WiFi: HotSpot - CoovaChilli Fitur dan Keterangan Tambahan

From OnnoWiki
Revision as of 10:14, 9 April 2010 by Onnowpurbo (talk | contribs)
Jump to navigation Jump to search

Beberapa File CoovaChilli

  • /etc/chilli.conf - file konfigurasi utama.
  • /etc/chilli/defaults - file konfigurasi default oleh chilli init.d
  • /etc/chilli/config - lokasi konfigurasi
  • /etc/chilli/functions - mengkonfigurasi chilli dengan cara memload konfigurasi

Helps configure chilli by loading the above configurations, sets some defaults, and provides functions for writing main.conf, hs.conf, and local.conf based on local and possibily centralized. See chilli.conf(5)

   *
     /etc/init.d/chilli 

The init.d file for chilli which defaults to using the above configurations to build a set of configurations files in the /etc/chilli directory - taking local configurations and optionally centralized configurations from RADIUS or a URL. See chilli.conf(5)

  • /var/run/chilli.sock - UNIX socket yang digunakan untuk komunikasi daemon.
  • /var/run/chilli.pid - File Process ID.
  • /etc/chilli/www/ - lokasi minimal web server.


The typical location of location content served up by chilli using a minimal web server. SIGNALS

Sending HUP to chilli will cause the configuration file to be reread and DNS lookups to be performed.

The configuration options are not affected by sending HUP: fg, conf, pidfile, statedir, net, dynip, statip, uamlisten, uamport, radiuslisten, coaport, coanoipcheck, proxylisten, proxyport, proxyclient, proxysecret, dhcpif, dhcpmac, lease, or eapolenable

The above configuration options can only be changed by restarting the daemon.

Optional Features

extra authentication parameters

you can add a column to the radcheck table for example: is the user account still valid? with this command:

alter table radcheck add column `Valid` tinyint(1) default 0 not null;

than in the

/etc/freeradius/sql.conf

change the variable authorize_check_query by adding and Valid = 1 after where username = “%{SQL-User-Name}” \

in the future time you can change the valid to serve many purposes for example email authorization, ...

xml service for the freeradius database

this cgi bash script is experimental for analysing an xml file and for inserting the parsed data into a mysql database. it is used for inserting a new user to the radcheck table or to modify an user of freeradius in combination with coovachilli.

Post Install Trouble Shooting

When coovachilli is started it automatically installs required modules and network access. Use the following commands to check:

Packet Forwarding

Test the current setting of the kernel:

cat /proc/sys/net/ipv4/ip_forward

Manual Install

Immediately allow the forwarding of packets. The configuration is not preserved on reboot but sets a flag in the kernel itself.

echo 1 > /proc/sys/net/ipv4/ip_forward

EnableTUN/TAP device driver support

Test the current setting of the kernel:

lsmod

Look for the module tun

The TUN/TAP driver is required for proper operation of the chilli server. Linux kernels later than 2.4.7 already include the driver, but could be loaded manually with modprobe tun or automaticly by adding tun to the /etc/modules configuration file.

Manual Install

sudo modprobe tun

Firewall / Port Forward

On start up coovachilli runs a firewall script defining rules. Rules are as follows:

# Generated by iptables-save v1.3.8 on Sun Aug 10 14:59:34 2008
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [1:530]
:OUTPUT ACCEPT [1:530]
COMMIT
# Completed on Sun Aug 10 14:59:34 2008
# Generated by iptables-save v1.3.8 on Sun Aug 10 14:59:34 2008
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1:530]
:POSTROUTING ACCEPT [1:530]
COMMIT
# Completed on Sun Aug 10 14:59:34 2008
# Generated by iptables-save v1.3.8 on Sun Aug 10 14:59:34 2008
*filter
:INPUT ACCEPT [181:23233]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [148:77128]
-A INPUT -d 192.168.2.1 -i tun0 -p tcp -m tcp --dport 3990 -j ACCEPT 
-A INPUT -d 192.168.2.1 -i tun0 -p tcp -m tcp --dport 3991 -j ACCEPT 
-A INPUT -d 255.255.255.255 -i tun0 -p udp -m udp --dport 67:68 -j ACCEPT 
-A INPUT -d 192.168.2.1 -i tun0 -p udp -m udp --dport 53 -j ACCEPT 
-A INPUT -d 192.168.2.1 -i tun0 -j DROP 
-A INPUT -i tun0 -j DROP 
-A FORWARD -i tun0 -o ! eth0 -j DROP 
-A FORWARD -o tun0 -j ACCEPT 
-A FORWARD -i tun0 -j ACCEPT 
-A FORWARD -o eth1 -j DROP 
-A FORWARD -i eth1 -j DROP 
COMMIT
# Completed on Sun Aug 10 14:59:34 2008 

Pranala Menarik