OpenWRT: Setup Chillispot

From mUTU
Jump to: navigation, search

Hi guys I'm new on this world, I'm not a guru, I'm starting with ervery this of embed linux and linux, so take care, I did install the chilli without problems, but remember, I don't have enough knowledge.

Ok I did this.... first time edit /etc/config/network and modify the vlan configuration here is mi file


#### VLAN configuration 
config switch eth0
    option vlan0    "1 2 3 5*"
    option vlan1    "4 5"
    option vlan2    "0 5"

#### Loopback configuration
config interface loopback
    option ifname    "lo"
    option proto    static
    option ipaddr    127.0.0.1
    option netmask    255.0.0.0

#### LAN configuration
config interface lan
    option type     bridge
    option ifname    "eth0.0"
    option proto    static
    option ipaddr    192.168.1.1
    option netmask    255.255.255.0 

#### WAN configuration
config interface    wan
    option ifname    "eth0.1"
    option proto    dhcp 

here is my /etc/config/wireless too, take a look, you need comment option network

config wifi-device  wl0
    option type     broadcom
    option channel  5

    # REMOVE THIS LINE TO ENABLE WIFI:
    option disabled 0

config wifi-iface
    option device   wl0
#    option network    lan
    option mode     adhoc
    option ssid     OpenWrt
    option encryption none 

I did use option mode adhoc because i trying to run olsrd to with all this, but you can use "option mode ap"

next we need change the firewall rules, I did the easy job, only copy the configuration of lan for wifi so edit /etc/firewall.user to add the lines here is my /etc/firewall.user

#!/bin/sh
# Copyright (C) 2006 OpenWrt.org

iptables -F input_rule
iptables -F output_rule
iptables -F forwarding_rule
iptables -t nat -F prerouting_rule
iptables -t nat -F postrouting_rule

# The following chains are for traffic directed at the IP of the 
# WAN interface

iptables -F input_wan
iptables -F forwarding_wan
iptables -t nat -F prerouting_wan

### Open port to WAN
## -- This allows port 22 to be answered by (dropbear on) the router
# iptables -t nat -A prerouting_wan -p tcp --dport 22 -j ACCEPT 
# iptables        -A input_wan      -p tcp --dport 22 -j ACCEPT

### Port forwarding
## -- This forwards port 8080 on the WAN to port 80 on 192.168.1.2
# iptables -t nat -A prerouting_wan -p tcp --dport 8080 -j DNAT --to  192.168.1.2:80
# iptables        -A forwarding_wan -p tcp --dport 80 -d 192.168.1.2 -j ACCEPT
### DMZ
## -- Connections to ports not handled above will be forwarded to 192.168.1.2
# iptables -t nat -A prerouting_wan -j DNAT --to 192.168.1.2
# iptables        -A forwarding_wan -d 192.168.1.2 -j ACCEPT
### Chilli
WIFI="wl0"
iptables -A INPUT -p tcp -m tcp --dport 3990 --syn -j ACCEPT

iptables -N WIFI_ACCEPT

[ -z "$WAN" ] || iptables -A WIFI_ACCEPT -i "$WAN" -j RETURN [ -z "$WANDEV" -o "$WANDEV" = "$WAN" ] || iptables -A WIFI_ACCEPT -i "$WANDEV" -j RETURN

iptables -A WIFI_ACCEPT -j ACCEPT

iptables -A INPUT -j WIFI_ACCEPT    # allow from lan/wifi interfaces 

iptables -A FORWARD -i $WIFI -o $WIFI -j ACCEPT

[ -z "$WAN" ] || iptables -A FORWARD -i $WIFI -o $WAN -j ACCEPT

after is more easy job, install the chilli and configure it

ipkg update
ipkg install chillispot

edit /etc/chilli.conf the more important is the interface of wireless. In my case is wl0 because I have a linksys WRT54GL, take care with other routers maybe you need change that.

dhcpif wl0

and remember put the right uamsecret and radiussecret

here is my file

##############################################################################
#
# Sample ChilliSpot configuration file
#
##############################################################################

# TAG: fg
# Include this flag if process is to run in the foreground
#fg

# TAG: debug
# Include this flag to include debug information.
#debug

# TAG: interval
# Re-read configuration file at this interval. Will also cause new domain
# name lookups to be performed. Value is given in seconds.
#interval 3600

# TAG: pidfile
# File to store information about the process id of the program.
# The program must have write access to this file/directory.
#pidfile /var/run/chilli.pid

# TAG: statedir
# Directory to use for nonvolatile storage.
# The program must have write access to this directory.
# This tag is currently ignored
#statedir ./

# TUN parameters

# TAG: net
# IP network address of external packet data network
# Used to allocate dynamic IP addresses and set up routing.
# Normally you do not need to uncomment this tag.
#net 192.168.182.0/24

# TAG: dynip
# Dynamic IP address pool
# Used to allocate dynamic IP addresses to clients.
#  If not set it defaults to the net tag.
#  Do not uncomment this tag unless you are an experienced user!
# dynip 192.168.182.0/24

# TAG: statip
# Static IP address pool
# Used to allocate static IP addresses to clients.
# Do not uncomment this tag unless you are an experienced user!
#statip 192.168.182.0/24

# TAG: dns1
# Primary DNS server.
# Will be suggested to the client. 
# If omitted the system default will be used.
# Normally you do not need to uncomment this tag.
dns1 172.16.0.5

# TAG: dns2
# Secondary DNS server.
# Will be suggested to the client.
# If omitted the system default will be used.
# Normally you do not need to uncomment this tag.
dns2 172.16.0.6

# TAG: domain
# Domain name
# Will be suggested to the client.
#  Normally you do not need to uncomment this tag.
#domain key.chillispot.org

# TAG: ipup
# Script executed after network interface has been brought up.
# Executed with the following parameters: <devicename> <ip address>
# <mask>
# Normally you do not need to uncomment this tag.
#ipup /etc/chilli.ipup

# TAG: ipdown
# Script executed after network interface has been taken down.
# Executed with the following parameters: <devicename> <ip address>
# <mask>
# Normally you do not need to uncomment this tag.
#ipdown /etc/chilli.ipdown

# TAG: conup
# Script executed after a user has been authenticated.
# Executed with the following parameters: <devicename> <ip address>
# <mask> <user ip address> <user mac address> <filter ID>
# Normally you do not need to uncomment this tag.
#conup /etc/chilli.conup

# TAG: conup
# Script executed after a user has disconnected.
# Executed with the following parameters: <devicename> <ip address>
# <mask> <user ip address> <user mac address> <filter ID>
# Normally you do not need to uncomment this tag.
#conup /etc/chilli.condown

# Radius parameters

# TAG: radiuslisten
# IP address to listen to
# Normally you do not need to uncomment this tag.
#radiuslisten 127.0.0.1

# TAG: radiusserver1
# IP address of radius server 1
# For most installations you need to modify this tag.
#radiusserver1 rad01.chillispot.org
#You can use an IP
radiusserver1 rad01.YourRadiusServer.org

# TAG: radiusserver2
# IP address of radius server 2
# If you have only one radius server you should set radiusserver2 to the
# same value as radiusserver1.
# For most installations you need to modify this tag.
#radiusserver2 rad02.chilispot.org
#You can use an IP
radiusserver2 rad02.YourRadiusServer.org

# TAG: radiusauthport
# Radius authentication port
# The UDP port number to use for radius authentication requests.
# The same port number is used for both radiusserver1 and radiusserver2.
# Normally you do not need to uncomment this tag.
#radiusauthport 1812

# TAG: radiusacctport
# Radius accounting port
# The UDP port number to use for radius accounting requests.
# The same port number is used for both radiusserver1 and radiusserver2.
# Normally you do not need to uncomment this tag.
#radiusacctport 1813 

# TAG: radiussecret
# Radius shared secret for both servers
# For all installations you should modify this tag.
#radiussecret testing123
radiussecret YourRadiusSecret

# TAG: radiusnasid
# Radius NAS-Identifier
# Normally you do not need to uncomment this tag.
#radiusnasid nas01

# TAG: radiusnasip
# Radius NAS-IP-Address
# Normally you do not need to uncomment this tag.
#radiusnasip 127.0.0.1 

# TAG: radiuscalled
# Radius Called-Station-ID
# Normally you do not need to uncomment this tag.
#radiuscalled 00133300

# TAG: radiuslocationid
# WISPr Location ID. Should be in the format: isocc=<ISO_Country_Code>,
# cc=<E.164_Country_Code>,ac=<E.164_Area_Code>,network=<ssid/ZONE>
# Normally you do not need to uncomment this tag.
#radiuslocationid isocc=us,cc=1,ac=408,network=ACMEWISP_NewarkAirport

# TAG: radiuslocationname
# WISPr Location Name. Should be in the format: 
# <HOTSPOT_OPERATOR_NAME>,<LOCATION>
# Normally you do not need to uncomment this tag.
#radiuslocationname ACMEWISP,Gate_14_Terminal_C_of_Newark_Airport 

# Radius proxy parameters

# TAG: proxylisten
# IP address to listen to
# Normally you do not need to uncomment this tag.
#proxylisten 10.0.0.1

# TAG: proxyport
# UDP port to listen to. 
# If not specified a port will be selected by the system
# Normally you do not need to uncomment this tag.
#proxyport 1645 

# TAG: proxyclient
# Client(s) from which we accept radius requests
# Normally you do not need to uncomment this tag.
#proxyclient 10.0.0.1/24

# TAG: proxysecret
# Radius proxy shared secret for all clients
# If not specified defaults to radiussecret
# Normally you do not need to uncomment this tag.
#proxysecret testing123


# Remote configuration management

# TAG: confusername
# If confusername is specified together with confpassword chillispot
# will at regular intervals specified by the interval option query the
# radius server for configuration information.
# Normally you do not need to uncomment this tag.
#confusername conf

# TAG: confpassword
# If confusername is specified together with confpassword chillispot
# will at regular intervals specified by the interval option query the
# radius server for configuration information.
# Normally you do not need to uncomment this tag.
#confpassword secret
  

# DHCP Parameters 

# TAG: dhcpif
# Ethernet interface to listen to.
# This is the network interface which is connected to the access points.
# In a typical configuration this tag should be set to eth1.
dhcpif wl0

# TAG: dhcpmac
# Use specified MAC address.
# An address in the range  00:00:5E:00:02:00 - 00:00:5E:FF:FF:FF falls
# within the IANA range of addresses and is not allocated for other
# purposes.
# Normally you do not need to uncomment this tag.
#dhcpmac 00:00:5E:00:02:00

# TAG: lease
# Time before DHCP lease expires
# Normally you do not need to uncomment this tag.
#lease 600
  

# Universal access method (UAM) parameters   

# TAG: uamserver
# URL of web server handling authentication.
#uamserver http://www.internet-wifi.com.ar/hotspotlogin_m.php
uamserver https://your.uamserver/hotspotlogin

# TAG: uamhomepage
# URL of welcome homepage.
# Unauthenticated users will be redirected to this URL. If not specified
# users will be redirected to the uamserver instead.
# Normally you do not need to uncomment this tag.
#uamhomepage http://192.168.182.1/welcome.html

# TAG: uamsecret
# Shared between chilli and authentication web server
#uamsecret ht2eb8ej6s4et3rg1ulp
uamsecret YourUamSecret

# TAG: uamlisten
# IP address to listen to for authentication requests
# Do not uncomment this tag unless you are an experienced user!
#uamlisten 192.168.182.1 

# TAG: uamport
# TCP port to listen to for authentication requests
# Do not uncomment this tag unless you are an experienced user!
#uamport 3990

# TAG: uamallowed
# Comma separated list of domain names, IP addresses or network segments
# the client can access without first authenticating.
# It is possible to specify this tag multiple times.
# Normally you do not need to uncomment this tag.
#uamallowed www.chillispot.org,10.11.12.0/24
#uamallowed www.internet-wifi.com.ar,10.0.0.0/8,172.16.0.0/24
uamallowed www.yoursallowedsi.sites,10.0.0.0/8,172.16.0.0/24

# TAG: uamanydns
# If this flag is given unauthenticated users are allowed to use
# any DNS server.
# Normally you do not need to uncomment this tag.
#uamanydns
uamanydns
  

# MAC authentication

# TAG: macauth
# If this flag is given users will be authenticated only on their MAC
# address.
# Normally you do not need to uncomment this tag.
#macauth

# TAG: macallowed
# List of MAC addresses.
# The MAC addresses specified in this list will be authenticated only on
# their MAC address.
# This tag is ignored if the macauth tag is given.
# It is possible to specify this tag multiple times.
# Normally you do not need to uncomment this tag.
#macallowed 00-0A-5E-AC-BE-51,00-30-1B-3C-32-E9

# TAG: macpasswd
# Password to use for MAC authentication.
# Normally you do not need to uncomment this tag.
#macpasswd password

# TAG: macsuffix
# Suffix to add to MAC address in order to form the username.
# Normally you do not need to uncomment this tag.
#macsuffix suffix

Ok, guys that's it... with this every work, but remember, maybe I did something wron

Good luck



Referensi