Chillispot on different machine
Tanya Muluw
tanya.muluw at gmail.com
Fri Sep 19 05:31:42 CEST 2008
Dear all,
I have just install eashyhotspot, a linux captive portal distro based
on Xubuntu, which consist of Chillispot, Freeradius, and billing
application, in a single machine. It's work fine. Now I want to
install another Chillispot in a different Gentoo Linux machine, which
will connect to previously installed Freeradius server.
I have inserted the new Chillispot IP address into Freeradius clients.conf :
client 10.10.48.18 {
secret = easyhotspot
shortname = cafe1
nastype = other
}
I also granted access on freeradius database to chillispot machine (I
have no idea whether it is necessary or not).
Chillispot iptables rules on freeradius machin have also been modified
to open port 1812, 1813,1814 and 3990 (mysql port). For testing
purpose, I have set input policy of iptables rule to ACCEPT.
Iptables rules related to freeradius on freeradius machine :
/bin/echo 1 > /proc/sys/net/ipv4/ip_forward
IPTABLES="/sbin/iptables"
EXTIF="eth0"
INTIF="eth1"
TUN="tun0"
$IPTABLES -P INPUT ACCEPT
$IPTABLES -P FORWARD ACCEPT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
$IPTABLES -A INPUT -i $EXTIF -p tcp -m tcp --dport 22 --syn -j ACCEPT
$IPTABLES -A INPUT -i $EXTIF -p tcp -m tcp --dport 80 --syn -j ACCEPT
$IPTABLES -A INPUT -i $EXTIF -p tcp -m tcp --dport 443 --syn -j ACCEPT
$IPTABLES -A INPUT -i $EXTIF -p tcp -m tcp --dport 3306 --syn -j ACCEPT
$IPTABLES -A INPUT -i $EXTIF -p tcp -m tcp --dport 3390 --syn -j ACCEPT
$IPTABLES -A OUTPUT -o $EXTIF -p tcp -m tcp --dport 3390 --syn -j ACCEPT
$IPTABLES -A INPUT -i $EXTIF -p tcp -m tcp --sport 3306 --syn -j ACCEPT
$IPTABLES -A OUTPUT -o $EXTIF -p tcp -m tcp --dport 3306 --syn -j ACCEPT
$IPTABLES -A INPUT -p tcp -m tcp -i $EXTIF --dport 1812 -j ACCEPT
$IPTABLES -A INPUT -p tcp -m tcp -i $EXTIF --sport 1812 -j ACCEPT
$IPTABLES -A INPUT -p udp -m udp -i $EXTIF --dport 1812 -j ACCEPT
$IPTABLES -A INPUT -p udp -m udp -i $EXTIF --sport 1812 -j ACCEPT
$IPTABLES -A INPUT -p tcp -m tcp -i $EXTIF --dport 1813 -j ACCEPT
$IPTABLES -A INPUT -p tcp -m tcp -i $EXTIF --sport 1813 -j ACCEPT
$IPTABLES -A INPUT -p udp -m udp -i $EXTIF --dport 1813 -j ACCEPT
$IPTABLES -A INPUT -p udp -m udp -i $EXTIF --sport 1813 -j ACCEPT
$IPTABLES -A INPUT -p tcp -m tcp -i $EXTIF --dport 1814 -j ACCEPT
$IPTABLES -A INPUT -p tcp -m tcp -i $EXTIF --sport 1814 -j ACCEPT
$IPTABLES -A INPUT -p udp -m udp -i $EXTIF --dport 1814 -j ACCEPT
$IPTABLES -A INPUT -p udp -m udp -i $EXTIF --sport 1814 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp -m tcp -o $EXTIF --dport 1812 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp -m tcp -o $EXTIF --sport 1812 -j ACCEPT
$IPTABLES -A OUTPUT -p udp -m udp -o $EXTIF --dport 1812 -j ACCEPT
$IPTABLES -A OUTPUT -p udp -m udp -o $EXTIF --sport 1812 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp -m tcp -o $EXTIF --dport 1813 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp -m tcp -o $EXTIF --sport 1813 -j ACCEPT
$IPTABLES -A OUTPUT -p udp -m udp -o $EXTIF --dport 1813 -j ACCEPT
$IPTABLES -A OUTPUT -p udp -m udp -o $EXTIF --sport 1813 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp -m tcp -o $EXTIF --dport 1814 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp -m tcp -o $EXTIF --sport 1814 -j ACCEPT
$IPTABLES -A OUTPUT -p udp -m udp -o $EXTIF --dport 1814 -j ACCEPT
$IPTABLES -A OUTPUT -p udp -m udp -o $EXTIF --sport 1814 -j ACCEPT
====
Iptables rules related to freeradius on other chillispot machine :
-A INPUT -i eth0 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -i eth1 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i tun0 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 3306 -j ACCEPT
-A INPUT -i eth1 -p tcp -m tcp --dport 3990 -j ACCEPT
-A INPUT -i lo -p tcp -m tcp --dport 3990 -j ACCEPT
-A OUTPUT -o eth1 -p tcp -m tcp --dport 3990 -j ACCEPT
-A INPUT -i tun0 -p tcp -m tcp --dport 3990 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 3306 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --dport 3306 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp -i eth1 --dport 1812 -j ACCEPT
-A INPUT -p tcp -m tcp -i eth1 --sport 1812 -j ACCEPT
-A INPUT -p udp -m udp -i eth1 --dport 1812 -j ACCEPT
-A INPUT -p udp -m udp -i eth1 --sport 1812 -j ACCEPT
-A INPUT -p tcp -m tcp -i eth1 --dport 1813 -j ACCEPT
-A INPUT -p tcp -m tcp -i eth1 --sport 1813 -j ACCEPT
-A INPUT -p udp -m udp -i eth1 --dport 1813 -j ACCEPT
-A INPUT -p udp -m udp -i eth1 --sport 1813 -j ACCEPT
-A INPUT -p tcp -m tcp -i eth1 --dport 1814 -j ACCEPT
-A INPUT -p tcp -m tcp -i eth1 --sport 1814 -j ACCEPT
-A INPUT -p udp -m udp -i eth1 --dport 1814 -j ACCEPT
-A INPUT -p udp -m udp -i eth1 --sport 1814 -j ACCEPT
-A OUTPUT -p tcp -m tcp -o eth1 --dport 1812 -j ACCEPT
-A OUTPUT -p tcp -m tcp -o eth1 --sport 1812 -j ACCEPT
-A OUTPUT -p udp -m udp -o eth1 --dport 1812 -j ACCEPT
-A OUTPUT -p udp -m udp -o eth1 --sport 1812 -j ACCEPT
-A OUTPUT -p tcp -m tcp -o eth1 --dport 1813 -j ACCEPT
-A OUTPUT -p tcp -m tcp -o eth1 --sport 1813 -j ACCEPT
-A OUTPUT -p udp -m udp -o eth1 --dport 1813 -j ACCEPT
-A OUTPUT -p udp -m udp -o eth1 --sport 1813 -j ACCEPT
-A OUTPUT -p tcp -m tcp -o eth1 --dport 1814 -j ACCEPT
-A OUTPUT -p tcp -m tcp -o eth1 --sport 1814 -j ACCEPT
-A OUTPUT -p udp -m udp -o eth1 --dport 1814 -j ACCEPT
-A OUTPUT -p udp -m udp -o eth1 --sport 1814 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -s 10.10.48.33 -d 127.0.0.1 -j ACCEPT # from freeradius machine
===
When I test the chillispot by connecting to the Internet, login page
was appear, but login was always failed.
I tried freeradius debugging and didn't see any request from the other machine.
In chillispot linux log, I got :
chillispot[8069]: redir.c: 1046: Radius request timed out
Please someone help me for the solusion.
Thank you in advance, and sorry for my bad English
Best Regards
More information about the Freeradius-Users
mailing list