2006-08-26 07:45:45 +00:00
|
|
|
# WiFiDog Configuration file
|
|
|
|
|
|
|
|
|
|
# Parameter: GatewayID
|
|
|
|
|
# Default: default
|
2008-07-05 13:07:12 +00:00
|
|
|
# Optional
|
2006-08-26 07:45:45 +00:00
|
|
|
#
|
2008-07-05 13:07:12 +00:00
|
|
|
# Set this to the node ID on the auth server
|
|
|
|
|
# this is used to give a customized login page to the clients and for
|
|
|
|
|
# monitoring/statistics purpose
|
|
|
|
|
# If none is supplied, the mac address of the GatewayInterface interface will be used,
|
|
|
|
|
# without the : separators
|
2006-08-26 07:45:45 +00:00
|
|
|
|
|
|
|
|
GatewayID default
|
|
|
|
|
|
|
|
|
|
# Parameter: ExternalInterface
|
|
|
|
|
# Default: NONE
|
|
|
|
|
# Optional
|
|
|
|
|
#
|
2008-07-05 13:07:12 +00:00
|
|
|
# Set this to the external interface (the one going out to the Inernet or your larger LAN).
|
|
|
|
|
# Typically vlan1 for OpenWrt, and eth0 or ppp0 otherwise,
|
|
|
|
|
# Normally autodetected
|
2006-08-26 07:45:45 +00:00
|
|
|
|
|
|
|
|
# ExternalInterface eth0
|
|
|
|
|
|
|
|
|
|
# Parameter: GatewayInterface
|
|
|
|
|
# Default: NONE
|
|
|
|
|
# Mandatory
|
|
|
|
|
#
|
2008-07-05 13:07:12 +00:00
|
|
|
# Set this to the internal interface (typically your wifi interface).
|
|
|
|
|
# Typically br-lan for OpenWrt, and eth1, wlan0, ath0, etc. otherwise
|
2006-08-26 07:45:45 +00:00
|
|
|
|
2007-09-25 18:46:38 +00:00
|
|
|
GatewayInterface br-lan
|
2006-08-26 07:45:45 +00:00
|
|
|
|
|
|
|
|
# Parameter: GatewayAddress
|
|
|
|
|
# Default: Find it from GatewayInterface
|
|
|
|
|
# Optional
|
|
|
|
|
#
|
2008-07-05 13:07:12 +00:00
|
|
|
# Set this to the internal IP address of the gateway. Not normally required.
|
2006-08-26 07:45:45 +00:00
|
|
|
|
|
|
|
|
# GatewayAddress 192.168.1.1
|
|
|
|
|
|
|
|
|
|
# Parameter: AuthServer
|
|
|
|
|
# Default: NONE
|
2008-07-05 13:07:12 +00:00
|
|
|
# Mandatory, repeatable
|
2006-08-26 07:45:45 +00:00
|
|
|
#
|
2008-07-05 13:07:12 +00:00
|
|
|
# This allows you to configure your auth server(s). Each one will be tried in order, untill one responds.
|
|
|
|
|
# Set this to the hostname or IP of your auth server(s), the path where
|
|
|
|
|
# WiFiDog-auth resides in and the port it listens on.
|
2006-08-26 07:45:45 +00:00
|
|
|
#AuthServer {
|
2008-07-05 13:07:12 +00:00
|
|
|
# Hostname (Mandatory; Default: NONE)
|
|
|
|
|
# SSLAvailable (Optional; Default: no; Possible values: yes, no)
|
|
|
|
|
# SSLPort (Optional; Default: 443)
|
|
|
|
|
# HTTPPort (Optional; Default: 80)
|
|
|
|
|
# Path (Optional; Default: /wifidog/ Note: The path must be both prefixed and suffixed by /. Use a single / for server root.)
|
|
|
|
|
# LoginScriptPathFragment (Optional; Default: login/? Note: This is the script the user will be sent to for login.)
|
|
|
|
|
# PortalScriptPathFragment (Optional; Default: portal/? Note: This is the script the user will be sent to after a successfull login.)
|
|
|
|
|
# MsgScriptPathFragment (Optional; Default: gw_message.php? Note: This is the script the user will be sent to upon error to read a readable message.)
|
|
|
|
|
# PingScriptPathFragment (Optional; Default: ping/? Note: This is the script the user will be sent to upon error to read a readable message.)
|
|
|
|
|
# AuthScriptPathFragment (Optional; Default: auth/? Note: This is the script the user will be sent to upon error to read a readable message.)
|
2006-08-26 07:45:45 +00:00
|
|
|
#}
|
|
|
|
|
|
|
|
|
|
#AuthServer {
|
|
|
|
|
# Hostname auth.ilesansfil.org
|
|
|
|
|
# SSLAvailable yes
|
|
|
|
|
# Path /
|
|
|
|
|
#}
|
|
|
|
|
|
|
|
|
|
#AuthServer {
|
|
|
|
|
# Hostname auth2.ilesansfil.org
|
|
|
|
|
# SSLAvailable yes
|
|
|
|
|
# Path /
|
|
|
|
|
#}
|
|
|
|
|
|
|
|
|
|
# Parameter: Daemon
|
|
|
|
|
# Default: 1
|
|
|
|
|
# Optional
|
|
|
|
|
#
|
|
|
|
|
# Set this to true if you want to run as a daemon
|
|
|
|
|
# Daemon 1
|
|
|
|
|
|
|
|
|
|
# Parameter: GatewayPort
|
|
|
|
|
# Default: 2060
|
|
|
|
|
# Optional
|
|
|
|
|
#
|
|
|
|
|
# Listen on this port
|
|
|
|
|
# GatewayPort 2060
|
|
|
|
|
|
|
|
|
|
# Parameter: HTTPDName
|
|
|
|
|
# Default: WiFiDog
|
|
|
|
|
# Optional
|
|
|
|
|
#
|
|
|
|
|
# Define what name the HTTPD server will respond
|
|
|
|
|
# HTTPDName WiFiDog
|
|
|
|
|
|
|
|
|
|
# Parameter: HTTPDMaxConn
|
|
|
|
|
# Default: 10
|
|
|
|
|
# Optional
|
|
|
|
|
#
|
|
|
|
|
# How many sockets to listen to
|
|
|
|
|
# HTTPDMaxConn 10
|
|
|
|
|
|
|
|
|
|
# Parameter: CheckInterval
|
|
|
|
|
# Default: 60
|
|
|
|
|
# Optional
|
|
|
|
|
#
|
2008-07-05 13:07:12 +00:00
|
|
|
# How many seconds should we wait between timeout checks. This is also
|
|
|
|
|
# how often the gateway will ping the auth server and how often it will
|
|
|
|
|
# update the traffic counters on the auth server. Setting this too low
|
|
|
|
|
# wastes bandwidth, setting this too high will cause the gateway to take
|
|
|
|
|
# a long time to switch to it's backup auth server(s).
|
|
|
|
|
|
2006-08-26 07:45:45 +00:00
|
|
|
CheckInterval 60
|
|
|
|
|
|
|
|
|
|
# Parameter: ClientTimeout
|
|
|
|
|
# Default: 5
|
|
|
|
|
# Optional
|
|
|
|
|
#
|
|
|
|
|
# Set this to the desired of number of CheckInterval of inactivity before a client is logged out
|
|
|
|
|
# The timeout will be INTERVAL * TIMEOUT
|
|
|
|
|
ClientTimeout 5
|
|
|
|
|
|
2008-07-05 13:07:12 +00:00
|
|
|
# Parameter: TrustedMACList
|
|
|
|
|
# Default: none
|
|
|
|
|
# Optional
|
|
|
|
|
#
|
|
|
|
|
# Comma separated list of MAC addresses who are allowed to pass
|
|
|
|
|
# through without authentication
|
|
|
|
|
#TrustedMACList 00:00:DE:AD:BE:AF,00:00:C0:1D:F0:0D
|
|
|
|
|
|
2006-08-26 07:45:45 +00:00
|
|
|
# Parameter: FirewallRuleSet
|
|
|
|
|
# Default: none
|
|
|
|
|
# Mandatory
|
|
|
|
|
#
|
|
|
|
|
# Groups a number of FirewallRule statements together.
|
|
|
|
|
|
|
|
|
|
# Parameter: FirewallRule
|
|
|
|
|
# Default: none
|
|
|
|
|
#
|
|
|
|
|
# Define one firewall rule in a rule set.
|
|
|
|
|
|
|
|
|
|
# Rule Set: global
|
|
|
|
|
#
|
|
|
|
|
# Used for rules to be applied to all other rulesets except locked.
|
|
|
|
|
FirewallRuleSet global {
|
2008-07-05 13:07:12 +00:00
|
|
|
## To block SMTP out, as it's a tech support nightmare, and a legal liability
|
|
|
|
|
#FirewallRule block tcp port 25
|
|
|
|
|
|
|
|
|
|
## Use the following if you don't want clients to be able to access machines on
|
|
|
|
|
## the private LAN that gives internet access to wifidog. Note that this is not
|
|
|
|
|
## client isolation; The laptops will still be able to talk to one another, as
|
|
|
|
|
## well as to any machine bridged to the wifi of the router.
|
|
|
|
|
# FirewallRule block to 192.168.0.0/16
|
|
|
|
|
# FirewallRule block to 172.16.0.0/12
|
|
|
|
|
# FirewallRule block to 10.0.0.0/8
|
|
|
|
|
|
|
|
|
|
## This is an example ruleset for the Teliphone service.
|
|
|
|
|
#FirewallRule allow udp to 69.90.89.192/27
|
|
|
|
|
#FirewallRule allow udp to 69.90.85.0/27
|
|
|
|
|
#FirewallRule allow tcp port 80 to 69.90.89.205
|
2006-08-26 07:45:45 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# Rule Set: validating-users
|
|
|
|
|
#
|
|
|
|
|
# Used for new users validating their account
|
|
|
|
|
FirewallRuleSet validating-users {
|
|
|
|
|
FirewallRule allow to 0.0.0.0/0
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# Rule Set: known-users
|
|
|
|
|
#
|
|
|
|
|
# Used for normal validated users.
|
|
|
|
|
FirewallRuleSet known-users {
|
|
|
|
|
FirewallRule allow to 0.0.0.0/0
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# Rule Set: unknown-users
|
|
|
|
|
#
|
|
|
|
|
# Used for unvalidated users, this is the ruleset that gets redirected.
|
|
|
|
|
#
|
|
|
|
|
# XXX The redirect code adds the Default DROP clause.
|
|
|
|
|
FirewallRuleSet unknown-users {
|
|
|
|
|
FirewallRule allow udp port 53
|
|
|
|
|
FirewallRule allow tcp port 53
|
|
|
|
|
FirewallRule allow udp port 67
|
|
|
|
|
FirewallRule allow tcp port 67
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# Rule Set: locked-users
|
|
|
|
|
#
|
2008-07-05 13:07:12 +00:00
|
|
|
# Not currently used
|
2006-08-26 07:45:45 +00:00
|
|
|
FirewallRuleSet locked-users {
|
|
|
|
|
FirewallRule block to 0.0.0.0/0
|
|
|
|
|
}
|
