Professional Documents
Culture Documents
Chillispot p6
Chillispot p6
Page 1 of 8
wiboon.w@psu.ac.th
http://www.opensource.psu.ac.th
chillispot http://www.chillispot.info
1 16-01-2550 :
2 23-01-2550 :
3 24-01-2550 :
4 10-07-2550 :
5 29-11-2550 :
apache
Linux server Wireless LAN Access Point Controller chillispot web login
Wireless LAN Controller Chillispot web login + freeradius + mysql + transparent proxy
eth0
1
ip dhcp server
eth1
2
ip chillispot server
ip chillispot server
ip chillispot server
chillispot server 1
- fedora core 6
2.2.6)
- chillispot 1.1.0 (rpm)
1.
Package selection Software Development
2.
SeLinux
enforcing disabled
user account
chilli password abcd1234
copy paste
text mode
startx
terminal
http://mamboeasy.psu.ac.th/~wiboon.w/index2.php?option=com_content&task=view&... 18/2/2553
1.
Page 2 of 8
update
rm -rf /var/cache/yum/*
2.
/usr/sbin/ntpdate -u <
>
/usr/sbin/ntpdate -u pool.ntp.org
/etc/rc.local
gedit /etc/rc.local
/usr/sbin/ntpdate -u pool.ntp.org
gedit
/etc/cron.daily/ntp.cron
gedit /etc/cron.daily/ntp.cron
#!/bin/sh
/usr/sbin/ntpdate -u pool.ntp.org
3.
SeLinux
/etc/selinux/config
gedit /etc/selinux/config
enforcing disabled
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced. (default)
# permissive - SELinux prints warnings instead of enforcing.
# disabled - SELinux is fully disabled.
SELINUX=disabled
# SELINUXTYPE= type of policy in use. Possible values are:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
SELINUXTYPE=targeted
. update packages
2
yum check-update
yum update
. update packages Yum
1.
update server
repository server
directory /etc/yum.repos.d
yum
server
rm -f /etc/yum.repos.d/*
3
repository server ftp.psu.ac.th
/etc/yum.repos.d/psu-fedora.repo
[base]
http://mamboeasy.psu.ac.th/~wiboon.w/index2.php?option=com_content&task=view&... 18/2/2553
Page 3 of 8
1.
httpd
yum install httpd
yum install httpd-manual
yum install mod_ssl
2.
chkconfig httpd on
3.
4.
1.
freeradius
yum install freeradius
2.
chkconfig radiusd on
3.
4.
/var/log/radius/radius.log error
/etc/raddb/radiusd.conf
http://mamboeasy.psu.ac.th/~wiboon.w/index2.php?option=com_content&task=view&... 18/2/2553
Page 4 of 8
/etc/raddb/clients.conf
IP radius
5.
(
chilli
abcd1234
) username
adduser chilli
passwd chilli
Changing password for user chilli.
New UNIX password:
BAD PASSWORD: it is too simplistic/systematic
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
6.
radiusd
/etc/shadow
7.
/etc/shadow
/etc/raddb/radiusd.conf
gedit /etc/raddb/radiusd.conf
comment
user = radiusd
group = radiusd
#user = radiusd
#group = radiusd
restart radiusd
service radiusd restart
8.
9.
secret
mytestkey
/etc/raddb/clients.conf freeradius
client 127.0.0.1 {
...
35 secret = testing123
secret = mytestkey
...
}
restart radiusd
dhcp server
service dhcpd stop
chkconfig dhcpd off
http://mamboeasy.psu.ac.th/~wiboon.w/index2.php?option=com_content&task=view&... 18/2/2553
2.
/etc/sysctl.conf
7 net.ipv4.ip_forward = 0
net.ipv4.ip_forward = 1
3.
forward packet
4.
/etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE=eth1
ONBOOT=yes
Page 5 of 8
BOOTPROTO=none
5.
chillispot
browser
ftp://ftp.psu.ac.th/pub/chillispot/chillispot-1.1.0.i386.rpm
wget
wget ftp://ftp.psu.ac.th/pub/chillispot/chillispot-1.1.0.i386.rpm
package rpm
rpm -Uvh chillispot-1.1.0.i386.rpm
6.
/etc/chilli.conf
/var/www/cgi-bin/hotspotlogin.cgi
/var/www/html/welcome.html
/etc/firewall.iptables
7.
/etc/chilli.conf
[ TUN parameters]
38 net 192.168.182.0/24
net 10.0.1.0/24
[ Radius parameters]
113 radiusserver1 rad01.chillispot.org
radiusserver1 127.0.0.1
120 radiusserver2 rad02.chillispot.org
radiusserver2 127.0.0.1
139 #radiussecret testing123
radiussecret mytestkey
( radius secret /etc/raddb/clients.conf freeradius)
[ Universal access method (UAM) parameters]
237 #uamserver https://radius.chillispot.org/hotspotlogin
uamserver https://10.0.1.1/cgi-bin/hotspotlogin.cgi
244 #uamhomepage http://192.168.182.1/welcome.html
uamhomepage http://10.0.1.1/welcome.html
248 #uamsecret ht2eb8ej6s4et3rg1ulp
# uamsecret ht2eb8ej6s4et3rg1ulp
(
hotspotlogin.cgi )
8.
firewall.iptables
cp /usr/share/doc/chillispot-1.1.0/firewall.iptables /etc
http://mamboeasy.psu.ac.th/~wiboon.w/index2.php?option=com_content&task=view&... 18/2/2553
9.
10.
Page 6 of 8
hotspotlogin.cgi
cp /usr/share/doc/chillispot-1.1.0/hotspotlogin.cgi /var/www/cgi-bin/
/var/www/cgi-bin/hotspotlogin.cgi
27 #$uamsecret = "ht2eb8ej6s4et3rg1ulp";
# $uamsecret = "ht2eb8ej6s4et3rg1ulp";
31 #$userpassword=1;
# $userpassword=1;
11.
/var/www/html/welcome.html
<html>
<head>
<title>Welcome to Our Hotspot, Wireless Network.</title>
</head>
<body>
<center>
<H1><font color="red">TESTING ONLY</font></H1>
<img src="chillispot.png">
<H3><font color="blue">Welcome to Our Hotspot, Wireless Network.</font></H3>
<p>You are connected to an authentication and restricted network access point.
<H3><a href="http://10.0.1.1:3990/prelogin">Click here to login</a></H3>
<p>
<p>Enjoy.
</center>
</body>
</html>
/var/www/html
chillispot.png
wget http://mamboeasy.psu.ac.th/~wiboon.w/images/stories/chillispot/chillispot.png
cp chillispot.png /var/www/html
12.
chillispot /
factory defaults dhcp ip chillispot
ip ESSID
13.
firewall.iptables
sh /etc/firewall.iptables
14.
chillispot
service chilli start
Starting chilli:
15.
[ OK ]
chiilispot
tun0 IP 10.0.1.1
eth1
IP eth0 IP
ifconfig
eth0
Link encap:Ethernet HWaddr 00:04:E2:24:DE:32
inet addr:192.168.2.52 Bcast:192.168.2.255 Mask:255.255.255.0
inet6 addr: fe80::204:e2ff:fe24:de32/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:847253 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:89766 dropped:0 overruns:0 carrier:169976
collisions:0 txqueuelen:1000
RX bytes:495145717 (472.2 MiB) TX bytes:0 (0.0 b)
Interrupt:11 Base address:0x8000
eth1
Link encap:Ethernet HWaddr 00:50:04:B8:6A:4A
inet6 addr: fe80::250:4ff:feb8:6a4a/64 Scope:Link
UP BROADCAST RUNNING MTU:1500 Metric:1
RX packets:381 errors:0 dropped:0 overruns:0 frame:0
http://mamboeasy.psu.ac.th/~wiboon.w/index2.php?option=com_content&task=view&... 18/2/2553
Page 7 of 8
lo
collisions:0 txqueuelen:0
RX bytes:23879 (23.3 KiB) TX bytes:23879 (23.3 KiB)
tun0
Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.0.1.1 P-t-P:10.0.1.1 Mask:255.255.255.0
UP POINTOPOINT RUNNING MTU:1500 Metric:1
RX packets:319 errors:0 dropped:0 overruns:0 frame:0
TX packets:369 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:33964 (33.1 KiB) TX bytes:175949 (171.8 KiB)
16.
Mac address
chillispot
IP Address chillispot
tail -f /var/log/messages
Jan 24 11:12:38 localhost chillispot[12822]: ChilliSpot 1.1.0. Copyright 2002-2005 Mondru AB. Licensed under GPL.
See http://www.chillispot.org for credits.
Jan 24 11:12:38 localhost kernel: ADDRCONF(NETDEV_CHANGE): tun0: link becomes ready
Jan 24 11:12:38 localhost kernel: eth1: setting full-duplex.
Jan 24 11:12:47 localhost chillispot[12822]: chilli.c: 3509: New DHCP request from MAC=00-0D-ED-56-13-96
Jan 24 11:12:47 localhost chillispot[12822]: chilli.c: 3479: Client MAC=00-0D-ED-56-13-96 assigned IP 10.0.1.2
Jan 24 11:14:42 localhost chillispot[12822]: chilli.c: 3509: New DHCP request from MAC=00-13-02-69-41-FA
Jan 24 11:14:42 localhost chillispot[12822]: chilli.c: 3479: Client MAC=00-13-02-69-41-FA assigned IP 10.0.1.3
Jan 24 11:15:12 localhost chillispot[12822]: chilli.c: 3759: Successful UAM login from username=chilli IP=10.0.1.3
10.0.1.2 IP 10.0.1.3 IP
17.
WIFI
redirect welcome.html
username password
login logged in
logout
1.
/etc/rc.local
firewall.iptables chilli
sh /etc/firewall.iptables
service chilli start
2.
http://mamboeasy.psu.ac.th/~wiboon.w/index2.php?option=com_content&task=view&... 18/2/2553
3.
Page 8 of 8
Close Window
http://mamboeasy.psu.ac.th/~wiboon.w/index2.php?option=com_content&task=view&... 18/2/2553