Your Ad Here
 
Questions ? info@easylivecd.com

EasyLiveCD.com
LiveCD Software Solutions
Linux LiveCD Router new
Download free
Router Firewall PRO new
Hotspot Server
VoIP Server
Samba File Server
Search Server
Documentation
Admin Book
VoIP Book
Printed Books
Questions ?
info@easylivecd.com
Hardware
WiFi
Firewall
VoIP
IP Camera
News
VoIP
Linux Router
Hotspot
WiFi Blog
VoIP forum
Linux forums
Tutorials new
WiFi.com.ar


Languages
Google Translations
GE IT FR CN PT JA KO AR
Write to us info@easylivecd.com

Documentation Index 
Linux LiveCD Router - HotSpot

Sesame Splash Screen Dynamic Firewall Authentication
====================================================


Before you configure sesame wifi, make sure that you configured and started 
the shorewall firewall. Sesame expects the firewall to use the loc2net 
chain (by default)


Configuration
-------------

Configure /usr/local/sesame/lib/sesame.py with
iface="wlan0" (for a wlan0 connected directly to cdrouter)
or
iface="eth1" (for a wlan0 connected through eth1 to cdrouter)

If you need to change the name of the firewall chain (default loc2net)
edit the file /usr/local/sesame/lib/sesame.py


To use splash login page redirection add this to your shorewall config

#
# Splash login web redirection for sesame wifi
#
#DNAT    loc2      fw:192.168.1.1    tcp     80


And uncomment the following lines at /usr/local/sesame/lib/sesame.py

#os.popen(iptables+" -t nat -F loc2_dnat " ,"r")
#os.popen(iptables+" -t nat -I loc2_dnat -p tcp --dport 80 -j DNAT --to 192.168.1.1
#os.popen(iptables+" -t nat -I loc2_dnat -s "+macip[1]+' -j RETURN',"r")


For autologout of users upon inactivity uncomment this line at
/usr/spoool/cron/crontabs/root
#0-58/2  * * * * root if [ -x '/opt/sesame/bin/autologout' ]; then ..






Usage
-----

The Splash screen is reachable from the URL http://cdrouter/sesame
(the html is fully configurable with your logo and information, 
from /var/www/htdocs/sesame). If you configured redirection this 
page is displayed all the time until the user logs in, even if 
the user enters another URL.


To add a "fixed" user (such as a monthly user) use the command 
/usr/local/sesame/bin/edit-sesame
You need to provide username, password, ip and MAC address. E-mail 
and mailing address are optional.

To add a ticket user (with a fixed time limit), use the command
/usr/local/sesame/bin/new-ticket

To check the status of the firewall rules use the command
/usr/local/sesame/bin/dump.fw
or
iptables -t filter -L loc2net -n


The Splash screen is reachable from the URL http://cdrouter/sesame
(the html is fully configurable with your logo and information, 
from /var/www/htdocs/sesame)

Once authenticated, the program will open the firewall for the IP and MAC 
address of the authenticated user. The firewall will close after 5 minutes 
of inactivity.



Intended Audience

This HOWTO assumes that readers possess a prior understanding of basic 
networking concepts such as IP addresses, DNS names, netmasks, subnets, 
IP routing, routers, network interfaces, LANs, gateways, and firewall 
rules.
Or point your local network admin to this howto for configuration


For Additional help and configuration contact us at info@wifi.com.ar



Documentation Index



Products and Services Linux LiveCD Router (Free Download) | Download | Router PRO | Hotspot Server | Media Player | Samba File Server | VoIP Server | IP Camera Server | CDRouter Admin Manual | VoIP Server Book | Printed Book Format | Online Documentation |
Noticias Noticias WIFI News | Linux Router | VoIP | Hotspot new | Linux and WIFI Forums | ba.net



Contact us info@easylivecd.com
© EasyLiveCD.com, FonoSIP.com, WiFi.com.ar, BA.NET
>