From: Masashi H. <ho...@ic...> - 2010-03-08 07:36:44
|
Hello. Thank you for teaching me how to build. I could build and install it. I configure /etc/pepper.conf and I could see PepperSpot Login site. (I replaced line 55 of hotspotlogin.cgi to "if (0) {" because I want to use HTTP for testing.) But after I typed in username and password, no response returned. It looks like NAT problem. What more configuration do I need ? <<My environment>> PC1 (Windows XP) [192.168.182.2] | | IEEE 802.11 connection | [wlan1 : 192.168.182.1] PC2 (Debian Linux) with PepperChilli svn and FreeRADIUS 2.1.8 [eth0 : 192.168.1.33] | | Ethernet connection | PC3 (Router) [192.168.1.1] /proc/sys/net/ipv4/ip_forward=1 # iptables -t nat -L -v Chain PREROUTING (policy ACCEPT 564 packets, 47055 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 230 11940 MASQUERADE all -- any eth0 anywhere anywhere Chain OUTPUT (policy ACCEPT 4 packets, 314 bytes) pkts bytes target prot opt in out source destination <<My /etc/pepper.conf>> ############################################################################## # # Sample PepperSpot configuration file # ############################################################################## # TAG: fg # Include this flag if process is to run in the foreground fg # TAG: debug # Include this flag to include debug information. #debug # TAG: interval # Re-read configuration file at this interval. Will also cause new domain # name lookups to be performed. Value is given in seconds. #interval 3600 # TAG: pidfile # File to store information about the process id of the program. # The program must have write access to this file/directory. #pidfile /var/run/pepper.pid # TAG: statedir # Directory to use for nonvolatile storage. # The program must have write access to this directory. # This tag is currently ignored #statedir ./ # TAG: IP version # Accepted version of IP protocol # Can be 'ipv6', 'ipv4' or 'dual' #ipversion dual ipversion ipv4 # TUN parameters # TAG: net # IP network address of external packet data network # Used to allocate dynamic IP addresses and set up routing. # Normally you do not need to uncomment this tag. net 192.168.182.0/24 # TAG: dynip # Dynamic IP address pool # Used to allocate dynamic IP addresses to clients. # If not set it defaults to the net tag. # Do not uncomment this tag unless you are an experienced user! #dynip 192.168.182.0/24 # TAG: statip # Static IP address pool # Used to allocate static IP addresses to clients. # Do not uncomment this tag unless you are an experienced user! #statip 192.168.182.0/24 # TAG : staticipv6 # IPv6 address to listen to on TUN interface #staticipv6 2001:db8:1::1234 # TAG: ipv6prefix # IPv6 Prefix delegated to the Wi-Fi link #ipv6prefix 2001:db8:1::/64 # TAG: dns1 # Primary DNS server. # Will be suggested to the client. # If omitted the system default will be used. # Normally you do not need to uncomment this tag. dns1 192.168.1.1 # TAG: dns2 # Secondary DNS server. # Will be suggested to the client. # If omitted the system default will be used. # Normally you do not need to uncomment this tag. #dns2 172.16.0.6 # TAG: domain # Domain name # Will be suggested to the client. # Normally you do not need to uncomment this tag. domain pepperspot.info # TAG: ipup # Script executed after network interface has been brought up. # Executed with the following parameters: <devicename> <ip address> # <mask> # Normally you do not need to uncomment this tag. #ipup /etc/pepper.ipup # TAG: ipdown # Script executed after network interface has been taken down. # Executed with the following parameters: <devicename> <ip address> # <mask> # Normally you do not need to uncomment this tag. #ipdown /etc/pepper.ipdown # TAG: conup # Script executed after a user has been authenticated. # Executed with the following parameters: <devicename> <ip address> # <mask> <user ip address> <user mac address> <filter ID> # Normally you do not need to uncomment this tag. #conup /etc/pepper.conup # TAG: conup # Script executed after a user has disconnected. # Executed with the following parameters: <devicename> <ip address> # <mask> <user ip address> <user mac address> <filter ID> # Normally you do not need to uncomment this tag. #conup /etc/pepper.condown # Radius parameters # TAG: radiuslisten # IP address to listen to # Normally you do not need to uncomment this tag. #radiuslisten ::1 # TAG: radiusserver1 # IP address of radius server 1 # For most installations you need to modify this tag. #radiusserver1 ::1 radiusserver1 192.168.182.1 # TAG: radiusserver2 # IP address of radius server 2 # If you have only one radius server you should set radiusserver2 to the # same value as radiusserver1. # For most installations you need to modify this tag. radiusserver2 127.0.0.1 # TAG: radiusauthport # Radius authentication port # The UDP port number to use for radius authentication requests. # The same port number is used for both radiusserver1 and radiusserver2. # Normally you do not need to uncomment this tag. #radiusauthport 1812 # TAG: radiusacctport # Radius accounting port # The UDP port number to use for radius accounting requests. # The same port number is used for both radiusserver1 and radiusserver2. # Normally you do not need to uncomment this tag. #radiusacctport 1813 # TAG: radiussecret # Radius shared secret for both servers # For all installations you should modify this tag. radiussecret test # TAG: radiusnasid # Radius NAS-Identifier # Normally you do not need to uncomment this tag. #radiusnasid debian-ipv6-pepperspot # TAG: radiusnasip # Radius NAS-IP-Address # Normally you do not need to uncomment this tag. #radiusnasip 127.0.0.1 # TAG: radiuscalled # Radius Called-Station-ID # Normally you do not need to uncomment this tag. #radiuscalled 00133300 # TAG: radiuslocationid # WISPr Location ID. Should be in the format: isocc=<ISO_Country_Code>, # cc=<E.164_Country_Code>,ac=<E.164_Area_Code>,network=<ssid/ZONE> # Normally you do not need to uncomment this tag. #radiuslocationid isocc=us,cc=1,ac=408,network=ACMEWISP_NewarkAirport #radiuslocationid isocc=fr,cc=33,ac=67000,network=portail_ipv6 # TAG: radiuslocationname # WISPr Location Name. Should be in the format: # <HOTSPOT_OPERATOR_NAME>,<LOCATION> # Normally you do not need to uncomment this tag. #radiuslocationname ACMEWISP,Gate_14_Terminal_C_of_Newark_Airport # Radius proxy parameters # TAG: proxylisten # IP address to listen to # Normally you do not need to uncomment this tag. #proxylisten 10.0.0.1 # TAG: proxyport # UDP port to listen to. # If not specified a port will be selected by the system # Normally you do not need to uncomment this tag. #proxyport 1645 # TAG: proxyclient # Client(s) from which we accept radius requests # Normally you do not need to uncomment this tag. #proxyclient 10.0.0.1/24 # TAG: proxysecret # Radius proxy shared secret for all clients # If not specified defaults to radiussecret # Normally you do not need to uncomment this tag. #proxysecret testing123 # Remote configuration management # TAG: confusername # If confusername is specified together with confpassword pepperspot # will at regular intervals specified by the interval option query the # radius server for configuration information. # Normally you do not need to uncomment this tag. #confusername conf # TAG: confpassword # If confusername is specified together with confpassword pepperspot # will at regular intervals specified by the interval option query the # radius server for configuration information. # Normally you do not need to uncomment this tag. #confpassword secret # DHCP Parameters # TAG: dhcpif # Ethernet interface to listen to. # This is the network interface which is connected to the access points. # In a typical configuration this tag should be set to eth1. dhcpif wlan1 # TAG: dhcpmac # Use specified MAC address. # An address in the range 00:00:5E:00:02:00 - 00:00:5E:FF:FF:FF falls # within the IANA range of addresses and is not allocated for other # purposes. # Normally you do not need to uncomment this tag. #dhcpmac 00:00:5E:00:02:00 # TAG: dhcplisten6 # Use specified IPv6 address. # # Normally you do not need to uncomment this tag. #dhcplisten6 fe80::240:b5ff:fe80:ea50 # TAG: lease # Time before DHCP lease expires # Normally you do not need to uncomment this tag. #lease 600 # Universal access method (UAM) parameters # TAG: uamserver # URL of web server handling authentication. #uamserver https://radius.pepperspot.info/hotspotlogin #uamserver https://192.168.182.1/cgi-bin/hotspotlogin.cgi uamserver http://192.168.182.1/cgi-bin/hotspotlogin.cgi # TAG: uamserver6 # URL of web server handling authentication for IPv6 client. #uamserver6 https://[2001:db8:1::1234]/cgi-bin/hotspotlogin.cgi # TAG: uamhomepage # URL of welcome homepage. # Unauthenticated users will be redirected to this URL. If not specified # users will be redirected to the uamserver instead. # Normally you do not need to uncomment this tag. #uamhomepage http://192.168.182.1/welcome.html # TAG: uamsecret # Shared between pepper and authentication web server (PAP) # Comment this line (and update login script) if you want to use CHAP #uamsecret testing234 # TAG: uamlisten # IP address to listen to for authentication requests # Do not uncomment this tag unless you are an experienced user! #uamlisten 192.168.182.1 # TAG: uamport # TCP port to listen to for authentication requests # Do not uncomment this tag unless you are an experienced user! #uamport 3990 # TAG: uamallowed # Comma separated list of domain names, IP addresses or network segments # the client can access without first authenticating. # It is possible to specify this tag multiple times. # Normally you do not need to uncomment this tag. #uamallowed www.pepperspot.info,10.11.12.0/24 #uamallowed cas.pepperspot.info,192.168.182.0/24 # TAG: uamanydns # If this flag is given unauthenticated users are allowed to use # any DNS server. # Normally you do not need to uncomment this tag. #uamanydns # MAC authentication # TAG: macauth # If this flag is given users will be authenticated only on their MAC # address. # Normally you do not need to uncomment this tag. #macauth # TAG: macallowed # List of MAC addresses. # The MAC addresses specified in this list will be authenticated only on # their MAC address. # This tag is ignored if the macauth tag is given. # It is possible to specify this tag multiple times. # Normally you do not need to uncomment this tag. #macallowed 00-0D-54-98-BC-29 # TAG: macpasswd # Password to use for MAC authentication. # Normally you do not need to uncomment this tag. #macpasswd password # TAG: macsuffix # Suffix to add to MAC address in order to form the username. # Normally you do not need to uncomment this tag. #macsuffix suffix <<PepperSpot log>> dhcp_undoDNAT source:192.168.182.1 dest:192.168.182.2 portsrc:80 portdest:1552 DHCP packet received dhcp_receive_ip dhcp_undoDNAT source:192.168.182.1 dest:192.168.182.2 portsrc:80 portdest:1552 DHCP packet received dhcp_receive_ip DHCP packet received dhcp_receive_ip dhcp_undoDNAT source:192.168.182.1 dest:192.168.182.2 portsrc:80 portdest:1552 DHCP packet received dhcp_receive_ip dhcp_undoDNAT source:192.168.182.1 dest:192.168.182.2 portsrc:80 portdest:1552 dhcp_undoDNAT source:192.168.182.1 dest:192.168.182.2 portsrc:80 portdest:1552 DHCP packet received dhcp_receive_ip dhcp_undoDNAT source:192.168.182.1 dest:192.168.182.2 portsrc:80 portdest:1552 dhcp_undoDNAT source:192.168.182.1 dest:192.168.182.2 portsrc:80 portdest:1552 dhcp_undoDNAT source:192.168.182.1 dest:192.168.182.2 portsrc:3990 portdest:1553 DHCP packet received dhcp_receive_ip dhcp_undoDNAT source:192.168.182.1 dest:192.168.182.2 portsrc:3990 portdest:1553 DHCP packet received dhcp_receive_ip DHCP packet received dhcp_receive_ip Calling redir_getreq() dhcp_undoDNAT source:192.168.182.1 dest:192.168.182.2 portsrc:3990 portdest:1553 DHCP packet received dhcp_receive_ip dhcp_undoDNAT source:192.168.182.1 dest:192.168.182.2 portsrc:3990 portdest:1553 The path is: logon Looking for: userurl p1: http%3a%2f%2f192.168.1.1%2f HTTP/1.1 Host: 192.168.182.1:3990 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; ja; rv:1.9.2) Gecko/20100115 Firefox/3.6 (.NET CLR 3.5.30729) Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: ja,en-us;q=0.7,en;q=0.3 Accept-Encoding: gzip,deflate Accept-Charset: Shift_JIS,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive p2 (null) p3: HTTP/1.1 Host: 192.168.182.1:3990 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; ja; rv:1.9.2) Gecko/20100115 Firefox/3.6 (.NET CLR 3.5.30729) Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: ja,en-us;q=0.7,en;q=0.3 Accept-Encoding: gzip,deflate Accept-Charset: Shift_JIS,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive The parameter is: http://192.168.1.1/ User URL: http://192.168.1.1/! Looking for: username p1: ictecClient&password=e7ca84eeb5d991f28a4c4f742158a6fb&userurl=http%3a%2f%2f192.168.1.1%2f HTTP/1.1 Host: 192.168.182.1:3990 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; ja; rv:1.9.2) Gecko/20100115 Firefox/3.6 (.NET CLR 3.5.30729) Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: ja,en-us;q=0.7,en;q=0.3 Accept-Encoding: gzip,deflate Accept-Charset: Shift_JIS,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive p2 &password=e7ca84eeb5d991f28a4c4f742158a6fb&userurl=http%3a%2f%2f192.168.1.1%2f HTTP/1.1 Host: 192.168.182.1:3990 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; ja; rv:1.9.2) Gecko/20100115 Firefox/3.6 (.NET CLR 3.5.30729) Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: ja,en-us;q=0.7,en;q=0.3 Accept-Encoding: gzip,deflate Accept-Charset: Shift_JIS,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive p3: HTTP/1.1 Host: 192.168.182.1:3990 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; ja; rv:1.9.2) Gecko/20100115 Firefox/3.6 (.NET CLR 3.5.30729) Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: ja,en-us;q=0.7,en;q=0.3 Accept-Encoding: gzip,deflate Accept-Charset: Shift_JIS,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive The parameter is: ictecClient Looking for: response Looking for: password p1: e7ca84eeb5d991f28a4c4f742158a6fb&userurl=http%3a%2f%2f192.168.1.1%2f HTTP/1.1 Host: 192.168.182.1:3990 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; ja; rv:1.9.2) Gecko/20100115 Firefox/3.6 (.NET CLR 3.5.30729) Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: ja,en-us;q=0.7,en;q=0.3 Accept-Encoding: gzip,deflate Accept-Charset: Shift_JIS,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive p2 &userurl=http%3a%2f%2f192.168.1.1%2f HTTP/1.1 Host: 192.168.182.1:3990 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; ja; rv:1.9.2) Gecko/20100115 Firefox/3.6 (.NET CLR 3.5.30729) Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: ja,en-us;q=0.7,en;q=0.3 Accept-Encoding: gzip,deflate Accept-Charset: Shift_JIS,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive p3: HTTP/1.1 Host: 192.168.182.1:3990 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; ja; rv:1.9.2) Gecko/20100115 Firefox/3.6 (.NET CLR 3.5.30729) Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: ja,en-us;q=0.7,en;q=0.3 Accept-Encoding: gzip,deflate Accept-Charset: Shift_JIS,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive The parameter is: e7ca84eeb5d991f28a4c4f742158a6fb Calling cb_getstate() Processing received request Calling radius redir_accept: Sending radius request NSEG: 1 C(0): [7551c33d5b8544b559843e83b4e03dd2] dhcp_undoDNAT source:192.168.182.1 dest:192.168.182.2 portsrc:3990 portdest:1553 DHCP packet received dhcp_receive_ip dhcp_undoDNAT source:192.168.182.1 dest:192.168.182.2 portsrc:3990 portdest:1553 DHCP packet received dhcp_receive_ip dhcp_undoDNAT source:192.168.182.1 dest:192.168.182.2 portsrc:3990 portdest:1553 DHCP packet received dhcp_receive_ip DHCP packet received dhcp_receive_ip dhcp_undoDNAT source:192.168.182.1 dest:192.168.182.2 portsrc:80 portdest:1552 dhcp_undoDNAT source:192.168.182.1 dest:192.168.182.2 portsrc:80 portdest:1552 dhcp_undoDNAT source:192.168.182.1 dest:192.168.182.2 portsrc:80 portdest:1552 DHCP packet received dhcp_receive_ip Regards, Masashi Honma. |