root/wifidog/wifidog-1.1.3_beta4/wifidog.conf

# $Id: wifidog.conf 935 2006-02-01 03:22:04Z benoitg $
# WiFiDog Configuration file

# Parameter: GatewayID
# Default: default
# Optional but essential for monitoring purposes
#
# Set this to the template ID on the auth server
# this is used to give a customized login page to the clients
# If none is supplied, the mac address of the GW interface will be used,
# without the : separators

# GatewayID default
#GatewayID Syrus

# Parameter: ExternalInterface
# Default: NONE
# Optional
#
# Set this to the external interface.  Typically vlan1 for OpenWrt, and eth0 or ppp0 otherwise

ExternalInterface vlan1

# Parameter: GatewayInterface
# Default: NONE
# Mandatory
#
# Set this to the internal interface.    Typically br0 for OpenWrt, and eth1 otherwise

GatewayInterface eth0
#GatewayInterface wds0.49153
# Proprietary of the node (enrolled nickname on the auth server)

Proprietary Syrus 

Network mplwireless

Lat
Lon 

TinyproxyPort 8888

# Parameter: GatewayAddress
# Default: Find it from GatewayInterface
# Optional
#
# Set this to the internal IP address of the gateway

# GatewayAddress 192.168.1.1

# Parameter: AuthServer
# Default: NONE
# Mandatory, repeatable
#
# This allows you to configure your auth server(s).  Each one will be tried in order, untill one responds.
# Set this to the hostname or IP of your auth server(s), the path where
# WiFiDog-auth resides in and the port it listens on.
#AuthServer {
#       Hostname      (Mandatory; Default: NONE)
#       SSLAvailable  (Optional; Default: no; Possible values: yes, no)
#       SSLPort 443   (Optional; Default: 443)
#       HTTPPort 80   (Optional; Default: 80)
#       Path wifidog/ (Optional; Default: /wifidog/ Note:  The path must be both prefixed and suffixed by /.  Use a single / for server root.)
#}

AuthServer {
    Hostname auth.wireless-fr.org
    SSLAvailable yes
    Path /
}

# Parameter: Portal
# Default: none
# Optional
#
# Set this to a URL for your portal, if you run without an auth server
# Portal http://www.wireless-fr.org/

# Parameter: Daemon
# Default: 1
# Optional
#
# Set this to true if you want to run as a daemon
# Daemon 1

# Parameter: GatewayPort
# Default: 2060
# Optional
#
# Listen on this port
# GatewayPort 2060

# Parameter: HTTPDName
# Default: WiFiDog
# Optional
#
# Define what name the HTTPD server will respond
# HTTPDName WiFiDog

# Parameter: HTTPDMaxConn
# Default: 10
# Optional
#
# How many sockets to listen to
# HTTPDMaxConn 10

# Parameter: CheckInterval
# Default: 60
# Optional
#
# How many seconds should we wait between timeout checks
CheckInterval 600

# Parameter: ClientTimeout
# Default: 5
# Optional
#
# Set this to the desired of number of CheckInterval of inactivity before a client is logged out
# The timeout will be INTERVAL * TIMEOUT
ClientTimeout 1

# Parameter: TrustedMACList
# Default: none
# Optional
#
# Comma separated list of MAC addresses who are allowed to pass
# through without authentication
#TrustedMACList 00:00:DE:AD:BE:AF,00:00:C0:1D:F0:0D
# TrustedMACList 00:13:CE:D2:D7:56

# Parameter: FirewallRuleSet
# Default: none
# Mandatory
#
# Groups a number of FirewallRule statements together.

# Parameter: FirewallRule
# Default: none
# 
# Define one firewall rule in a rule set.

# Rule Set: global
# 
# Used for rules to be applied to all other rulesets except locked.
# This is the default config for the Teliphone service.
FirewallRuleSet global {
    # SIP pour Freephonie 
    FirewallRule allow udp to 212.27.52.5
    # SIP pour wengo
    FirewallRule allow udp to 213.91.9.210
    # SIP pour phonesystems
    FirewallRule allow udp to 213.11.62.39
    FirewallRule allow udp to 62.39.136.151
    #
    # Web vers montpellier-wireless.com
    FirewallRule allow tcp port 80 to 80.245.57.3
    # FirewallRule allow to 10.34.0.0/16
    # NMNS
    FirewallRule allow to 213.251.186.125
    FirewallRule allow to 10.0.0.0/8
}

# Rule Set: validating-users
#
# Used for new users validating their account
FirewallRuleSet validating-users {
FirewallRule allow tcp port 22
FirewallRule allow udp port 67
FirewallRule allow tcp port 67
FirewallRule allow udp port 53
FirewallRule allow tcp port 53
FirewallRule allow tcp port 80
FirewallRule allow tcp port 110
FirewallRule allow tcp port 995
FirewallRule allow tcp port 143
FirewallRule allow tcp port 993
FirewallRule allow tcp port 220
FirewallRule allow tcp port 443
FirewallRule block to 0.0.0.0/0
}

# Rule Set: known-users
#
# Used for normal validated users.
FirewallRuleSet known-users {
FirewallRule allow udp port 67
FirewallRule allow tcp port 67
FirewallRule allow udp port 53
FirewallRule allow tcp port 53
FirewallRule allow tcp port 80
FirewallRule allow tcp port 110
FirewallRule allow tcp port 995
FirewallRule allow tcp port 143
FirewallRule allow tcp port 993
FirewallRule allow tcp port 220
FirewallRule allow tcp port 443
FirewallRule allow tcp port 6667
# Skype
FirewallRule allow tcp port 1468
FirewallRule allow tcp port 22
FirewallRule allow tcp port 5222
FirewallRule allow tcp port 5223
FirewallRule allow tcp port 1863
FirewallRule allow udp port 1863
FirewallRule allow udp port 4000
FirewallRule allow tcp port 4000
FirewallRule allow tcp port 7000
FirewallRule block to 0.0.0.0/0
}

# Rule Set: member-users
#
# Used for member validated users.
FirewallRuleSet member-users {
FirewallRule allow to 0.0.0.0/0
}



# Rule Set: unknown-users
#
# Used for unvalidated users, this is the ruleset that gets redirected.
#
# XXX The redirect code adds the Default DROP clause.
FirewallRuleSet unknown-users {
    FirewallRule allow udp port 53
    FirewallRule allow tcp port 53
    FirewallRule allow udp port 67
    FirewallRule allow tcp port 67
}

# Rule Set: locked-users
#
# Used for users that have been locked out.
FirewallRuleSet locked-users {
    FirewallRule block to 0.0.0.0/0
}