[FUG-BR] Portal Cativo

Jorge Aldo jorgealdojr em bol.com.br
Domingo Junho 29 21:13:16 BRT 2008


Como havia explicado em um email anterior, criei uma ferramenta de 
portal cativo para FreeBSD

O seguinte script é chamado quando o sistema (captivepinger) da a partida :

#!/bin/sh

ipfw -q -f flush           # Delete all rules

# Set variables
oif="rl0"                  # out interface
iif="dc0"                  # in intertace
iifaddr="192.168.2.1"      # in interface ip
lannet="192.168.2.0/24"    # LAN subnet
redirector="1932"          # captive portal redirector
portal="1934"              # captive portal
admin="1933"               # captive portal admin page
squid="3128"               # squid

# Divert to NAT
/sbin/ipfw add 2 divert 8668 ip4 from any to any via rl0

# Allow estabilished traffic
/sbin/ipfw add 3 check-state

# Allow anything loopback
/sbin/ipfw add 4 allow ip from any to any via lo0

# deny external access to our loopback
/sbin/ipfw add 5 deny ip from any to 127.0.0.0/8
/sbin/ipfw add 6 deny ip from 127.0.0.0/8 to any

# allow anything outgoing (and returning for internally generated traffic)
/sbin/ipfw add 7 allow all from any to any via ${oif} keep-state

# allow any port in on our firewall
/sbin/ipfw add 8 allow ip from ${lannet} to ${iifaddr} via ${iif} keep-state

# allow any DNS
/sbin/ipfw add 9 allow tcp from ${lannet} to any dst-port 53 via ${iif} 
keep-state
/sbin/ipfw add 9 allow udp from ${lannet} to any dst-port 53 via ${iif} 
keep-state

# by default, send to our captive redirector
/sbin/ipfw add 65000 fwd ${iifaddr},${redirector} tcp from ${lannet} to 
any dst-port 80 in via ${iif} keep-state

/sbin/ipfw add 65100 deny ip from any to any
/sbin/ipfw add 65200 allow ip from any to any

----- Este outro script eh chamado quando um usuario loga ( ${1} é o id 
no cadastro ${2} é o IP no cadastro ${3} é a banda de subida ${4} é a 
banda de descida, são parametros da linha de comando do script)

#!/bin/sh

# Set variables
oif="rl0"                  # out interface
iif="dc0"                  # in intertace
iifaddr="192.168.2.1"      # in interface ip
lannet="192.168.2.0/24"    # LAN subnet
redirector="1932"          # captive portal redirector
portal="1934"              # captive portal
admin="1933"               # captive portal admin page
squid="3128"               # squid

/sbin/ipfw pipe ${1}1 config bw ${4}KBit/s
/sbin/ipfw pipe ${1}2 config bw ${3}KBit/s

/sbin/ipfw add 1${1}1 pipe ${1}2 ip from ${2} to any in
/sbin/ipfw add 1${1}1 pipe ${1}1 ip from any to ${2} out

/sbin/ipfw add 1${1}2 fwd 127.0.0.1,${squid} ip from ${2} to any 
dst-port 80 in via ${iif}

/sbin/ipfw add 1${1}3 skipto 65200 ip from ${2} to any in via ${iif}
/sbin/ipfw add 1${1}3 skipto 65200 ip from any to ${2} out via ${iif}

----- Este é o script chamado quando o usario fica offline { ${1} id 
${2} ip )

#!/bin/sh

# Set variables
oif="rl0"              # out interface
iif="vr0"              # in intertace
iifaddr="192.168.1.1"  # in interface ip
redirector="1932"      # captive portal redirector
portal="1934"          # captive portal
admin="1933"           # captive portal admin page
squid="3128"           # squid

ipfw delete 1${1}1
ipfw delete 1${1}2
ipfw delete 1${1}3

ipfw pipe delete ${1}1
ipfw pipe delete ${1}2

------------ fim -----------

do jeito que esta ai o usuario é interceptado na entrada e é levado ao 
portal cativo, quando loga, passa a ser interceptado pelo squid e nao 
pelo portal, ate cair

o meu problema é que o controle de banda simplesmente não funciona !


Mais detalhes sobre a lista de discussão freebsd