Mudanças entre as edições de "Fumaça Data Springs/Anexo técnico"
De wiki da nuvem
(→Instalação do portal de controle de acesso) |
(→Instalação do portal de controle de acesso) |
||
| Linha 39: | Linha 39: | ||
Instalar pacote nodogsplash (no menu do libre-mesh) | Instalar pacote nodogsplash (no menu do libre-mesh) | ||
| − | + | ||
| + | Substitua o arquivo /etc/nodogsplash/nodogsplash.conf pelo listado abaixo (fazendo as devidas modificações nos IP e página de redirecionamento) | ||
| Linha 51: | Linha 52: | ||
FirewallRule allow to 0.0.0.0/0 | FirewallRule allow to 0.0.0.0/0 | ||
} | } | ||
| + | |||
| + | FirewallRuleSet users-to-router { | ||
| + | # Nodogsplash automatically allows tcp to GatewayPort, | ||
| + | # at GatewayAddress, to serve the splash page. | ||
| + | # However you may want to open up other ports, e.g. | ||
| + | # 53 for DNS and 67 for DHCP if the router itself is | ||
| + | # providing these services. | ||
| + | FirewallRule allow udp port 53 | ||
| + | FirewallRule allow tcp port 53 | ||
| + | FirewallRule allow udp port 67 | ||
| + | # You may want to allow ssh, http, and https to the router | ||
| + | # for administration from the GatewayInterface. If not, | ||
| + | # comment these out. | ||
| + | FirewallRule allow tcp port 22 | ||
| + | FirewallRule allow tcp port 80 | ||
| + | FirewallRule allow tcp port 443 | ||
| + | } | ||
| + | # end FirewallRuleSet users-to-router | ||
| + | |||
| + | FirewallRuleSet preauthenticated-users { | ||
| + | # For preauthenticated users to resolve IP addresses in their initial | ||
| + | # request not using the router itself as a DNS server, | ||
| + | # you probably want to allow port 53 udp and tcp for DNS. | ||
| + | FirewallRule allow tcp port 53 | ||
| + | FirewallRule allow udp port 53 | ||
| + | # For splash page content not hosted on the router, you | ||
| + | # will want to allow port 80 tcp to the remote host here. | ||
| + | # Doing so circumvents the usual capture and redirect of | ||
| + | # any port 80 request to this remote host. | ||
| + | # Note that the remote host's numerical IP address must be known | ||
| + | # and used here. | ||
| + | |||
| + | |||
| + | #change the IP for the address of the gateway router | ||
| + | FirewallRule allow tcp port 80 to 10.7.122.55 | ||
| + | |||
| + | |||
| + | } | ||
| + | # end FirewallRuleSet preauthenticated-users | ||
| + | |||
| + | |||
EmptyRuleSetPolicy preauthenticated-users passthrough | EmptyRuleSetPolicy preauthenticated-users passthrough | ||
EmptyRuleSetPolicy users-to-router passthrough | EmptyRuleSetPolicy users-to-router passthrough | ||
| − | GatewayName 10. | + | |
| + | #change the IP for the address of the gateway router | ||
| + | GatewayName 10.7.122.55:80 | ||
#GatewayPort 80 | #GatewayPort 80 | ||
| + | |||
MaxClients 500 | MaxClients 500 | ||
| Linha 65: | Linha 110: | ||
ClientForceTimeout 14400 | ClientForceTimeout 14400 | ||
| − | |||
| − | BinVoucher "vale | + | #change the range for the ip range of your mesh network |
| + | GatewayIPRange 10.7.0.0/16 | ||
| + | |||
| + | BinVoucher "vale.sh" | ||
ForceVoucher yes | ForceVoucher yes | ||
| Linha 73: | Linha 120: | ||
EnablePreAuth yes | EnablePreAuth yes | ||
| − | </pre> | + | #change to the place where you want to redirect the users after login |
| + | RedirectURL http://www.quintanalibre.org.ar/portada</pre> | ||
Edição das 17h41min de 20 de janeiro de 2016
IPs
IPs para Fumaça e Porto Real: 10.7.0.0/16 (10.7.0.0 a 10.7.255.255)
- IP reservada para o roteador mais próximo: 10.7.0.1
- BSC -> 10.7.0.5 - 00:30:18:a2:88:95
- BTS master -> 10.7.0.6 - 00:d0:cc:08:18:24
- BTS slave -> 10.7.0.7 - 00:d0:cc:08:08:82
- servidor -> 10.7.0.10
- este wiki http://wiki.fumacaonline.org.br
- gallery (fotos) http://gallery.fumacaonline.org.br
- nebulosa -> 10.7.161.204
- morrinho -> 10.7.163.199
- igrejinha -> 10.7.161.183
- torre -> 10.7.182.85
- salao -> 10.7.163.241
- moacir -> 10.7.182.220
- moiados -> 10.7.164.123
- campinho -> [http://]
- 2a00:1508:a57:8900::ad:a3f1 salao
- 2a00:1508:a57:8900::ad:a1b7 igrejinha
- 2a00:1508:a57:8900::ad:a47b moiados
- 2a00:1508:a57:8900::ad:a3c7 morrinho
- 2a00:1508:a57:8900::ad:a1cc nebulosa
- 2a00:1508:a57:8900::75:b655 torre
- 2a00:1508:a57:8900::b8:66ee campinho
- 2a00:1508:a57:8900::75:b6dc moacir
Para abrir um browser através do SSH (como se estivesse no servidor local)
- ssh 2a00:1508:a57:8900::ad:a1b7 -D8080
- chromium-browser --proxy-server=socks://localhost:8080
Instalação do portal de controle de acesso
Instalar pacote nodogsplash (no menu do libre-mesh)
Substitua o arquivo /etc/nodogsplash/nodogsplash.conf pelo listado abaixo (fazendo as devidas modificações nos IP e página de redirecionamento)
GatewayInterface br-lan
GatewayInterfaceExtra bmx+
GatewayInterfaceExtra2 anygw
FirewallRuleSet authenticated-users {
FirewallRule allow to 0.0.0.0/0
}
FirewallRuleSet users-to-router {
# Nodogsplash automatically allows tcp to GatewayPort,
# at GatewayAddress, to serve the splash page.
# However you may want to open up other ports, e.g.
# 53 for DNS and 67 for DHCP if the router itself is
# providing these services.
FirewallRule allow udp port 53
FirewallRule allow tcp port 53
FirewallRule allow udp port 67
# You may want to allow ssh, http, and https to the router
# for administration from the GatewayInterface. If not,
# comment these out.
FirewallRule allow tcp port 22
FirewallRule allow tcp port 80
FirewallRule allow tcp port 443
}
# end FirewallRuleSet users-to-router
FirewallRuleSet preauthenticated-users {
# For preauthenticated users to resolve IP addresses in their initial
# request not using the router itself as a DNS server,
# you probably want to allow port 53 udp and tcp for DNS.
FirewallRule allow tcp port 53
FirewallRule allow udp port 53
# For splash page content not hosted on the router, you
# will want to allow port 80 tcp to the remote host here.
# Doing so circumvents the usual capture and redirect of
# any port 80 request to this remote host.
# Note that the remote host's numerical IP address must be known
# and used here.
#change the IP for the address of the gateway router
FirewallRule allow tcp port 80 to 10.7.122.55
}
# end FirewallRuleSet preauthenticated-users
EmptyRuleSetPolicy preauthenticated-users passthrough
EmptyRuleSetPolicy users-to-router passthrough
#change the IP for the address of the gateway router
GatewayName 10.7.122.55:80
#GatewayPort 80
MaxClients 500
ClientIdleTimeout 720
ClientForceTimeout 14400
#change the range for the ip range of your mesh network
GatewayIPRange 10.7.0.0/16
BinVoucher "vale.sh"
ForceVoucher yes
EnablePreAuth yes
#change to the place where you want to redirect the users after login
RedirectURL http://www.quintanalibre.org.ar/portada
