1 Jun 2005 14:13
6 Jun 2005 06:20
Question about IPFW (NoCat under FBSD)
PD <paul <at> ranahminang.net>
2005-06-06 04:20:58 GMT
2005-06-06 04:20:58 GMT
Dear list,
The following questions addresses for NoCat installed under FBSD
Our installation goes into the same box for different functions (auth and
gateway).
Within gateway function under, we found bin/initialize.fw file that supposed
to be called for every startup.
Let say an interface IP is 192.169.1.131 and DHCP range is 192.168.1.194-254.
The following lines are the snipped of bin/initialize.fw file
# Others
${IPFW} add 60100 queue 3 all from any to any in // line A
${IPFW} add 60100 queue 4 all from any to any out // line B
${IPFW} add 60110 skipto 61000 all from any to any // line C
${IPFW} queue 3 config mask src-ip 0xffffffff pipe 3 weight 75 // line D
${IPFW} queue 4 config mask dst-ip 0xffffffff pipe 4 weight 100 // line E
${IPFW} pipe 3 config bw 128Kbit/s // line F
${IPFW} pipe 4 config bw 512Kbit/s // line G
Questions :
+ why line A and line B using the same command number with different pipe and
different functions ? Seems both command working half duplex. Is it right ?
+ what line C for ?
+ what line D and E means and for ?
+ line F and G seems for bandwidth limiting. But how this command work ? For
line G, is it 512K from interface card sharing for the whole DHCP addresses
or 512K from interface card to each hosts within DHCP addresses ?
(Continue reading)
7 Jun 2005 08:12
Question about IPFW (NoCat under FBSD)
PD <paul <at> ranahminang.net>
2005-06-07 06:12:14 GMT
2005-06-07 06:12:14 GMT
Dear list,
The following questions addresses for NoCat installed under FBSD
Our installation goes into the same box for different functions (auth and
gateway).
Within gateway function under, we found bin/initialize.fw file that supposed
to be called for every startup.
Let say an interface IP is 192.169.1.131 and DHCP range is 192.168.1.194-254.
The following lines are the snipped of bin/initialize.fw file
# Others
${IPFW} add 60100 queue 3 all from any to any in // line A
${IPFW} add 60100 queue 4 all from any to any out // line B
${IPFW} add 60110 skipto 61000 all from any to any // line C
${IPFW} queue 3 config mask src-ip 0xffffffff pipe 3 weight 75 // line D
${IPFW} queue 4 config mask dst-ip 0xffffffff pipe 4 weight 100 // line E
${IPFW} pipe 3 config bw 128Kbit/s // line F
${IPFW} pipe 4 config bw 512Kbit/s // line G
Questions :
+ why line A and line B using the same command number with different pipe and
different functions ? Seems both command working half duplex. Is it right ?
+ what line C for ?
+ what line D and E means and for ?
+ line F and G seems for bandwidth limiting. But how this command work ? For
line G, is it 512K from interface card sharing for the whole DHCP addresses
or 512K from interface card to each hosts within DHCP addresses ?
(Continue reading)
9 Jun 2005 06:37
Web based Radius administration
chumly chumly <chumly96 <at> hotmail.com>
2005-06-09 04:37:02 GMT
2005-06-09 04:37:02 GMT
Hi All! Does anyone have a web based frontend for user administration on a radius server? I'm looking for something that will allow the user to administrate themselves, provide status of the gateways and users, and support AAA and billing. I'm not looking for a commercial product as I won't be charging, but I do want all the features and protection of a billing based system. ( upload / download qoutas, bandwidth limits, time based access control, etc ) Any help would be fantastic! Thanks! Kevin
9 Jun 2005 12:34
Newbie: NoCat doable in this setup?
Leonard Tulipan <l.tulipan <at> mpwi.at>
2005-06-09 10:34:13 GMT
2005-06-09 10:34:13 GMT
Hi!
In preperation of a WLAN Rollout in our little company (15 people) I'd
like to know if what I think is possible, is actually doable.
Here's a little network diagram in ascii:
Internet
\_
\ xDSL Router +-----+ ____Company LAN_______
\___ eth1 | FW | / \
| Red | __ eth0 192.168.0.* |
192.168.119.* ___ eth3 | Hat | \___+_______________+__/
/ +-----+ | |
WLAN AP (Linksys/Netgear) Fileservers PC's/MAC's
(((( /\ ))))
Mostly WinXP Notebooks
Firewall runs: Red Hat Linux
+ custom IPTables script
+ transparent squid
+ openswan ipsec
So far so good. My questions:
1) Can NoCatAuth work without a HostAP Wlan Card in the Server
(according to the ZoneCD Package this should be doable)
2) Can ipsec which works for roaming users (teleworking) also be done
without specifically logging in thru NoCat from the WLAN (Treat ipsec
wlan just as we would from the Internet)
(Continue reading)
15 Jun 2005 17:57
Re: Welcome to the "NoCat" mailing list
Paul Bearne <pbearne <at> gmail.com>
2005-06-15 15:57:04 GMT
2005-06-15 15:57:04 GMT
Hi All I have a SME sever from http://www.contribs.org And I would like to extend it to allow my neighbor's to connect out using my connection but keep them outside of by network Also if possible I would to connect to all the wireless router's in the area so we all gain the extra band width extra? Is this possible? SME is base on red hat and the new version is base CentOS 3.5 Many Thanks Paul Bearne
23 Jun 2005 19:25
LDAP_filter problem on NoCatAuth
Wole Adebiyi <wadebiyi <at> comui.edu.ng>
2005-06-23 17:25:50 GMT
2005-06-23 17:25:50 GMT
Can anybody help me with this problem?
I am trying to set up NoCatAuth on our network as a captive portal.
We are already using proxy authentication on Squid with a filter like
"(&(uid=%s)(ou=web)(webstatus=TRUE))".
NoCatAuth works in a passive mode with
" LDAP_filter uid"
but does not work with
"LDAP_filter (uid=%u)(ou=web)(webstatus=TRUE)
How can I get NoCatAuth to accept the LDAP_filter
(uid=%u)(ou=web)(webstatus=TRUE) which is neccessary for authentication
on our network?
--
--
Wole Adebiyi
24 Jun 2005 11:28
When NoCatSplash with Passive and Captive modes will be released???
Bassam A. Al-Khaffaf <bassam <at> palettemm.com>
2005-06-24 09:28:32 GMT
2005-06-24 09:28:32 GMT
Dear All,
I am trying to build a wireless gateway on an Linux embedded
operating system and I found that NoCatSplash is very much useful to my
work, but unfortunately it supports open mode and the Passive or Captive
modes have not been released so far. I cannot use NoCatAuth because it is
written with Perl programming language and for the number of bugs that it
contains as well. So I wonder if you know where the NoCatSplash with Passive
and Captive modes will be released and is there any Beta version for this
release and do you know some other alternatives that can be used??
I tried with chillispot, but the problem is that it based on TUN point to
point logical port and not on the eth physical port like NoCat.
Your help is highly appreciated and thanks in advance
Bassam A. Al-Khaffaf
24 Jun 2005 21:18
Re: When NoCatSplash with Passive and Captive modes willb be released??
Markus Breitenbach <markus.breitenbach <at> gmail.com>
2005-06-24 19:18:57 GMT
2005-06-24 19:18:57 GMT
Hey, there's a new hotspot project on sourceforge that provides a firmware for the Linksys WRT54G based on ewrt. They use a modified version of NoCat that supports radius authentication. Quoting from the feature-list: - an improved captive portal splashd -- handling dynamic firewall restore ---radius auth and acct support, ---login, confirm, and logout page from external server, ---automatic logout, ---traffic reporting, ---improved handling of firewall rules in case firewall rules are reinitialized, ---automatic self test of splashd functionality with timeout, ---support of syslogd ---httpd request read loop improved, ignoring wrong requests, http://sourceforge.net/projects/hotspot-zone/ -Markus -- Gravity: It's not just a good idea. It's the law. http://cervisia.org
25 Jun 2005 20:30
Re: Re: When NoCatSplash with Passive and Captive modes willb be released??
Schuyler Erle <schuyler <at> nocat.net>
2005-06-25 18:30:58 GMT
2005-06-25 18:30:58 GMT
* On 24-Jun-2005 at 12:21PM PDT, Markus Breitenbach said: > there's a new hotspot project on sourceforge that provides a firmware > for the Linksys WRT54G based on ewrt. They use a modified version of > NoCat that supports radius authentication. Quoting from the > feature-list... Heh, nice of them to let us know before they forked our project! Is it worth plundering their code base? SDE
RSS Feed