chilli.conf
radiusserver1 radius01.fon.com
radiusserver2 radius02.fon.com
radiussecret garrafon
uamsecret garrafon
uamanydns
uamallowed 192.168.10.1,192.168.0.0/24,192.168.182.0/24 <------加入local interface
uamallowed www.martinvarsavsky.net,www.google.com,www.flickr.com,static.flickr.com,video.google.com,216.239.51.0/24,66.249.81.0/24
uamallowed www.fon.com,www.paypal.com,www.paypalobjects.com,www.skype.com,66.249.93.0/24,72.14.207.0/24,72.14.209.0/24,84.96.67.0/24,213.91.9.0/24,80.118.994uamallowed shop.fon.co.kr,secure.nuguya.com,inilite.inicis.com,fon-en.custhelp.com,maps.fon.com,c20.statcounter.com
uamserver https://login.fon.com/cp/index.php
chilli.fonera
DEV="fon0" <------FON AP interface的名稱
NET="192.168.182.0/24" <------FON AP 擁有的網段
MAC="00:60:B3:F3:50:C9" <------FON AP mac address
NAS="00-60-B3-F3-50-C9" <------使用FON AP mac address 做為Radius NAS ID
PID_FILE="/var/run/chilli.pid"
DNS1="168.95.1.1"
DNS2="168.95.192.1"
wlanconfig fon0 create wlandev wifi0 wlanmode ap <------建立新的wireless ap做為FON AP
iwconfig $DEV essid "FON_AP"
ifconfig $DEV hw ether $MAC <------更改mac address
ifconfig $DEV 192.168.10.1 netmask 255.255.255.0
iptables -P FORWARD DROP <------預設forward polacy為drop
iptables -A FORWARD -m state --state INVALID -j DROP
iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtuiptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -s $NET -j ACCEPT <------允許由tun+ interface forwarding
iptables -A FORWARD -i br0 -j ACCEPT <------允許local lan forwarding
./chilli -c chilli.conf --net=$NET --dhcpif=$DEV --lease=600 --dns1=$DNS1 --dns2=$DNS2 --radiusnasid=$NAS --pidfile=$PID_FILE
修正一個問題.在偶的platform上,當chilli停止後,tunX device並沒有被摧毀,下次執行chilli時又會產生新的tunX.
--- tun.old.c 2007-01-03 17:32:31.000000000 +0800
+++ tun.c 2007-01-03 17:22:39.000000000 +0800
@@ -687,6 +687,8 @@
strncpy((*tun)->devname, ifr.ifr_name, IFNAMSIZ);
(*tun)->devname[IFNAMSIZ] = 0;
+ ioctl((*tun)->fd, TUNSETPERSIST, 0); /*Disable persist to destroy device when closed*/
+
ioctl((*tun)->fd, TUNSETNOCSUM, 1); /* Disable checksums */
return 0;
沒有留言:
張貼留言