Navigation

← Previous Changeset
Next Changeset →

Changeset 139

Timestamp:

12/19/06 00:07:42 (2 years ago)

Author:

florida

Message:

Files:

wifidog/wifidog-1.1.3_beta4/scripts/openwrt/S65wifidog (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

wifidog/wifidog-1.1.3_beta4/scripts/openwrt/S65wifidog

r138	r139
1	1	#!/bin/sh
2		/usr/bin/wifidog-init start
	2	#
	3	# Could be better, but it's working as expected
	4	#
	5	#
	6	#
	7	# chkconfig: 345 65 35
	8	#
	9	# description: Startup/shutdown script for Wifidog captive portal
	10	# processname: wifidog
	11
	12	# Date : 2004-08-25
	13	# Version : 1.0
	14
	15	IPT=/usr/sbin/iptables
	16	WD_DIR=/usr/bin
	17	OPTIONS="-c /var/etc/wifidog.conf"
	18	long=$(echo $(nvram get ff_adm_gps) \| sed -e "s/$.+$;$.+$/\1/")
	19	lat=$(echo $(nvram get ff_adm_gps) \| sed -e "s/$.+$;$.+$/\2/")
	20
	21	write_config() {
	22	cat > /var/etc/wifidog.conf<<EOF
	23	# $Id: wifidog.conf 935 2006-02-01 03:22:04Z benoitg $
	24	# WiFiDog Configuration file
	25
	26	# Parameter: GatewayID
	27	# Default: default
	28	# Optional but essential for monitoring purposes
	29	#
	30	# Set this to the template ID on the auth server
	31	# this is used to give a customized login page to the clients
	32	# If none is supplied, the mac address of the GW interface will be used,
	33	# without the : separators
	34
	35	# GatewayID default
	36
	37	# Parameter: ExternalInterface
	38	# Default: NONE
	39	# Optional
	40	#
	41	# Set this to the external interface. Typically vlan1 for OpenWrt, and eth0 or ppp0 otherwise
	42
	43	ExternalInterface vlan1
	44
	45	# Parameter: GatewayInterface
	46	# Default: NONE
	47	# Mandatory
	48	#
	49	# Set this to the internal interface. Typically br0 for OpenWrt, and eth1 otherwise
	50
	51	GatewayInterface eth1
	52
	53	# Proprietary of the node (enrolled nickname on the auth server)
	54	# Only used in France Wireless wifidog.ipkg
	55	# (don't use this parameter otherwise)
	56	Proprietary $(nvram get ff_adm_nick)
	57
	58	Network $(nvram get ff_adm_network)
	59
	60	Lat $lat
	61	Lon $long
	62
	63	TinyproxyPort 8888
	64
	65	# Parameter: GatewayAddress
	66	# Default: Find it from GatewayInterface
	67	# Optional
	68	#
	69	# Set this to the internal IP address of the gateway
	70
	71	# GatewayAddress 192.168.1.1
	72
	73	# Parameter: AuthServer
	74	# Default: NONE
	75	# Mandatory, repeatable
	76	#
	77	# This allows you to configure your auth server(s). Each one will be tried in order, untill one responds.
	78	# Set this to the hostname or IP of your auth server(s), the path where
	79	# WiFiDog-auth resides in and the port it listens on.
	80	#AuthServer {
	81	# Hostname (Mandatory; Default: NONE)
	82	# SSLAvailable (Optional; Default: no; Possible values: yes, no)
	83	# SSLPort 443 (Optional; Default: 443)
	84	# HTTPPort 80 (Optional; Default: 80)
	85	# Path wifidog/ (Optional; Default: /wifidog/ Note: The path must be both prefixed and suffixed by /. Use a single / for server root.)
	86	#}
	87
	88	AuthServer {
	89	Hostname auth.wireless-fr.org
	90	SSLAvailable yes
	91	Path /
	92	}
	93
	94	AuthServer {
	95	Hostname auth2.wireless-fr.org
	96	SSLAvailable yes
	97	Path /
	98	}
	99
	100	AuthServer {
	101	Hostname auth3.wireless-fr.org
	102	SSLAvailable yes
	103	Path /
	104	}
	105
	106	# Parameter: Portal
	107	# Default: none
	108	# Optional
	109	#
	110	# Set this to a URL for your portal, if you run without an auth server
	111	# Portal http://www.wireless-fr.org/
	112
	113	# Parameter: Daemon
	114	# Default: 1
	115	# Optional
	116	#
	117	# Set this to true if you want to run as a daemon
	118	# Daemon 1
	119
	120	# Parameter: GatewayPort
	121	# Default: 2060
	122	# Optional
	123	#
	124	# Listen on this port
	125	# GatewayPort 2060
	126
	127	# Parameter: HTTPDName
	128	# Default: WiFiDog
	129	# Optional
	130	#
	131	# Define what name the HTTPD server will respond
	132	# HTTPDName WiFiDog
	133
	134	# Parameter: HTTPDMaxConn
	135	# Default: 10
	136	# Optional
	137	#
	138	# How many sockets to listen to
	139	# HTTPDMaxConn 10
	140
	141	# Parameter: CheckInterval
	142	# Default: 60
	143	# Optional
	144	#
	145	# How many seconds should we wait between timeout checks
	146	CheckInterval 600
	147
	148	# Parameter: ClientTimeout
	149	# Default: 5
	150	# Optional
	151	#
	152	# Set this to the desired of number of CheckInterval of inactivity before a client is logged out
	153	# The timeout will be INTERVAL * TIMEOUT
	154	ClientTimeout 1
	155
	156	# ParamÃštre: TrustedMACList
	157	# DÃ©faut: none
	158	# Optionnel
	159	#
	160	# Liste d'adresse MAC (sÃ©parÃ©es par une virgule) autorisÃ©es Ã passer
	161	# Ã travers le portail captif sans authentification
	162	#TrustedMACList 00:00:DE:AD:BE:AF,00:00:C0:1D:F0:0D
	163
	164	# Parameter: FirewallRuleSet
	165	# Default: none
	166	# Mandatory
	167	#
	168	# Groups a number of FirewallRule statements together.
	169
	170	# Parameter: FirewallRule
	171	# Default: none
	172	#
	173	# Define one firewall rule in a rule set.
	174
	175	# Rule Set: global
	176	#
	177	# Used for rules to be applied to all other rulesets except locked.
	178	# This is the default config for the Teliphone service.
	179	# TODO add Here some VOIP Service like freephonie or Neuftalk
	180	FirewallRuleSet global {
	181	FirewallRule allow udp to 69.90.89.192/27
	182	FirewallRule allow udp to 69.90.85.0/27
	183	# Web access to www.wireless-fr.org and forum/dev
	184	FirewallRule allow tcp port 80 to 62.4.78.167
	185	FirewallRule allow tcp port 80 to 217.71.208.153
	186	#
	187	# VOIP Providers
	188	#
	189	# Phonesystems
	190	#
	191	FirewallRule allow udp to 213.11.62.39
	192	FirewallRule allow udp to 62.39.136.151
	193	#
	194	# Freephonie
	195	#
	196	FirewallRule allow udp to 212.27.52.5
	197	#
	198	# Wengo
	199	#
	200	FirewallRule allow udp to 213.91.9.210
	201	#
	202	# No auth on our Network
	203	#
	204	FirewallRule allow to 10.0.0.0/8
	205	}
	206
	207	# Rule Set: validating-users
	208	#
	209	# Used for new users validating their account
	210	FirewallRuleSet validating-users {
	211	FirewallRule allow udp port 67
	212	FirewallRule allow tcp port 67
	213	FirewallRule allow udp port 53
	214	FirewallRule allow tcp port 53
	215	FirewallRule allow tcp port 80
	216	FirewallRule allow tcp port 110
	217	FirewallRule allow tcp port 995
	218	FirewallRule allow tcp port 143
	219	FirewallRule allow tcp port 993
	220	FirewallRule allow tcp port 220
	221	FirewallRule allow tcp port 443
	222	FirewallRule block to 0.0.0.0/0
	223	}
	224
	225	# Rule Set: known-users
	226	#
	227	# Used for normal validated users.
	228	FirewallRuleSet known-users {
	229	FirewallRule allow udp port 67
	230	FirewallRule allow tcp port 67
	231	FirewallRule allow udp port 53
	232	FirewallRule allow tcp port 53
	233	FirewallRule allow tcp port 80
	234	FirewallRule allow tcp port 110
	235	FirewallRule allow tcp port 995
	236	FirewallRule allow tcp port 143
	237	FirewallRule allow tcp port 993
	238	FirewallRule allow tcp port 220
	239	FirewallRule allow tcp port 443
	240	# IRC
	241	FirewallRule allow tcp port 6667
	242	# Skype
	243	FirewallRule allow tcp port 1468
	244	# SSH
	245	FirewallRule allow tcp port 22
	246	#
	247	FirewallRule allow tcp port 5222
	248	FirewallRule allow tcp port 5223
	249	# MSN
	250	FirewallRule allow tcp port 1863
	251	FirewallRule allow udp port 1863
	252	# Jabber
	253	FirewallRule allow udp port 4000
	254	FirewallRule allow tcp port 4000
	255	FirewallRule allow tcp port 7000
	256	FirewallRule block to 0.0.0.0/0
	257	}
	258
	259	# Rule Set: unknown-users
	260	#
	261	# Used for unvalidated users, this is the ruleset that gets redirected.
	262	#
	263	# XXX The redirect code adds the Default DROP clause.
	264	FirewallRuleSet unknown-users {
	265	FirewallRule allow udp port 53
	266	FirewallRule allow tcp port 53
	267	FirewallRule allow udp port 67
	268	FirewallRule allow tcp port 67
	269	}
	270
	271	# Rule Set: locked-users
	272	#
	273	# Used for users that have been locked out.
	274	FirewallRuleSet locked-users {
	275	FirewallRule block to 0.0.0.0/0
	276	}
	277	EOF
	278	}
	279
	280
	281	case "$1" in
	282	start)
	283	# Compatibility with openwrt
	284	ln -sf /var/etc/wifidog.conf /tmp/wifidog.conf
	285	rm -f /var/etc/wifidog.conf
	286	write_config
	287	echo "Starting Wifidog ... "
	288	if $WD_DIR/wdctl status 2> /dev/null
	289	then
	290	echo "FAILED: Wifidog already running"
	291	else
	292	$0 test-module
	293	if $WD_DIR/wifidog $OPTIONS
	294	then
	295	echo "OK"
	296	else
	297	echo "FAILED: Wifidog exited with non 0 status"
	298	fi
	299	fi
	300	;;
	301	restart)
	302	$0 stop
	303	sleep 2
	304	$0 start
	305	;;
	306	reload)
	307	$0 stop
	308	sleep 2
	309	$0 start
	310	;;
	311	stop)
	312	echo "Stopping Wifidog ... "
	313	if $WD_DIR/wdctl status 2> /dev/null
	314	then
	315	if $WD_DIR/wdctl stop
	316	then
	317	echo "OK"
	318	else
	319	echo "FAILED: wdctl stop exited with non 0 status"
	320	fi
	321
	322	else
	323	echo "FAILED: Wifidog was not running"
	324	fi
	325	;;
	326	status)
	327	$WD_DIR/wdctl status
	328	;;
	329	debug\|test-module)
	330
	331	### Test ipt_mark with iptables
	332	test_ipt_mark () {
	333	IPTABLES_OK=$($IPT -A FORWARD -m mark --mark 2 -j ACCEPT 2>&1 \| grep "No chain.target.match")
	334	if [ -z "$IPTABLES_OK" ]; then
	335	$IPT -D FORWARD -m mark --mark 2 -j ACCEPT 2>&1
	336	echo 1
	337	else
	338	echo 0
	339	fi
	340	}
	341	### Test ipt_mac with iptables
	342	test_ipt_mac () {
	343	IPTABLES_OK=$($IPT -A INPUT -m mac --mac-source 00:00:00:00:00:00 -j ACCEPT 2>&1 \| grep "No chain.target.match")
	344	if [ -z "$IPTABLES_OK" ]; then
	345	$IPT -D INPUT -m mac --mac-source 00:00:00:00:00:00 -j ACCEPT 2>&1
	346	echo 1
	347	else
	348	echo 0
	349	fi
	350	}
	351
	352	### Test ipt_REDIRECT with iptables
	353	test_ipt_REDIRECT () {
	354	IPTABLES_OK=$($IPT -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 2060 2>&1 \| grep "No chain.target.match")
	355	if [ -z "$IPTABLES_OK" ]; then
	356	$IPT -t nat -D PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 2060 2>&1
	357	echo 1
	358	else
	359	echo 0
	360	fi
	361	}
	362
	363	### Find a module on disk
	364	module_exists () {
	365	echo " Looking for a module on disk"
	366	EXIST=$(find /lib/modules/`uname -r` -name $1.*o 2>/dev/null)
	367	if [ -n "$EXIST" ]; then
	368	echo 1
	369	else
	370	echo 0
	371	fi
	372	}
	373
	374	### Test if a module is in memory
	375	module_in_memory () {
	376	MODULE=$(lsmod \| grep $1 \| awk '{print $1}')
	377	if [ "$MODULE" = "$1" ]; then
	378	echo 1
	379	else
	380	echo 0
	381	fi
	382	}
	383
	384	echo "Testing for iptables modules"
	385
	386	echo " Testing ipt_mac"
	387	TEST_IPT_MAC=$(test_ipt_mac)
	388	if [ "$TEST_IPT_MAC" = "0" ]; then
	389	echo " iptables is not working with ipt_mac"
	390	echo " Scanning disk for ipt_mac module"
	391	TEST_IPT_MAC_MODULE_EXISTS=$(module_exists "ipt_mac")
	392	if [ "$TEST_IPT_MAC_MODULE_EXISTS" = "0" ]; then
	393	echo " ipt_mac module is missing, please install it (kernel or module)"
	394	exit
	395	else
	396	echo " ipt_mac module exists, trying to load"
	397	insmod ipt_mac > /dev/null
	398	TEST_IPT_MAC_MODULE_MEMORY=$(module_in_memory "ipt_mac")
	399	if [ "$TEST_IPT_MAC_MODULE_MEMORY" = "0" ]; then
	400	echo " Error: ipt_mac not loaded"
	401	exit
	402	else
	403	echo " ipt_mac loaded sucessfully"
	404	fi
	405	fi
	406	else
	407	echo " ipt_mac module is working"
	408	fi
	409
	410	echo " Testing ipt_mark"
	411	TEST_IPT_MARK=$(test_ipt_mark)
	412	if [ "$TEST_IPT_MARK" = "0" ]; then
	413	echo " iptables is not working with ipt_mark"
	414	echo " Scanning disk for ipt_mark module"
	415	TEST_IPT_MARK_MODULE_EXISTS=$(module_exists "ipt_mark")
	416	if [ "$TEST_IPT_MARK_MODULE_EXISTS" = "0" ]; then
	417	echo " iptables ipt_mark module missing, please install it (kernel or module)"
	418	exit
	419	else
	420	echo " ipt_mark module exists, trying to load"
	421	insmod ipt_mark
	422	TEST_IPT_MARK_MODULE_MEMORY=$(module_in_memory "ipt_mark")
	423	if [ "$TEST_IPT_MARK_MODULE_MEMORY" = "0" ]; then
	424	echo " Error: ipt_mark not loaded"
	425	exit
	426	else
	427	echo " ipt_mark loaded sucessfully"
	428	fi
	429	fi
	430	else
	431	echo " ipt_mark module is working"
	432	fi
	433
	434	echo " Testing ipt_REDIRECT"
	435	TEST_IPT_MAC=$(test_ipt_REDIRECT)
	436	if [ "$TEST_IPT_MAC" = "0" ]; then
	437	echo " iptables is not working with ipt_REDIRECT"
	438	echo " Scanning disk for ipt_REDIRECT module"
	439	TEST_IPT_MAC_MODULE_EXISTS=$(module_exists "ipt_REDIRECT")
	440	if [ "$TEST_IPT_MAC_MODULE_EXISTS" = "0" ]; then
	441	echo " ipt_REDIRECT module is missing, please install it (kernel or module)"
	442	exit
	443	else
	444	echo " ipt_REDIRECT module exists, trying to load"
	445	insmod ipt_REDIRECT > /dev/null
	446	TEST_IPT_MAC_MODULE_MEMORY=$(module_in_memory "ipt_REDIRECT")
	447	if [ "$TEST_IPT_MAC_MODULE_MEMORY" = "0" ]; then
	448	echo " Error: ipt_REDIRECT not loaded"
	449	exit
	450	else
	451	echo " ipt_REDIRECT loaded sucessfully"
	452	fi
	453	fi
	454	else
	455	echo " ipt_REDIRECT module is working"
	456	fi
	457
	458	;;
	459
	460	*)
	461	echo "Usage: $0 {start\|stop\|restart\|reload\|status\|test-module}"
	462	exit 1
	463	;;
	464	esac
	465
	466

Navigation

Changeset 139

Legend:

wifidog/wifidog-1.1.3_beta4/scripts/openwrt/S65wifidog

Download in other formats: