OpenWRT: Setup Chillispot
Jump to navigation
Jump to search
Hi guys I'm new on this world, I'm not a guru, I'm starting with ervery this of embed linux and linux, so take care, I did install the chilli without problems, but remember, I don't have enough knowledge.
Ok I did this.... first time edit /etc/config/network and modify the vlan configuration here is mi file
#### VLAN configuration
config switch eth0
option vlan0 "1 2 3 5*"
option vlan1 "4 5"
option vlan2 "0 5"
#### Loopback configuration
config interface loopback
option ifname "lo"
option proto static
option ipaddr 127.0.0.1
option netmask 255.0.0.0
#### LAN configuration
config interface lan
option type bridge
option ifname "eth0.0"
option proto static
option ipaddr 192.168.1.1
option netmask 255.255.255.0
#### WAN configuration
config interface wan
option ifname "eth0.1"
option proto dhcp
here is my /etc/config/wireless too, take a look, you need comment option network
config wifi-device wl0
option type broadcom
option channel 5
# REMOVE THIS LINE TO ENABLE WIFI:
option disabled 0
config wifi-iface
option device wl0
# option network lan
option mode adhoc
option ssid OpenWrt
option encryption none
I did use option mode adhoc because i trying to run olsrd to with all this, but you can use "option mode ap"
next we need change the firewall rules, I did the easy job, only copy the configuration of lan for wifi so edit /etc/firewall.user to add the lines here is my /etc/firewall.user
#!/bin/sh # Copyright (C) 2006 OpenWrt.org iptables -F input_rule iptables -F output_rule iptables -F forwarding_rule iptables -t nat -F prerouting_rule iptables -t nat -F postrouting_rule # The following chains are for traffic directed at the IP of the # WAN interface iptables -F input_wan iptables -F forwarding_wan iptables -t nat -F prerouting_wan ### Open port to WAN ## -- This allows port 22 to be answered by (dropbear on) the router # iptables -t nat -A prerouting_wan -p tcp --dport 22 -j ACCEPT # iptables -A input_wan -p tcp --dport 22 -j ACCEPT ### Port forwarding ## -- This forwards port 8080 on the WAN to port 80 on 192.168.1.2 # iptables -t nat -A prerouting_wan -p tcp --dport 8080 -j DNAT --to 192.168.1.2:80 # iptables -A forwarding_wan -p tcp --dport 80 -d 192.168.1.2 -j ACCEPT
### DMZ ## -- Connections to ports not handled above will be forwarded to 192.168.1.2 # iptables -t nat -A prerouting_wan -j DNAT --to 192.168.1.2 # iptables -A forwarding_wan -d 192.168.1.2 -j ACCEPT ### Chilli WIFI="wl0" iptables -A INPUT -p tcp -m tcp --dport 3990 --syn -j ACCEPT iptables -N WIFI_ACCEPT
[ -z "$WAN" ] || iptables -A WIFI_ACCEPT -i "$WAN" -j RETURN [ -z "$WANDEV" -o "$WANDEV" = "$WAN" ] || iptables -A WIFI_ACCEPT -i "$WANDEV" -j RETURN
iptables -A WIFI_ACCEPT -j ACCEPT iptables -A INPUT -j WIFI_ACCEPT # allow from lan/wifi interfaces iptables -A FORWARD -i $WIFI -o $WIFI -j ACCEPT
[ -z "$WAN" ] || iptables -A FORWARD -i $WIFI -o $WAN -j ACCEPT
after is more easy job, install the chilli and configure it
ipkg update ipkg install chillispot
edit /etc/chilli.conf the more important is the interface of wireless. In my case is wl0 because I have a linksys WRT54GL, take care with other routers maybe you need change that.
dhcpif wl0
and remember put the right uamsecret and radiussecret
here is my file
############################################################################## # # Sample ChilliSpot configuration file # ############################################################################## # TAG: fg # Include this flag if process is to run in the foreground #fg # TAG: debug # Include this flag to include debug information. #debug # TAG: interval # Re-read configuration file at this interval. Will also cause new domain # name lookups to be performed. Value is given in seconds. #interval 3600 # TAG: pidfile # File to store information about the process id of the program. # The program must have write access to this file/directory. #pidfile /var/run/chilli.pid # TAG: statedir # Directory to use for nonvolatile storage. # The program must have write access to this directory. # This tag is currently ignored #statedir ./ # TUN parameters # TAG: net # IP network address of external packet data network # Used to allocate dynamic IP addresses and set up routing. # Normally you do not need to uncomment this tag. #net 192.168.182.0/24 # TAG: dynip # Dynamic IP address pool # Used to allocate dynamic IP addresses to clients. # If not set it defaults to the net tag. # Do not uncomment this tag unless you are an experienced user! # dynip 192.168.182.0/24 # TAG: statip # Static IP address pool # Used to allocate static IP addresses to clients. # Do not uncomment this tag unless you are an experienced user! #statip 192.168.182.0/24 # TAG: dns1 # Primary DNS server. # Will be suggested to the client. # If omitted the system default will be used. # Normally you do not need to uncomment this tag. dns1 172.16.0.5 # TAG: dns2 # Secondary DNS server. # Will be suggested to the client. # If omitted the system default will be used. # Normally you do not need to uncomment this tag. dns2 172.16.0.6 # TAG: domain # Domain name # Will be suggested to the client. # Normally you do not need to uncomment this tag. #domain key.chillispot.org # TAG: ipup # Script executed after network interface has been brought up. # Executed with the following parameters: <devicename> <ip address> # <mask> # Normally you do not need to uncomment this tag. #ipup /etc/chilli.ipup # TAG: ipdown # Script executed after network interface has been taken down. # Executed with the following parameters: <devicename> <ip address> # <mask> # Normally you do not need to uncomment this tag. #ipdown /etc/chilli.ipdown # TAG: conup # Script executed after a user has been authenticated. # Executed with the following parameters: <devicename> <ip address> # <mask> <user ip address> <user mac address> <filter ID> # Normally you do not need to uncomment this tag. #conup /etc/chilli.conup # TAG: conup # Script executed after a user has disconnected. # Executed with the following parameters: <devicename> <ip address> # <mask> <user ip address> <user mac address> <filter ID> # Normally you do not need to uncomment this tag. #conup /etc/chilli.condown # Radius parameters # TAG: radiuslisten # IP address to listen to # Normally you do not need to uncomment this tag. #radiuslisten 127.0.0.1 # TAG: radiusserver1 # IP address of radius server 1 # For most installations you need to modify this tag. #radiusserver1 rad01.chillispot.org #You can use an IP radiusserver1 rad01.YourRadiusServer.org # TAG: radiusserver2 # IP address of radius server 2 # If you have only one radius server you should set radiusserver2 to the # same value as radiusserver1. # For most installations you need to modify this tag. #radiusserver2 rad02.chilispot.org #You can use an IP radiusserver2 rad02.YourRadiusServer.org # TAG: radiusauthport # Radius authentication port # The UDP port number to use for radius authentication requests. # The same port number is used for both radiusserver1 and radiusserver2. # Normally you do not need to uncomment this tag. #radiusauthport 1812 # TAG: radiusacctport # Radius accounting port # The UDP port number to use for radius accounting requests. # The same port number is used for both radiusserver1 and radiusserver2. # Normally you do not need to uncomment this tag. #radiusacctport 1813 # TAG: radiussecret # Radius shared secret for both servers # For all installations you should modify this tag. #radiussecret testing123 radiussecret YourRadiusSecret # TAG: radiusnasid # Radius NAS-Identifier # Normally you do not need to uncomment this tag. #radiusnasid nas01 # TAG: radiusnasip # Radius NAS-IP-Address # Normally you do not need to uncomment this tag. #radiusnasip 127.0.0.1 # TAG: radiuscalled # Radius Called-Station-ID # Normally you do not need to uncomment this tag. #radiuscalled 00133300 # TAG: radiuslocationid # WISPr Location ID. Should be in the format: isocc=<ISO_Country_Code>, # cc=<E.164_Country_Code>,ac=<E.164_Area_Code>,network=<ssid/ZONE> # Normally you do not need to uncomment this tag. #radiuslocationid isocc=us,cc=1,ac=408,network=ACMEWISP_NewarkAirport # TAG: radiuslocationname # WISPr Location Name. Should be in the format: # <HOTSPOT_OPERATOR_NAME>,<LOCATION> # Normally you do not need to uncomment this tag. #radiuslocationname ACMEWISP,Gate_14_Terminal_C_of_Newark_Airport # Radius proxy parameters # TAG: proxylisten # IP address to listen to # Normally you do not need to uncomment this tag. #proxylisten 10.0.0.1 # TAG: proxyport # UDP port to listen to. # If not specified a port will be selected by the system # Normally you do not need to uncomment this tag. #proxyport 1645 # TAG: proxyclient # Client(s) from which we accept radius requests # Normally you do not need to uncomment this tag. #proxyclient 10.0.0.1/24 # TAG: proxysecret # Radius proxy shared secret for all clients # If not specified defaults to radiussecret # Normally you do not need to uncomment this tag. #proxysecret testing123 # Remote configuration management # TAG: confusername # If confusername is specified together with confpassword chillispot # will at regular intervals specified by the interval option query the # radius server for configuration information. # Normally you do not need to uncomment this tag. #confusername conf # TAG: confpassword # If confusername is specified together with confpassword chillispot # will at regular intervals specified by the interval option query the # radius server for configuration information. # Normally you do not need to uncomment this tag. #confpassword secret # DHCP Parameters # TAG: dhcpif # Ethernet interface to listen to. # This is the network interface which is connected to the access points. # In a typical configuration this tag should be set to eth1. dhcpif wl0 # TAG: dhcpmac # Use specified MAC address. # An address in the range 00:00:5E:00:02:00 - 00:00:5E:FF:FF:FF falls # within the IANA range of addresses and is not allocated for other # purposes. # Normally you do not need to uncomment this tag. #dhcpmac 00:00:5E:00:02:00 # TAG: lease # Time before DHCP lease expires # Normally you do not need to uncomment this tag. #lease 600 # Universal access method (UAM) parameters # TAG: uamserver # URL of web server handling authentication. #uamserver http://www.internet-wifi.com.ar/hotspotlogin_m.php uamserver https://your.uamserver/hotspotlogin # TAG: uamhomepage # URL of welcome homepage. # Unauthenticated users will be redirected to this URL. If not specified # users will be redirected to the uamserver instead. # Normally you do not need to uncomment this tag. #uamhomepage http://192.168.182.1/welcome.html # TAG: uamsecret # Shared between chilli and authentication web server #uamsecret ht2eb8ej6s4et3rg1ulp uamsecret YourUamSecret # TAG: uamlisten # IP address to listen to for authentication requests # Do not uncomment this tag unless you are an experienced user! #uamlisten 192.168.182.1 # TAG: uamport # TCP port to listen to for authentication requests # Do not uncomment this tag unless you are an experienced user! #uamport 3990 # TAG: uamallowed # Comma separated list of domain names, IP addresses or network segments # the client can access without first authenticating. # It is possible to specify this tag multiple times. # Normally you do not need to uncomment this tag. #uamallowed www.chillispot.org,10.11.12.0/24 #uamallowed www.internet-wifi.com.ar,10.0.0.0/8,172.16.0.0/24 uamallowed www.yoursallowedsi.sites,10.0.0.0/8,172.16.0.0/24 # TAG: uamanydns # If this flag is given unauthenticated users are allowed to use # any DNS server. # Normally you do not need to uncomment this tag. #uamanydns uamanydns # MAC authentication # TAG: macauth # If this flag is given users will be authenticated only on their MAC # address. # Normally you do not need to uncomment this tag. #macauth # TAG: macallowed # List of MAC addresses. # The MAC addresses specified in this list will be authenticated only on # their MAC address. # This tag is ignored if the macauth tag is given. # It is possible to specify this tag multiple times. # Normally you do not need to uncomment this tag. #macallowed 00-0A-5E-AC-BE-51,00-30-1B-3C-32-E9 # TAG: macpasswd # Password to use for MAC authentication. # Normally you do not need to uncomment this tag. #macpasswd password # TAG: macsuffix # Suffix to add to MAC address in order to form the username. # Normally you do not need to uncomment this tag. #macsuffix suffix
Ok, guys that's it... with this every work, but remember, maybe I did something wron
Good luck