDB |
| test |
+--------------------+
4 rows in set (0.00 sec)
mysql > GRANT ALL PRIVILEGES ON portsproDB.* to 'root'@'localhost' IDENTIFIED BY
'rootadmin'; Query OK, 0 rows affected (0.00 sec)
mysql > FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)
mysql > exit
database schema ( table )
# mysql -uroot -prootadmin portsproDB < /var/www/html/phpwifi/admin/backupsql/portsproDB.sql
login Administrator
Config phpwifi MySQL
# nano /var/www/html/phpwifi/admin/include/config.inc.php
<?php
# configuration for database
$_config['database']['hostname'] = "localhost";
$_config['database']['username'] = "root";
$_config['database']['password'] = "rootadmin";
$_config['database']['database'] = "portsproDB";
# connect the database server
$link = new mysqldb();
$link->connect($_config['database']);
$link->selectdb($_config['database']['database']);
$link->query("SET NAMES 'utf8'");
@session_start();
?>
# User MySQL
# Passwd MySQL
# Database Authen
login Administrator
http://IP-SERVER/phpwifi/admin/ ---- > (http://192.168.1.100/phpwifi/admin/)
Defalut
User = admin
Passwd = padmin
URL Administrator
<IP-Server>/phpwifi/admin/index2.php
* Admin Redirect Username Password
MySQL + FreeRadius
/etc/raddb/radiusd.conf
FreeRadius /etc/shadow
User-Name, Pass-Word, Group Server
# nano +109 /etc/raddb/radiusd.conf
user = radiusd
group = radiusd
( +109 109 )
#user = radiusd
#group = radiusd
# nano +35 /etc/raddb/clients.conf
client 127.0.0.1 {
#
# The shared secret use to "encrypt" and "sign" packets between
# the NAS and FreeRADIUS. You MUST change this secret from the # default, otherwise it's not a secret any more!
#
# The secret can be any string, up to 31 characters in length.
#
secret = testing123
secret = testing123
# /etc/rc.d/init.d/radiusd start
OR
# /usr/sbin/radiusd start &
Starting RADIUS server: Wed Sep 29 10:38:02 2010 : Info: Starting - reading configuration files ... [ OK ]
[1]+ Done /usr/sbin/radiusd start
# chkconfig radiusd on
freeradius
server = "localhost"
login = "root"
password = "rootpass"
# Database table configuration
radius_db = "radius"
server = "localhost"
login = "root"
==> Username MySQL
password = "rootadmin"
==> Password MySQL
# Database table configuration
radius_db = "portsproDB"
radius fix
# nano +1248 /etc/raddb/radiusd.conf
# $INCLUDE ${confdir}/sql.conf
$INCLUDE ${confdir}/sql.conf
# files
# sql
# sql
sql
# sql
Sql
sqlcounter noresetcounter{
counter-name = Max-All-Session-Time
check-name = Max-All-Session
sqlmod-inst = sql
key = User-Name
reset = never
query= "SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='%{%k}'"
}
noresetcounter
dailycounter
monthlycounter
#
authorize {
authorize {
# Add insert function Login PopUp
noresetcounter
dailycounter
monthlycounter
#
# /etc/rc.d/init.d/radiusd stop
Stopping RADIUS server:
[ OK ]
# chmod -R 755 /etc/raddb/*
# chown -R root:apache /etc/raddb/*
sqlcounter dailycounter {
.................
}
Error!
Authen !
# /usr/sbin/radiusd -x
Starting - reading configuration files ...
Using deprecated naslist file. Support for this will go away soon. Module: Loaded exec
rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
Module: Instantiated mschap (mschap)
Module: Loaded System
Module: Instantiated unix (unix)
Module: Loaded eap
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
rlm_eap: Loaded and initialized type gtc
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded SQL Counter
Module: Instantiated sqlcounter (noresetcounter)
Module: Instantiated sqlcounter (dailycounter)
Module: Instantiated sqlcounter (monthlycounter)
Module: Loaded preprocess
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
Module: Instantiated realm (suffix)
Module: Loaded files
Module: Instantiated files (files)
Module: Loaded SQL
rlm_sql (sql): Driver
rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
rlm_sql (sql): Attempting to connect to root@localhost:/portspro_db
rlm_sql (sql): starting 0
rlm_sql (sql): Attempting to connect rlm_sql_mysql #0
rlm_sql_mysql: Starting connect to MySQL server for #0
rlm_sql (sql): Connected new DB handle, #0
rlm_sql (sql): starting 1
rlm_sql (sql): Attempting to connect rlm_sql_mysql #1
rlm_sql_mysql: Starting connect to MySQL server for #1
rlm_sql (sql): Connected new DB handle, #1
rlm_sql (sql): starting 2
rlm_sql (sql): Attempting to connect rlm_sql_mysql #2
rlm_sql_mysql: Starting connect to MySQL server for #2
rlm_sql (sql): Connected new DB handle, #2
rlm_sql (sql): starting 3
rlm_sql (sql): Attempting to connect rlm_sql_mysql #3
rlm_sql_mysql: Starting connect to MySQL server for #3
rlm_sql (sql): Connected new DB handle, #3
rlm_sql (sql): starting 4
rlm_sql (sql): Attempting to connect rlm_sql_mysql #4
rlm_sql_mysql: Starting connect to MySQL server for #4
rlm_sql (sql): Connected new DB handle, #4
Module: Instantiated sql (sql)
Module: Loaded Acct-Unique-Session-Id
Module: Instantiated acct_unique (acct_unique)
Module: Loaded detail
Module: Instantiated detail (detail)
Module: Loaded radutmp
Module: Instantiated radutmp (radutmp)
Initializing the thread pool...
Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.
Free Radiusd MySQL
[ Ctr + C ]
# /etc/rc.d/init.d/radiusd start
Starting RADIUS server: Thu Mar 3 06:48:08 2011 : Info: Starting - reading
configuration files ...
[OK]
user mysql
user passwd user radiusd sql Authentication 1.0
Perform Test
Apache ,PHP ,MySQL-Server ,Freeradius
==> ChilliSpot
#interval 3600
#pidfile /var/run/chilli.pid
interval 3600
pidfile /var/run/chilli.pid
#confusername conf
#confpassword secret
confusername conf
confpassword secret
#net 192.168.182.0/24
net 10.0.0.0/24
#dynip 192.168.182.0/24
dynip 10.0.0.11/24
#dns1 172.16.0.5
#dns2 172.16.0.5
#domain key.chillispot.org
dns1 192.168.1.100
dns2 192.168.1.1
domain localhost
#radiuslisten 127.0.0.1
radiuslisten 127.0.0.1
# nano +113 /etc/chilli.conf
radiusserver1 rad01.chillispot.org
radiusserver2 rad02.chillispot.org
radiusserver1 127.0.0.1
radiusserver2 127.0.0.1
# nano +139 /etc/chilli.conf
#radiussecret testing123
# lease 600
lease 600
uamserver https://radius.chillispot.org/hotspotlogin
uamserver http://10.0.0.1/phpwifi/hotspotlogin.php
#uamsecret ht2eb8ej6s4et3rg1ulp
#uamlisten 192.168.182.1
#uamport 3990
uamsecret ht2eb8ej6s4et3rg1ulp
( hotspotlogin.php)
uamlisten 10.0.0.1
uamport 3990
coaport 3779
lan card ip
# nano /etc/sysconfig/network-scripts/ifcfg-eth1
# Intel Corporation 82557/8/9/0/1 Ethernet Pro 100 DEVICE=eth1
HWADDR=00:06:29:89:E5:9C
ONBOOT=yes
BOOTPROTO=none
# /etc/init.d/network restart
Shutting down interface eth0:
Shutting down interface eth1:
Shutting down loopback interface:
Disabling IPv4 packet forwarding: net.ipv4.ip_forward = 0
Bringing up loopback interface:
Bringing up interface eth0:
Bringing up interface eth1:
[OK]
[OK]
[OK]
[OK]
[OK]
[OK]
[OK]
# cp /usr/share/doc/chillispot-1.1.0/firewall.iptables /etc/
# nano +19 /etc/firewall.iptables
IPTABLES="/sbin/iptables"
EXTIF="eth0"
INTIF="eth1"
#Allow releated, established and ssh on $EXTIF. Reject everything else.
$IPTABLES -A INPUT -i $EXTIF -p tcp -m tcp --dport 22 --syn -j ACCEPT
IPTABLES="/sbin/iptables"
EXTIF="eth0"
INTIF="eth1"
port
tcp web
#Allow releated, established and ssh on $EXTIF. Reject everything else.
$IPTABLES -A INPUT -i $EXTIF -p tcp -m tcp --dport 20 --syn -j ACCEPT
$IPTABLES -A INPUT -i $EXTIF -p tcp -m tcp --dport 21 --syn -j ACCEPT
$IPTABLES -A INPUT -i $EXTIF -p tcp -m tcp --dport 22 --syn -j ACCEPT
$IPTABLES -A INPUT -i $EXTIF -p tcp -m tcp --dport 80 --syn -j ACCEPT
$IPTABLES -A INPUT -i $EXTIF -p tcp -m tcp --dport 443 --syn -j ACCEPT
$IPTABLES -A INPUT -i $EXTIF -p tcp -m tcp --dport 3990 --syn -j ACCEPT
$IPTABLES -A INPUT -i $EXTIF -p tcp -m tcp --dport 10000 --syn -j ACCEPT
$IPTABLES -A INPUT -i $EXTIF -j REJECT
#Forward port $EXTIF
$IPTABLES -A FORWARD -i $EXTIF -j ACCEPT
$IPTABLES -A FORWARD -o $EXTIF -j ACCEPT
EXTIF="eth0"
ADSL Modem Router
INTIF="eth1"
login
# /etc/rc.d/init.d/chilli start
Starting chilli: [ OK ]
# chkconfig chilli on
# ps -ef |grep chilli
root 18655 1 0 21:54 ? 00:00:00 /usr/sbin/chilli
root 18668 17414 0 21:55 pts/3 00:00:00 grep chilli
/etc/firewall.iptables
#!/bin/sh
#
# Firewall script for ChilliSpot
# A Wireless LAN Access Point Controller
#
# Uses $EXTIF (eth0) as the external interface (Internet or intranet) and
# $INTIF (eth1) as the internal interface (access points).
#
# * NAT is enabled on the external interface.
IPTABLES="/sbin/iptables"
EXTIF="eth0"
INTIF="eth1"
#Flush all rules
$IPTABLES -F
$IPTABLES -F -t nat
$IPTABLES -F -t mangle
#Set default behaviour
$IPTABLES -P INPUT DROP
$IPTABLES -P FORWARD ACCEPT
$IPTABLES -P OUTPUT ACCEPT
#Allow related and established on all interfaces (input)
$IPTABLES -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
#Allow releated, established and ssh on $EXTIF. Reject everything else.
$ IPTABLES -A INPUT -i $EXTIF -p tcp -m tcp --dport 20 --syn -j ACCEPT
$IPTABLES -A INPUT -i $EXTIF -p tcp -m tcp --dport 21 --syn -j ACCEPT
$IPTABLES -A INPUT -i $EXTIF -p tcp -m tcp --dport 22 --syn -j ACCEPT
$IPTABLES -A INPUT -i $EXTIF -p tcp -m tcp --dport 80 --syn -j ACCEPT
$IPTABLES -A INPUT -i $EXTIF -p tcp -m tcp --dport 443 --syn -j ACCEPT
$IPTABLES -A INPUT -i $EXTIF -p tcp -m tcp --dport 3990 --syn -j ACCEPT
$IPTABLES -A INPUT -i $EXTIF -p tcp -m tcp --dport 10000 --syn -j ACCEPT
$IPTABLES -A INPUT -i $EXTIF -j REJECT
#Forward port $EXTIF
$IPTABLES -A FORWARD -i $EXTIF -j ACCEPT
$IPTABLES -A FORWARD -o $EXTIF -j ACCEPT
#Allow related and established from
$INTIF. Drop everything else.
$IPTABLES -A INPUT -i $INTIF -j DROP
#Allow http and https on other interfaces (input).
#This is only needed if authentication server is on same server as chilli
$IPTABLES -A INPUT -p tcp -m tcp --dport 22 --syn -j ACCEPT
# nano /etc/rc.local
/etc/init.d/sshd restart
# shutdown -r now
IP Address chillispot logfile
# tail -f /var/log/messages
* ip chillispot dhcpd
* ip chillispot dhcpd
Oct 6 07:21:48 localhost smartd[5688]: Monitoring 1 ATA and 0 SCSI devices
Oct 6 07:21:48 localhost smartd[5690]: smartd has fork()ed into background mode. New PID=5690.
Oct 6 07:24:00 localhost chillispot[5566]: chilli.c: 3759: Successful UAM login from username=test IP=10.0.0.13
Oct 6 07:24:19 localhost chillispot[5566]: chilli.c: 3823: Received UAM logoff from username=test IP=10.0.0.13
Oct 6 07:24:21 localhost chillispot[5566]: chilli.c: 3823: Received UAM logoff from username=test IP= 10.0.0.13
Oct 6 07:26:15 localhost chillispot[5566]: chilli.c: 3759: Successful UAM login from username=test IP=10.0.0.13
Oct 6 07:26:30 localhost chillispot[5566]: chilli.c: 3823: Received UAM logoff from username=test IP=10.0.0.13
Oct 6 07:26:52 localhost chillispot[5566]: chilli.c: 3759: Successful UAM login from username=test IP=10.0.0.13
Oct 6 08:21:44 localhost chillispot[5566]: chilli.c: 1086: Rereading configuration file and doing DNS lookup
Oct 6 08:29:58 localhost init: Trying to re-exec init
ip
# ifconfig
Eth0 Link encap:Ethernet HWaddr E0:CB:4E:C3:0C:6D
inet addr:192.168.1.100 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::e2cb:4eff:fec3:c6d/64
Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:51720 errors:0 dropped:2874486993 overruns:0 frame:0 TX packets:32891 errors:0 dropped:0
overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:64781574 (61.7 MiB) TX bytes:3079053 (2.9 MiB) Interrupt:177 Base address:0x2000
Eth1 Link encap:Ethernet HWaddr 00:06:29:89:E5:9C active inet6 addr:
fe80::206:29ff:fe89:e59c/64 Scope:Link
UP BROADCAST RUNNING MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:180 (180.0 b)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:101 errors:0 dropped:0 overruns:0 frame:0 TX packets:101 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:8470 (8.2 KiB) TX bytes:8470 (8.2 KiB)
# tun0 eth1 2
<?php
Open web browser
Logout Users
User Gateway Server URL WebBrowser Users
Logout
kick
users online
[* kill * ]
*
User
0000-00-00 ()
Login
2050-01-01 ( )
# php /var/www/html/phpwifi/admin/del_user_remain.php
Failed loading /usr/local/lib/ioncube/ioncube_loader_lin_ 5.0.so:
undefined symbol: _zval_copy_ctor
/usr/local/lib/ioncube/ioncube_loader_lin_ 5.0.so:
# shutdown -r now
* + Administrator
Admin Password
Administrator
Users ...
* Users Password
Updating:
squid i386 7:2.6.STABLE21-6.el5 base 1.3 M Transaction Summary
Install 0 Package(s)
Update 1 Package(s)
Remove 0 Package(s)
Total download size: 1.3 M
Is this ok [y/N]: y
Downloading Packages:
(1/1): squid-2.6.STABLE21 100% |=========================| 1.3 MB
00:03
Running rpm_check_debug
Running Transaction
Test Finished Transaction
Test Transaction
Test Succeeded
Running Transaction
Updating : squid ######################### [1/2]
Cleanup : squid ######################### [2/2]
Updated: squid.i386 7:2.6.STABLE21-6.el5
Complete!
#cd /etc/squid/
# nano squid.conf
maximum_object_size_in_memory 1 MB
# nano +23 squid.conf
***
2
Authen tun0 eth1 -> 10.0.0.1
DHCP IP Authen eth2 -> 10.10.10.1 Ip subnet
Class Class
acl webconfig_lan src 10.0.0.0/24
10.10.10.0/24
acl webconfig_to_lan dst 10.0.0.0/24
10.10.10.0/24
ip 10.10.10.0/24
firewall.iptable
3 start dhcp service 3
#Allow related and established from $INTIF. Drop everything else.
$IPTABLES -A INPUT -i $eth2 -j DROP
# Drop everything to and from $eth2 (forward)
# This means that access points can only be managed from ChilliSpot
$IPTABLES -A FORWARD -i $eth2 -j DROP
$IPTABLES -A FORWARD -o $eth2 -j DROP
## Squid Proxy Allow transparent
$IPTABLES -t nat -A PREROUTING
$IPTABLES -t nat -A PREROUTING
$IPTABLES -t nat -A PREROUTING
$IPTABLES -t nat -A PREROUTING
$IPTABLES -t nat -A PREROUTING
$IPTABLES -t nat -A PREROUTING
tcp
tcp
tcp
tcp
tcp
tcp
ifconfig 2
eth0 Link encap:Ethernet
HWaddr 00:E0:4C:00:21:31
Mask:255.255.255.0
HWaddr 00:02:A5:BB:15:49
HWaddr 00:12:F0:06:8A:54
Mask:255.0.0.0
Mask:255.255.255.0
# cd /etc/squid/
# nano +123 squid.conf
>>>File Block Ports
# mkdir /etc/squid/traffic
# touch /etc/squid/traffic/fdownload_files.txt
# touch /etc/squid/traffic/flocalnet.txt
# touch /etc/squid/traffic/funlimit_bandwidth.txt
# touch /etc/squid/traffic/fupdate_files.txt
# mkdir /etc/squid/phpwifi
# touch /etc/squid/phpwifi/blocktmac_time.txt
# touch /etc/squid/phpwifi/blocktime_ipmac.txt
# touch /etc/squid/phpwifi/blockweb_group.txt
# touch /etc/squid/phpwifi/blockweb_ipmac.txt
...
# cd /etc/squid/
# echo "http://www.sex.com" > blockx.txt
# echo "\.Torrent" > files.txt
# echo "\.mp3" >> files.txt
# echo "10.0.0.0/24" > fblockhackLAN.txt
# echo "127.0.0.1" > fblockhackHOST.txt
# echo "442" > blockportsSSL.txt
# echo "15-79" > blockports.txt
# echo "82" >> blockports.txt
# echo "10.0.0.19-10.0.0.55" > blockip.txt
# echo "10.0.0.199" >> blockip.txt
# echo "00:01:03:44:A3:09" > blockmac.txt
# echo "11:00-12:00" > blocktime.txt
# echo "www.msn.com" > blocktime_url.txt
# echo "09:00-11:40" > blocktime_gip.txt
# echo "10.0.0.25-10.0.0.29" > blocktime_groupip.txt
# echo "\.zip" > blockfiles.txt
# echo "10.0.0.11-10.0.0.199" > blockfiles_groupip.txt
# echo "\.exe" > traffic/fdownload_files.txt
# echo "\.rar" >> traffic/fdownload_files.txt
# echo "localhost" > traffic/flocalnet.txt
# echo "127.0.0.1/8" >> traffic/flocalnet.txt
# echo "07:00-18:00" > traffic/funlimit_bandwidth.txt
# echo "\.com" > traffic/fupdate_files.txt
# echo "\.msi" >> traffic/fupdate_files.txt
# echo "\.exe" >> traffic/fupdate_files.txt
# echo "07:00-18:00" > phpwifi/blocktmac_time.txt
# echo "10.0.0.254" > phpwifi/blocktime_ipmac.txt
# echo "http://www.xxx.com" > phpwifi/blockweb_group.txt
# echo "10.0.0.254" > phpwifi/blockweb_ipmac.txt
# touch clearsq.sh
# chmod 4755 clearsq.sh
# ls -l clearsq.sh
-rwsr-xr-x 1 root root 775 Mar 20 16:20 clearsq.sh
# nano clearsq.sh
#!/bin/sh
#
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don't
# want to do the full Sys V style init stuff.
rm -rf /var/log/squid/access.log
rm -rf /var/log/squid/cache_access.log
rm -rf /var/log/squid/cache.log
rm -rf /var/log/squid/store.log
#rm -rf /var/log/squid/swap.log
touch /var/log/squid/access.log
touch /var/log/squid/cache_access.log
touch /var/log/squid/cache.log
touch /var/log/squid/store.log
#touch /var/log/squid/swap.log
chown squid:squid /var/log/squid/*
chmod 755 /var/log/squid/access.log
chmod 755 /var/log/squid/cache_access.log
chmod 755 /var/log/squid/cache.log
chmod 755 /var/log/squid/store.log
#chmod 755 /var/log/squid/swap.log
/etc/rc.d/init.d/squid reload
0 0 * * * /etc/squid/clearsq.sh
crontab run-time
# crontab -e
0 0 * * * /etc/squid/clearsq.sh
[ OK ]
# chkconfig squid on
# ps -ef|grep squid
root 12946 1 0 06:53 ? 00:00:00 squid -D
squid 12948 12946 0 06:53 ? 00:00:00 (squid) -D
squid 12949 12948 0 06:53 ? 00:00:00 (unlinkd)
root 13119 7255 0 07:06 pts/2 00:00:00 grep squid
# /etc/rc.d/init.d/crond restart
Stopping crond:
Starting crond:
[ OK ]
[ OK ]
phpwifisquidproxy.php
admin BlockTimeGroupUsers
save!
Confirm !
sourcecode
Terminal php
# php /var/www/html/phpwifi/admin/phpwifisquidproxy.php
terminal
----- PHPwifi 1.0 >> phpwifisquidproxy.php ?Process Users Success! ---- ... ..
*
PHP Notice: Trying to get property of non-object in /var/www/html/phpwifi/admin/phpwifisquidproxy.php on line 47
2011/04/26 23:54:43| aclParseAclLine: WARNING: empty ACL: acl webgroupusersip src
"/etc/squid/phpwifi/blockweb_ipmac.txt"
----- PHPwifi 1.0 >> phpwifisquidproxy.php ?Process Users Success! -----[root@wifi ~]#
non-object
SQL Users Users
ipaddr
----- PHPwifi 1.0 >> phpwifisquidproxy.php ?Process Users Success! -----[root@wifi ~]#
BlockTime BlockWEB ..
Timer Runtime
# crontab -e
Esc
:wq!
admin
IPaddress
.. IP
*
... Refresh
Shell Script 1
Users
Users .. IP
+
list
* logout
....[ OK ]
URL www.sex.com
web
Squid
Message
download
download \.mp3
URL
http://www.4shared.com/get/QwmunnRs/0052-__-__.html
web
Chillispot
* ProcessID + Chillispot Balance Proxy Server
# nano +173 /etc/chilli.conf
+ #
proxylisten 10.0.0.1
-> 10.0.0.1 gateway
# nano +180 /etc/chilli.conf
+ #
proxyport 3128
-> port squid proxy
# nano +185 /etc/chilli.conf
+ #
proxyclient 10.0.0.0/24
-> IPsubnet
# nano +191 /etc/chilli.conf
+ #
proxysecret testing123
-> secret = testing123 /etc/raddb/clients.conf
restart service chilli
# /etc/rc.d/init.d/chilli restart
Error!.......
*
output Webmin 2
Apache service apache
ssl https:// Port 443
mod_ssl default http
User admin passwd Server
webmin apache
# rpm -Uvh webmin-1.520-1.noarch.rpm
warning: webmin-1.520-1.noarch.rpm: Header V3 DSA signature: NOKEY, key ID
11f63c51 Preparing... ################################# [100%]
Operating system is CentOS Linux 1:webmin
################################# [100%] Webmin install complete.
You can now login to http://localhost:10000/ as root with your root password.
------------------------------User = admin
Password = password root server
https//localhost:10000 PHPwifi HTTPS
Apache SSL Remove webmin Install HTTPS
* Webmin HTTP
HTTP HTTPS
( HTTPS Apache port 443 SSL
HTTPS Apache )
* Config Command line
Terminal
# nano +11 /etc/webmin/miniserv.conf
ssl=0
ssl=1
# /etc/rc.d/init.d/webmin restart
Stopping Webmin server in /usr/libexec/webmin
Starting Webmin server in /usr/libexec/webmin
Pre-loaded WebminCore
Webmin
Save
referers_none=1
referers_none=0
# /etc/rc.d/init.d/webmin restart
Stopping Webmin server in /usr/libexec/webmin
Starting Webmin server in /usr/libexec/webmin
Pre-loaded WebminCore
URL www.google.co.th
* www.google.co.th
www.google.co.th
* Squid proxy
path
# cd /etc/squid/errors/
# ls -l
* Web page Squid Proxy
ERR_DNS_FAIL
# nano /etc/squid/errors/ERR_DNS_FAIL
+ Squid proxy
* 2
squid proxy
... !
Squid proxy server
Start Stop Service Squid Proxy
Module Index
Start Squid
Index
...
Lightsquid Users
# cd /tmp/temp
# wget http://download1080.mediafire.com/ptub9upmr0sg/8qd5ez9a3l56qzg/perl-GD-2.30-2.2.el5.rf.i386.rpm
# rpm -Uvh perl-GD-2.30-2.2.el5.rf.i386.rpm
Preparing... ################################ [100%]
1: perl-GD ################################ [100%]
# wget http://download1074.mediafire.com/q48l393kjegg/ity6682g4gpn3vo/lightsquid.tar
# tar -xvf lightsquid.tar
# rm -rf /var/www/html/phpwifi/admin/lightsquid
# mv lightsquid /var/www/html/phpwifi/admin/
# chown -R root:apache /var/www/html/
# nano +570 /etc/httpd/conf/httpd.conf
<Directory "/var/www/cgi-bin">
<Directory "/var/www/html/phpwifi/admin/">
AllowOverride All
Options None
Order allow,deny
Allow from all
</Directory>
# /etc/rc.d/init.d/httpd restart
# cd /var/www/html/phpwifi/admin/lightsquid/
# chmod +x *.cgi
# chmod +x *.pl
apache
# ./check-setup.pl
LightSquid Config Checker, (c) 2005-9 Sergey Erokhin GNU GPL
WARNING:Log format Look like CUSTOM log, Lightsquid can't parse this format! Please check documentation !
Invalid access.log format or can't check format type ...
Warning lightsquid
log file Harddisk lightsquid
# ./lightparser.pl &
[1] 13582
# nano /etc/rc.local
/var/www/html/phpwifi/admin/lightsquid/check-setup.pl start
/var/www/html/phpwifi/admin/lightsquid/lightparser.pl start
refresh 55
# crontab -e
Editor vi
Insert I
copy
*/55 * * * * /var/www/html/phpwifi/admin/lightsquid/lightparser.pl today
Esc
Shift : w q ! -
:wq!
Enter !
# nano /etc/crontab
[ OK ]
[ OK ]
SquidGuard
# cd /tmp/temp/
# wget http://download680.mediafire.com/ba3ugrnggghg/it0qhuqiilnpkpc/squidguard-1.2.0-2.2.el5.rf.i386.rpm
# rpm -Uvh squidguard-1.2.0-2.2.el5.rf.i386.rpm
warning: squidguard-1.2.0-2.2.el5.rf.i386.rpm: Header V3 DSA signature: NOKEY, key ID 6b8d79e6
Preparing... ################################### [100%]
1:squidguard #################################### [100%]
# cd /etc/squid/
# ls -l squidguard.conf
squidguard.conf squidguard Squid
-rw-r--r-- 1 root root 1275 Mar 23 21:33 squidguard.conf
# nano +228 squid.conf
#
#redirect_program /usr/bin/squidGuard
#redirect_children 5
redirect_program /usr/bin/squidGuard
redirect_children 5
# mkdir /var/log/squidguard/db
# mkdir /var/log/squidguard/log
ip
1.2.3.4 1.2.3.5
ip
127.0.0.1
# nano +39 squidguard.conf
ip
172.16.2.32-172.16.2.100 172.16.2.100 172.16.2.200
ip
10.0.0.1
# nano +44 squidguard.conf
ip
172.16.4.0/26
ip
10.0.0.0/24
# /etc/rc.d/init.d/squid restart
Stopping squid: ....
Starting squid: .
[ OK ]
[ OK ]
MAC Allow 2
1
mac address
2
1 2 users
no! service! Capture
function Cap
register portsproDB 1 15 table
Register 2 package
Squid Proxy Server
squid proxy
script
PHPwifi
firewall.iptable
samba
< >
2