[FUG-BR] Portal Cativo
Jorge Aldo
jorgealdojr em bol.com.br
Domingo Junho 29 21:13:16 BRT 2008
Como havia explicado em um email anterior, criei uma ferramenta de
portal cativo para FreeBSD
O seguinte script é chamado quando o sistema (captivepinger) da a partida :
#!/bin/sh
ipfw -q -f flush # Delete all rules
# Set variables
oif="rl0" # out interface
iif="dc0" # in intertace
iifaddr="192.168.2.1" # in interface ip
lannet="192.168.2.0/24" # LAN subnet
redirector="1932" # captive portal redirector
portal="1934" # captive portal
admin="1933" # captive portal admin page
squid="3128" # squid
# Divert to NAT
/sbin/ipfw add 2 divert 8668 ip4 from any to any via rl0
# Allow estabilished traffic
/sbin/ipfw add 3 check-state
# Allow anything loopback
/sbin/ipfw add 4 allow ip from any to any via lo0
# deny external access to our loopback
/sbin/ipfw add 5 deny ip from any to 127.0.0.0/8
/sbin/ipfw add 6 deny ip from 127.0.0.0/8 to any
# allow anything outgoing (and returning for internally generated traffic)
/sbin/ipfw add 7 allow all from any to any via ${oif} keep-state
# allow any port in on our firewall
/sbin/ipfw add 8 allow ip from ${lannet} to ${iifaddr} via ${iif} keep-state
# allow any DNS
/sbin/ipfw add 9 allow tcp from ${lannet} to any dst-port 53 via ${iif}
keep-state
/sbin/ipfw add 9 allow udp from ${lannet} to any dst-port 53 via ${iif}
keep-state
# by default, send to our captive redirector
/sbin/ipfw add 65000 fwd ${iifaddr},${redirector} tcp from ${lannet} to
any dst-port 80 in via ${iif} keep-state
/sbin/ipfw add 65100 deny ip from any to any
/sbin/ipfw add 65200 allow ip from any to any
----- Este outro script eh chamado quando um usuario loga ( ${1} é o id
no cadastro ${2} é o IP no cadastro ${3} é a banda de subida ${4} é a
banda de descida, são parametros da linha de comando do script)
#!/bin/sh
# Set variables
oif="rl0" # out interface
iif="dc0" # in intertace
iifaddr="192.168.2.1" # in interface ip
lannet="192.168.2.0/24" # LAN subnet
redirector="1932" # captive portal redirector
portal="1934" # captive portal
admin="1933" # captive portal admin page
squid="3128" # squid
/sbin/ipfw pipe ${1}1 config bw ${4}KBit/s
/sbin/ipfw pipe ${1}2 config bw ${3}KBit/s
/sbin/ipfw add 1${1}1 pipe ${1}2 ip from ${2} to any in
/sbin/ipfw add 1${1}1 pipe ${1}1 ip from any to ${2} out
/sbin/ipfw add 1${1}2 fwd 127.0.0.1,${squid} ip from ${2} to any
dst-port 80 in via ${iif}
/sbin/ipfw add 1${1}3 skipto 65200 ip from ${2} to any in via ${iif}
/sbin/ipfw add 1${1}3 skipto 65200 ip from any to ${2} out via ${iif}
----- Este é o script chamado quando o usario fica offline { ${1} id
${2} ip )
#!/bin/sh
# Set variables
oif="rl0" # out interface
iif="vr0" # in intertace
iifaddr="192.168.1.1" # in interface ip
redirector="1932" # captive portal redirector
portal="1934" # captive portal
admin="1933" # captive portal admin page
squid="3128" # squid
ipfw delete 1${1}1
ipfw delete 1${1}2
ipfw delete 1${1}3
ipfw pipe delete ${1}1
ipfw pipe delete ${1}2
------------ fim -----------
do jeito que esta ai o usuario é interceptado na entrada e é levado ao
portal cativo, quando loga, passa a ser interceptado pelo squid e nao
pelo portal, ate cair
o meu problema é que o controle de banda simplesmente não funciona !
Mais detalhes sobre a lista de discussão freebsd