Re: Need advice on Debian Hotspot

Thu, 15 Sep 2005 15:29:10 -0700

Just about the initial redirection of the users, it seems that the best (cause its free!) the that NoCat thing. I just looked into their webpage and its seams it takes care exactly of that redirection you mention. Apparently, you can even require some form of authentication. Other than that all I know is closed-box solutions at prices $7,000+.
I worked on a project where something like what you say was intended about 3 years ago, if only there was this NoCat thing around.... 

Antonio

Alejandro Bonilla wrote:

Greetings,

I want to set up a local wifi hotspot. I've got a decent
cable internet
connection to feed it, a small switch to connect everything,
the access
points, cabling, and I've just purchased an inexpensive box
to use as the
server for the whole project. Naturally, I want to use Debian for the
server OS, because of apt's ease of management.



This is what I do.

eth0 is WAN and eth1 is LAN.
This works like a charm.
Just put it in /etc/init.d/whatever
cd /etc/init.d/
update-rc.d whatever defaults

TADAA!!

#!/bin/sh
iptables -F; iptables -t nat -F; iptables -t mangle -F
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m state --state NEW -i ! eth0 -j ACCEPT
iptables -P INPUT DROP

iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT

iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
iptables -A INPUT -p udp -m udp --dport 80 -j ACCEPT

iptables -A INPUT -p tcp -m tcp --dport 113 -j ACCEPT
iptables -A INPUT -p udp -m udp --dport 113 -j ACCEPT

iptables -A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
iptables -A INPUT -p udp -m udp --dport 21 -j ACCEPT

iptables -A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
iptables -A INPUT -p udp -m udp --dport 25 -j ACCEPT

iptables -A INPUT -p tcp -m tcp --dport 1194 -j ACCEPT
iptables -A INPUT -p udp -m udp --dport 1194 -j ACCEPT

iptables -A INPUT -p tcp -m tcp --dport 110 -j ACCEPT
iptables -A INPUT -p udp -m udp --dport 110 -j ACCEPT

iptables -A INPUT -p tcp -m tcp --dport 8000 -j ACCEPT
iptables -A INPUT -p udp -m udp --dport 8000 -j ACCEPT

iptables -A INPUT -p tcp -m tcp --dport 8001 -j ACCEPT
iptables -A INPUT -p udp -m udp --dport 8001 -j ACCEPT



then set the DHCP to have knowledge of the both networks.
dhcpd
subnet 192.168.0.0 netmask 255.255.255.0 {
  range 192.168.0.10 192.168.0.30;
  option broadcast-address 192.168.0.30;
  option domain-name "dns.domain.nameHere";
  option domain-name-servers your.dns.isp.address;
  option routers 192.168.0.1;
}

# The other subnet that shares this physical network (eth0?)
 subnet your.network.here.0 netmask 255.255.255.0 {
  option broadcast-address your.broad.add.here;
  option routers your.defaul.gateway.here;
}


Set the stuff under /etc/networking/interfaces

dammed, I spoiled the fun of this.

(I DUNNO HOW TO MAKE THE USERS TO GO INTO A HTTP BEFORE USING ANYTHIGN ELSE
BEFORE. HOW IS THAT?)

.Alejandro




--
António Rafael C. Paiva

Graduate student
Computational NeuroEngineering Laboratory
Electrical & Computer Engineering Department
University of Florida
Gainesville, FL 32611


--

To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
















    











					Reply via email to