User Tools

Site Tools


doc:howto:wireless.hotspot.nodogsplash

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Previous revision
doc:howto:wireless.hotspot.nodogsplash [2013/05/20 17:30]
doc:howto:wireless.hotspot.nodogsplash [2014/06/09 23:06] (current)
alois_hockenschlohe2
Line 97: Line 97:
 </​code>​ </​code>​
  
 +==== Firewall ====
 +Because nodogsplash uses iptables to mark/handle packets, you have to turn off the build-in firewall:
 +<​code>​
 +/​etc/​init.d/​firewall stop
 +/​etc/​init.d/​firewall disable
 +</​code>​
  
 ==== Nodogsplash ==== ==== Nodogsplash ====
Line 486: Line 492:
  
  
-Restrict ​bandwidth available to hotspot (adjust according to preference):​+==== Bandwidth Control ==== 
 + 
 +You can restrict ​bandwidth available to hotspot (adjust according to preference):​
  
 <​code>​ <​code>​
Line 519: Line 527:
     opkg install tc     opkg install tc
 </​code>​ </​code>​
 +
 +
 +**NOTE: In Attitude Adjustment 12.09 there is no ''​iptables-mod-imq''​ package and so the above procedure will fail.**
 +
 +For bandwidth control in **Attitude Adjustment 12.09** you can install [[http://​lartc.org/​wondershaper/​|WonderShaper]] (which also uses [[http://​wiki.openwrt.org/​doc/​howto/​packet.scheduler/​packet.scheduler|tc]] as its back-end):
 +
 +<​code>​
 +    opkg install wshaper
 +</​code>​
 +
 +WonderShaper'​s UCI config file is stored in ''/​etc/​config/​wshaper''​. A simple configuration for a guest network might look like this:
 +
 +<​code>​
 +config wshaper '​settings'​
 + option network '​public'​
 + option downlink '​64'​
 + option uplink '​512'​
 +</​code>​
 +
 +**Note:** The ''​downlink''​ and ''​uplink''​ maximum values will usually need to be reversed from what one might, at first glance, expect. Also note that due to overhead, actual speeds will be slightly lower.
  
 ==== Check status ==== ==== Check status ====
Line 630: Line 658:
 ====== Misc. ====== ====== Misc. ======
 If your configuration does NOT use NAT, you need to check "force connection tracking"​ in the firewall configuration of the zone nodogsplash is handling. Without connection tracking, the NAT tables of will not run and redirecting to the splash page does not work. If your configuration does NOT use NAT, you need to check "force connection tracking"​ in the firewall configuration of the zone nodogsplash is handling. Without connection tracking, the NAT tables of will not run and redirecting to the splash page does not work.
 +
 +===== NoDogSplash on OpenWRT 12.09+ Access Point =====
 +
 +The following instructions are touching NoDogSplash configuration on the OpenWRT 12.09 and later firmwares with "​router"​ configured as a **switch** or **Access Point** (AP). OpenWrt is not configured as a router here! This is a common setup where users want to add additional AP to extend their home WiFi coverage and do not want to mess with router from their Internet providers.
 +Example setup:
 +  *  Non OpenWRT router for intranet with address 192.168.1.1
 +  *  OpenWRT AP with static address 192.168.1.3
 +  *  Clients get DHCP subnet range 192.168.1.200-250 by router
 +  *  Clients can connect to AP WiFi within secure SSID
 +  *  Guest hotspot SSID are getting their own 192.168.15.0/​24 subnet and DHCP on isolated segment
 +
 +Configuration of the AP is as usual except that AP needs to have NAT for the hotspot segment only. To achieve this one needs to add custom iptables rule
 +  iptables -A POSTROUTING -t nat -j SNAT --to-source 192.168.1.3
 +and delete all provided firewall rules fy using OpenWRT web interface.
 +
 +Detailed configuration for AP only OpenWRT is:
 +  - Install package //​nodogsplash//​
 +  - With web interface //​Network->​WiFi//​ create: additional ESSID named hotstpot and create additional network hotstpot along with existing lan and unused wan.
 +  - Edit //​Network->​Interfaces->​HOTSPOT//​ and select Protocol: Static address with IPv4 address 192.168.5.1 and Netmask: 255.255.255.0. Leave gateway, broadcast and DNS servers empty. Add DHCP server for this interface with default settings. This HOTSPOT interface is internally named as wlan0-1 and will be used as NoDogSplash gateway address.
 +  - Edit //​Network->​DHCP and DNS//​-Forwarder by unchecking Authoritative and add DNS forwardings:​ 192.168.1.1 to router DNS masquerading and/or external DNS servers from your internet provider.
 +  - Remove all //​Network->​Firewall Zones// and add //​Network->​Firewall->​Custom Rules// by adding iptables rule described above.
 +  - Change ''/​etc/​nodogsplash/​nodogsplash.conf''​ affected lines to
 +
 +          GatewayInterface wlan0-1
 +          ExternalInterface br-lan
 +
 +FirewallRuleSet authenticated-users can remain unchanged. You can also start iptables SNAT command manually if not rebooted meanwhile. Check the presence of this rule by ''​iptables -t nat -v -n -L''​. Enable and start NoDogSplash. After above setup everything should work. Trafic shapping due to the lack of IMQ currently does not work on OpenWrt 12.09 (Attitude Adjustment). ​ One possibility is to install qos-scripts and luci-app-qos. Adding additional interface HOTSPOT to QOS configuration cannot separate between WAN and HOTSPOT bandwidth limit. One can choose to limit NoDogSplash and secure WiFi together to certain Upload and Download rate, but not separate!
 +
 +
 +
 +===== Quick NoDogSplash Setup Example =====
 +
 +This is a quick setup for Nodogsplash. It shows a splash page for any web acccess comming from br-lan.
 +
 +/​etc/​nodogsplash/​nodogsplash.conf
 +<​code>​
 +GatewayInterface br-lan
 +
 +FirewallRuleSet preauthenticated-users {
 + ​FirewallRule allow tcp port 53
 + ​FirewallRule allow udp port 53
 + ​FirewallRule allow icmp
 +}
 +
 +EmptyRuleSetPolicy authenticated-users passthrough
 +EmptyRuleSetPolicy users-to-router passthrough
 +EmptyRuleSetPolicy trusted-users allow
 +EmptyRuleSetPolicy trusted-users-to-router passthrough
 +
 +MaxClients 30
 +ClientIdleTimeout 10
 +ClientForceTimeout 240
 +</​code>​
 +
 +For the actual splash site place these [[https://​github.com/​nodogsplash/​nodogsplash/​tree/​master/​resources|example files]] as follows:
 +
 +<​code>​
 +/​etc/​nodogsplash/​htdocs/​splash.html
 +/​etc/​nodogsplash/​htdocs/​infoskel.html
 +/​etc/​nodogsplash/​htdocs/​images/​splash.jpg
 +</​code>​
doc/howto/wireless.hotspot.nodogsplash.1369063843.txt.bz2 · Last modified: 2013/05/20 17:30 (external edit)