Difference between revisions of "WiFi: HotSpot - CoovaChilli Fitur dan Keterangan Tambahan"
Onnowpurbo (talk | contribs) |
Onnowpurbo (talk | contribs) |
||
| Line 14: | Line 14: | ||
The init.d file for chilli which defaults to using the above configurations to build a set of configurations files in the /etc/chilli directory - taking local configurations and optionally centralized configurations from RADIUS or a URL. See chilli.conf(5) | The init.d file for chilli which defaults to using the above configurations to build a set of configurations files in the /etc/chilli directory - taking local configurations and optionally centralized configurations from RADIUS or a URL. See chilli.conf(5) | ||
| − | + | * /var/run/chilli.sock - UNIX socket yang digunakan untuk komunikasi daemon. | |
| + | * /var/run/chilli.pid - File Process ID. | ||
| + | * /etc/chilli/www/ - lokasi minimal web server. | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
The typical location of location content served up by chilli using a minimal web server. SIGNALS | The typical location of location content served up by chilli using a minimal web server. SIGNALS | ||
| Line 62: | Line 52: | ||
When coovachilli is started it automatically installs required modules and network access. Use the following commands to check: | When coovachilli is started it automatically installs required modules and network access. Use the following commands to check: | ||
| − | Packet Forwarding | + | ==Packet Forwarding== |
Test the current setting of the kernel: | Test the current setting of the kernel: | ||
| − | cat /proc/sys/net/ipv4/ip_forward | + | cat /proc/sys/net/ipv4/ip_forward |
Manual Install | Manual Install | ||
| Line 72: | Line 62: | ||
Immediately allow the forwarding of packets. The configuration is not preserved on reboot but sets a flag in the kernel itself. | Immediately allow the forwarding of packets. The configuration is not preserved on reboot but sets a flag in the kernel itself. | ||
| − | echo 1 > /proc/sys/net/ipv4/ip_forward | + | echo 1 > /proc/sys/net/ipv4/ip_forward |
EnableTUN/TAP device driver support | EnableTUN/TAP device driver support | ||
| Line 78: | Line 68: | ||
Test the current setting of the kernel: | Test the current setting of the kernel: | ||
| − | lsmod | + | lsmod |
Look for the module tun | Look for the module tun | ||
| Line 86: | Line 76: | ||
Manual Install | Manual Install | ||
| − | sudo modprobe tun | + | sudo modprobe tun |
==Firewall / Port Forward== | ==Firewall / Port Forward== | ||
Revision as of 10:14, 9 April 2010
Beberapa File CoovaChilli
- /etc/chilli.conf - file konfigurasi utama.
- /etc/chilli/defaults - file konfigurasi default oleh chilli init.d
- /etc/chilli/config - lokasi konfigurasi
- /etc/chilli/functions - mengkonfigurasi chilli dengan cara memload konfigurasi
Helps configure chilli by loading the above configurations, sets some defaults, and provides functions for writing main.conf, hs.conf, and local.conf based on local and possibily centralized. See chilli.conf(5)
*
/etc/init.d/chilli
The init.d file for chilli which defaults to using the above configurations to build a set of configurations files in the /etc/chilli directory - taking local configurations and optionally centralized configurations from RADIUS or a URL. See chilli.conf(5)
- /var/run/chilli.sock - UNIX socket yang digunakan untuk komunikasi daemon.
- /var/run/chilli.pid - File Process ID.
- /etc/chilli/www/ - lokasi minimal web server.
The typical location of location content served up by chilli using a minimal web server. SIGNALS
Sending HUP to chilli will cause the configuration file to be reread and DNS lookups to be performed.
The configuration options are not affected by sending HUP: fg, conf, pidfile, statedir, net, dynip, statip, uamlisten, uamport, radiuslisten, coaport, coanoipcheck, proxylisten, proxyport, proxyclient, proxysecret, dhcpif, dhcpmac, lease, or eapolenable
The above configuration options can only be changed by restarting the daemon.
Optional Features
extra authentication parameters
you can add a column to the radcheck table for example: is the user account still valid? with this command:
alter table radcheck add column `Valid` tinyint(1) default 0 not null;
than in the
/etc/freeradius/sql.conf
change the variable authorize_check_query by adding and Valid = 1 after where username = “%{SQL-User-Name}” \
in the future time you can change the valid to serve many purposes for example email authorization, ...
xml service for the freeradius database
this cgi bash script is experimental for analysing an xml file and for inserting the parsed data into a mysql database. it is used for inserting a new user to the radcheck table or to modify an user of freeradius in combination with coovachilli.
Post Install Trouble Shooting
When coovachilli is started it automatically installs required modules and network access. Use the following commands to check:
Packet Forwarding
Test the current setting of the kernel:
cat /proc/sys/net/ipv4/ip_forward
Manual Install
Immediately allow the forwarding of packets. The configuration is not preserved on reboot but sets a flag in the kernel itself.
echo 1 > /proc/sys/net/ipv4/ip_forward
EnableTUN/TAP device driver support
Test the current setting of the kernel:
lsmod
Look for the module tun
The TUN/TAP driver is required for proper operation of the chilli server. Linux kernels later than 2.4.7 already include the driver, but could be loaded manually with modprobe tun or automaticly by adding tun to the /etc/modules configuration file.
Manual Install
sudo modprobe tun
Firewall / Port Forward
On start up coovachilli runs a firewall script defining rules. Rules are as follows:
# Generated by iptables-save v1.3.8 on Sun Aug 10 14:59:34 2008 *nat :PREROUTING ACCEPT [0:0] :POSTROUTING ACCEPT [1:530] :OUTPUT ACCEPT [1:530] COMMIT # Completed on Sun Aug 10 14:59:34 2008 # Generated by iptables-save v1.3.8 on Sun Aug 10 14:59:34 2008 *mangle :PREROUTING ACCEPT [0:0] :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [1:530] :POSTROUTING ACCEPT [1:530] COMMIT # Completed on Sun Aug 10 14:59:34 2008 # Generated by iptables-save v1.3.8 on Sun Aug 10 14:59:34 2008 *filter :INPUT ACCEPT [181:23233] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [148:77128] -A INPUT -d 192.168.2.1 -i tun0 -p tcp -m tcp --dport 3990 -j ACCEPT -A INPUT -d 192.168.2.1 -i tun0 -p tcp -m tcp --dport 3991 -j ACCEPT -A INPUT -d 255.255.255.255 -i tun0 -p udp -m udp --dport 67:68 -j ACCEPT -A INPUT -d 192.168.2.1 -i tun0 -p udp -m udp --dport 53 -j ACCEPT -A INPUT -d 192.168.2.1 -i tun0 -j DROP -A INPUT -i tun0 -j DROP -A FORWARD -i tun0 -o ! eth0 -j DROP -A FORWARD -o tun0 -j ACCEPT -A FORWARD -i tun0 -j ACCEPT -A FORWARD -o eth1 -j DROP -A FORWARD -i eth1 -j DROP COMMIT # Completed on Sun Aug 10 14:59:34 2008
Pranala Menarik
- WiFi: HotSpot - CoovaChilli Pendahuluan
- WiFi: HotSpot - CoovaChilli Kebutuhan Hardware dan Software
- WiFi: HotSpot - CoovaChilli Instalasi Radius Server
- WiFi: HotSpot - Instalasi CoovaChilli
- WiFi: HotSpot - CoovaChilli Instalasi Firewall
- WiFi: HotSpot - CoovaChilli Instalasi Apache dan SSL
- WiFi: HotSpot - CoovaChilli Fitur dan Keterangan Tambahan
- WiFi: HotSpot