Difference between revisions of "WiFi: HotSpot - CoovaChilli Fitur dan Keterangan Tambahan"

Latest revision as of 09:19, 11 May 2010

Beberapa File CoovaChilli

/etc/chilli.conf - file konfigurasi utama.
/etc/chilli/defaults - file konfigurasi default oleh chilli init.d
/etc/chilli/config - lokasi konfigurasi
/etc/chilli/functions - mengkonfigurasi chilli dengan cara memload konfigurasi

Helps configure chilli by loading the above configurations, sets some defaults, and provides functions for writing main.conf, hs.conf, and local.conf based on local and possibily centralized. See chilli.conf(5)

     /etc/init.d/chilli

The init.d file for chilli which defaults to using the above configurations to build a set of configurations files in the /etc/chilli directory - taking local configurations and optionally centralized configurations from RADIUS or a URL. See chilli.conf(5)

/var/run/chilli.sock - UNIX socket yang digunakan untuk komunikasi daemon.
/var/run/chilli.pid - File Process ID.
/etc/chilli/www/ - lokasi minimal web server.

The typical location of location content served up by chilli using a minimal web server. SIGNALS

Sending HUP to chilli will cause the configuration file to be reread and DNS lookups to be performed.

The configuration options are not affected by sending HUP: fg, conf, pidfile, statedir, net, dynip, statip, uamlisten, uamport, radiuslisten, coaport, coanoipcheck, proxylisten, proxyport, proxyclient, proxysecret, dhcpif, dhcpmac, lease, or eapolenable

The above configuration options can only be changed by restarting the daemon.

Optional Features

extra authentication parameters

you can add a column to the radcheck table for example: is the user account still valid? with this command:

alter table radcheck add column `Valid` tinyint(1) default 0 not null;

than in the

/etc/freeradius/sql.conf

change the variable authorize_check_query by adding and Valid = 1 after where username = “%{SQL-User-Name}” \

in the future time you can change the valid to serve many purposes for example email authorization, ...

xml service for the freeradius database

this cgi bash script is experimental for analysing an xml file and for inserting the parsed data into a mysql database. it is used for inserting a new user to the radcheck table or to modify an user of freeradius in combination with coovachilli.

Post Install Trouble Shooting

When coovachilli is started it automatically installs required modules and network access. Use the following commands to check:

Packet Forwarding

Test the current setting of the kernel:

cat /proc/sys/net/ipv4/ip_forward

Manual Install

Immediately allow the forwarding of packets. The configuration is not preserved on reboot but sets a flag in the kernel itself.

echo 1 > /proc/sys/net/ipv4/ip_forward

EnableTUN/TAP device driver support

Test the current setting of the kernel:

lsmod

Look for the module tun

The TUN/TAP driver is required for proper operation of the chilli server. Linux kernels later than 2.4.7 already include the driver, but could be loaded manually with modprobe tun or automaticly by adding tun to the /etc/modules configuration file.

Manual Install

sudo modprobe tun

Firewall / Port Forward

On start up coovachilli runs a firewall script defining rules. Rules are as follows:

# Generated by iptables-save v1.3.8 on Sun Aug 10 14:59:34 2008
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [1:530]
:OUTPUT ACCEPT [1:530]
COMMIT
# Completed on Sun Aug 10 14:59:34 2008
# Generated by iptables-save v1.3.8 on Sun Aug 10 14:59:34 2008
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1:530]
:POSTROUTING ACCEPT [1:530]
COMMIT
# Completed on Sun Aug 10 14:59:34 2008
# Generated by iptables-save v1.3.8 on Sun Aug 10 14:59:34 2008
*filter
:INPUT ACCEPT [181:23233]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [148:77128]
-A INPUT -d 192.168.2.1 -i tun0 -p tcp -m tcp --dport 3990 -j ACCEPT 
-A INPUT -d 192.168.2.1 -i tun0 -p tcp -m tcp --dport 3991 -j ACCEPT 
-A INPUT -d 255.255.255.255 -i tun0 -p udp -m udp --dport 67:68 -j ACCEPT 
-A INPUT -d 192.168.2.1 -i tun0 -p udp -m udp --dport 53 -j ACCEPT 
-A INPUT -d 192.168.2.1 -i tun0 -j DROP 
-A INPUT -i tun0 -j DROP 
-A FORWARD -i tun0 -o ! eth0 -j DROP 
-A FORWARD -o tun0 -j ACCEPT 
-A FORWARD -i tun0 -j ACCEPT 
-A FORWARD -o eth1 -j DROP 
-A FORWARD -i eth1 -j DROP 
COMMIT
# Completed on Sun Aug 10 14:59:34 2008

Pranala Menarik

Difference between revisions of "WiFi: HotSpot - CoovaChilli Fitur dan Keterangan Tambahan"

Latest revision as of 09:19, 11 May 2010

Packet Forwarding

Firewall / Port Forward

Pranala Menarik

Navigation menu

Search

@@ Line 1: / Line 1: @@
-Additional Info
+Beberapa File CoovaChilli
-COOVA-CHILLI FILES
+* /etc/chilli.conf - file konfigurasi utama.
+* /etc/chilli/defaults - file konfigurasi default oleh chilli init.d
-    *
+* /etc/chilli/config - lokasi konfigurasi
+* /etc/chilli/functions - mengkonfigurasi chilli dengan cara memload konfigurasi
-      /etc/chilli.conf
-The main chilli configuration file.
-    *
-      /etc/chilli/defaults
-Default configurations used by the chilli init.d and functions scripts.
-    *
-      /etc/chilli/config
-Location specific configurations used by chilli init.d and functions scripts. Copy the defaults file mentioned above and edit.
-    *
-      /etc/chilli/functions
 Helps configure chilli by loading the above configurations, sets some defaults, and provides functions for writing main.conf, hs.conf, and local.conf based on local and possibily centralized. See chilli.conf(5)
@@ Line 33: / Line 14: @@
 The init.d file for chilli which defaults to using the above configurations to build a set of configurations files in the /etc/chilli directory - taking local configurations and optionally centralized configurations from RADIUS or a URL. See chilli.conf(5)
-    *
+* /var/run/chilli.sock - UNIX socket yang digunakan untuk komunikasi daemon.
+* /var/run/chilli.pid  - File Process ID.
-      /var/run/chilli.sock
+* /etc/chilli/www/  - lokasi minimal web server.
-UNIX socket used to daemon communication.
-    *
-      /var/run/chilli.pid
-Process ID file.
-    *
-      /etc/chilli/www/
 The typical location of location content served up by chilli using a minimal web server. SIGNALS
@@ Line 81: / Line 52: @@
 When coovachilli is started it automatically installs required modules and network access. Use the following commands to check:
-Packet Forwarding
+==Packet Forwarding==
 Test the current setting of the kernel:
-cat /proc/sys/net/ipv4/ip_forward
+ cat /proc/sys/net/ipv4/ip_forward
 Manual Install
@@ Line 91: / Line 62: @@
 Immediately allow the forwarding of packets. The configuration is not preserved on reboot but sets a flag in the kernel itself.
-echo 1 > /proc/sys/net/ipv4/ip_forward
+ echo 1 > /proc/sys/net/ipv4/ip_forward
 EnableTUN/TAP device driver support
@@ Line 97: / Line 68: @@
 Test the current setting of the kernel:
-lsmod
+ lsmod
 Look for the module tun
@@ Line 105: / Line 76: @@
 Manual Install
-sudo modprobe tun
+ sudo modprobe tun
-Firewall / Port Forward
+==Firewall / Port Forward==
 On start up coovachilli runs a firewall script defining rules. Rules are as follows:
-# Generated by iptables-save v1.3.8 on Sun Aug 10 14:59:34 2008
+ # Generated by iptables-save v1.3.8 on Sun Aug 10 14:59:34 2008
-*nat
+ *nat
-:PREROUTING ACCEPT [0:0]
+ :PREROUTING ACCEPT [0:0]
-:POSTROUTING ACCEPT [1:530]
+ :POSTROUTING ACCEPT [1:530]
-:OUTPUT ACCEPT [1:530]
+ :OUTPUT ACCEPT [1:530]
-COMMIT
+ COMMIT
-# Completed on Sun Aug 10 14:59:34 2008
+ # Completed on Sun Aug 10 14:59:34 2008
-# Generated by iptables-save v1.3.8 on Sun Aug 10 14:59:34 2008
+ # Generated by iptables-save v1.3.8 on Sun Aug 10 14:59:34 2008
-*mangle
+ *mangle
-:PREROUTING ACCEPT [0:0]
+ :PREROUTING ACCEPT [0:0]
-:INPUT ACCEPT [0:0]
+ :INPUT ACCEPT [0:0]
-:FORWARD ACCEPT [0:0]
+ :FORWARD ACCEPT [0:0]
-:OUTPUT ACCEPT [1:530]
+ :OUTPUT ACCEPT [1:530]
-:POSTROUTING ACCEPT [1:530]
+ :POSTROUTING ACCEPT [1:530]
-COMMIT
+ COMMIT
-# Completed on Sun Aug 10 14:59:34 2008
+ # Completed on Sun Aug 10 14:59:34 2008
-# Generated by iptables-save v1.3.8 on Sun Aug 10 14:59:34 2008
+ # Generated by iptables-save v1.3.8 on Sun Aug 10 14:59:34 2008
-*filter
+ *filter
-:INPUT ACCEPT [181:23233]
+ :INPUT ACCEPT [181:23233]
-:FORWARD ACCEPT [0:0]
+ :FORWARD ACCEPT [0:0]
-:OUTPUT ACCEPT [148:77128]
+ :OUTPUT ACCEPT [148:77128]
--A INPUT -d 192.168.2.1 -i tun0 -p tcp -m tcp --dport 3990 -j ACCEPT
+ -A INPUT -d 192.168.2.1 -i tun0 -p tcp -m tcp --dport 3990 -j ACCEPT
--A INPUT -d 192.168.2.1 -i tun0 -p tcp -m tcp --dport 3991 -j ACCEPT
+ -A INPUT -d 192.168.2.1 -i tun0 -p tcp -m tcp --dport 3991 -j ACCEPT
--A INPUT -d 255.255.255.255 -i tun0 -p udp -m udp --dport 67:68 -j ACCEPT
+ -A INPUT -d 255.255.255.255 -i tun0 -p udp -m udp --dport 67:68 -j ACCEPT
--A INPUT -d 192.168.2.1 -i tun0 -p udp -m udp --dport 53 -j ACCEPT
+ -A INPUT -d 192.168.2.1 -i tun0 -p udp -m udp --dport 53 -j ACCEPT
--A INPUT -d 192.168.2.1 -i tun0 -j DROP
+ -A INPUT -d 192.168.2.1 -i tun0 -j DROP
--A INPUT -i tun0 -j DROP
+ -A INPUT -i tun0 -j DROP
--A FORWARD -i tun0 -o ! eth0 -j DROP
+ -A FORWARD -i tun0 -o ! eth0 -j DROP
--A FORWARD -o tun0 -j ACCEPT
+ -A FORWARD -o tun0 -j ACCEPT
--A FORWARD -i tun0 -j ACCEPT
+ -A FORWARD -i tun0 -j ACCEPT
--A FORWARD -o eth1 -j DROP
+ -A FORWARD -o eth1 -j DROP
--A FORWARD -i eth1 -j DROP
+ -A FORWARD -i eth1 -j DROP
-COMMIT
+ COMMIT
-# Completed on Sun Aug 10 14:59:34 2008
+ # Completed on Sun Aug 10 14:59:34 2008
 ==Pranala Menarik==
@@ Line 159: / Line 127: @@
 * [[WiFi: HotSpot - CoovaChilli Fitur dan Keterangan Tambahan]]
 * [[WiFi: HotSpot]]
+[[Category: WiFi]]
+[[Category: HotSpot]]
+[[Category: CoovaChilli]]