OK, I've been playing with 4 different pieces of software on my 54G, all to no avail...

WifiDog
NoCatSplash
ChilliSpot
ControlAP

All 4 pretty much exhibit similar behavior...they appear to run, but don't actually do anything. Any client that connects via wireless has free reign to surf the net without being first directed to a capture page. I'm not wanting to charge for the use of the hotspot, but I just want people directed to a page advertising the owner of the hotspot, and get the users to see a usage agreement before they are allowed on the 'net.

Additionally, I would love to have the thing set itself to shutdown the wireless access to the 'net while the store is closed. (Someone said cron was probably the way to go for that...)

If anybody can share any success with the above 4 products (or a similar product that I haven't seen), I would be VERY much appreciative. However it is important that whatever I use only require the router for hardware (although needing access to an external web server already on the 'Net is OK.)

Thanks a lot in advance for any and all help.

(Last edited by Codo on 1 Jul 2005, 13:51)

How do you want to do that at the ip level.
How can you control the client browser?
Do you want to redirect tcp to the internal web browser for any request to port 80?
Maybe this is possible through a proxy server?

You don't need to control this at the IP level, because the browser does NOT work on that stack of the protocol layer. As far as the IP layer is concerned, the user's PC is doing what it is supposed to: 'I can't find that host on my local network, so I will forward the request to my gateway' and at that point, communciation is between the PC and the router and the router and IT's gateway. Unless something inside the router's programming tells it not to operate as it usually does, maybe because the MAC address of the computer in question is not on a list of authorized users.

After that, you can control the client browser very easily. See, the browser is a dumb beast. It makes a request for the a webpage. Then your TCP/IP protocol stack starts wrapping things up into packets headed for the gateway. The trick is, the gateway never goes out and gets said page, it just delivers it's own. The browser doesn't know or care where the page is coming from, all it knows is that it requested a page and that it is being given a page by the device it asked to go fetch the page for it. Really it is no different than any corporate proxy or other program that prohibits surfing to certain websites.

See, again you've got it wrong. I don't want to redirect TCP. I don't even want to mess with that layer of the protocol stack...there is no reason to. Everything I want to do occurs higher in the protocol stack.

Yes, proxy servers exhibit similar behavior, but a proxy is not what I want. I want the router to operate as a router like it always does EXCEPT when a new user authenticates to the wireless. At that point I want to intercept their first request for ANY website and instead give them my own site, and after that, as long as conditions are OK, become a transparent router once again to that user until such a point where the user has been taken off the network.

All four pieces of software I mentioned in my post already have this exact ability built in to varying degrees. Some of them will not even let you surf to ANY page at all unless you complete a login page, one just shows your capture page once then lets you go, and the fourth can even go so far as to integrate with a credit card accepting web page before letting people surf. One of them will even block certain ports on the wireless, but I think that's probably just a function of iptables, right?

These pieces of software work somehow for somebody. I'm just trying to get the same to work for me.

(Last edited by Codo on 1 Jul 2005, 18:39)

I am having the same issue over the last couple of days. Daemons start, but just let all traffic through. I'm particularly interested in getting wifidog working. I have the server side of things set up. If I hit the port set in the configuration, it redirects to the authentication server properly. So the software is working, just letting all traffic pass.

Wendall

Wendall, you might want to poke around these forums. I'm gonna start nosing around there too... It's the official Chillispot Forums with an OpenWRT message board.

Hey Codo,

Are you still struggling with this? I'm setting up chillispot to redirect to a page off my external web server...it works, although radius is a little more overhead that i was prepared for.

I'm having to use an external page because i want to run ads on the splash page, which will draw from a database. in other words, the splash page will change frequently.

anyway, let me know where you are with this, as i have messed with chilli AND nocat at one time or another. and actually saw them both work...

Yes I am. I was getting nowhere and shelved the project for the moment becuase I was spending too much time mucking with it. I am still VERY interested in getting this up properly.

All I'm looking for the 'new' WiFi users to see a very simple page that lets them know who is providing the website and to please visit that site when they get a chance (with a link to the site). For this project, I need no authentication or anything fancy. I just need them to be shown a splash page as they hit the 'Net.

Ideally, I would like Wireless Seperation running as well as the folks on the wireless not being able to get to the PC's on the wired. It would also be nice to have someway (Cron was suggested) to have the wireless be enabled/disabled based upon the store's open/close hours.

I didn't think it would be hard to find what I was looking for, but I was very wrong. ANY help you can give me to get me in the right direction would be GREATLY appreciated.

Thanks.

Right I'm doing the same theing here:

The reason your getting unrestticted access to the net is becuse the firewall rules are being loaded FIRST from /etc/init.d/S45firewall - which makes it function like an access point. Turning that off (make it unexecutable) start up NoCat with "splashd" and NoCat partly works. As in you can't access the net without pressing "login" on the splash screen - whats very frustrating is the splash screen doesn't pop up automatically like it should. For me and a friend at least. if you type

http://your.router.ip.address::5280/?redirect=http://www.piertopier.net

Up pops the splash a screen, hitting the login button gives you access to the net and divertes you as it should.

If only I can get the bloomin thing to pop up automatically I have it cracked...

Poblem MAY be the iptables stuff in NoCat (/usr/lib/NoCatSplash/inicialise.fw) which says has ....."-j REDIRECT --to-port $GatewayPort".... $GatewayPort is the port the splash screen listens on, and this command fails when you run that script with

iptables v1.3.1: Unknown arg `--to-port'

This mabe just beacuse the variable is not getting to it, but its might suspicious too me.....

Tom

(Last edited by oceanhippie on 29 Jul 2005, 11:58)

HOW TO GET NOCAT TO WORK USING RC2

Flash your wrtg to RC2,
do ipkg nocatsplash then probably reboot its been a while

edit /etc/nocat.conf - don't muck around with to much jsut the allowed webaddress if you want your own website unlocked, gateway timeout (its in seconds if made mine 2 hours) mine looks like:

AllowedWebHosts    www.piertopier.net

do chmod 444 /etc/init.d/R45firewall - this makes it unexecuatable so it doesn't load on boot and override NoCats capture.

do insmod ipt_REDIRECT - loads the Iptables module that handles redirection, needed divert to the splash screen

do splashd - loads up the NoCat Splash system - has its own firewall rules.

After this it works, I'm now goint to bite the bullet add the above to my start up and rebbot, hopfully the world will be my oyster (after carefully reading the terms and conditions and hitting "Login")

Tom piertopier.net

(Last edited by oceanhippie on 29 Jul 2005, 15:11)

Here's the startup script i'm using to run NoCat.
type vi /etc/init.d/S90Splash
hit i to enter edit mode
paste followin in (right click in putty)
#!/bin/sh
insmod ipt_REDIRECT
/usr/sbin/splashd > /dev/null

then hit [escape] :wq to write to disk and exit.

do:
chmod 755 S90Splash
to make it exeuatble.

Whiile wiriting one of my http://www.piertopier.net colegues sent me this proper start up script from another nocat package:

however it DOES'T load the absent iptables kernel module. His solution is to edit the /usr/lib/NoCatSplash/inicialise.fw and add ipt_REDIRECT to the bit near the top that loads other iptables modules

#!/bin/sh
#
# start/stop splashd super server.
case "$1" in
    start)
        echo -n "Starting NoCat splash server:"
        echo -n " splashd" ;
        /usr/sbin/splashd -D &
        echo "."
        ;;
    stop)
        echo -n "Stopping NoCat splash server:"
        echo -n " splashd" ;
        killall splashd
        echo "."
        ;;
    restart)
        echo -n "Restarting NoCat splash server:"
        echo -n " splashd"
        $0 stop
        $0 start
        echo "."
        ;;
    *)
        echo "Usage: $0 {start|stop|restart}"
        exit 1
        ;;
esac
exit 0

(Last edited by oceanhippie on 29 Jul 2005, 15:23)

hopefully final comment....
Nocat is well know for falling over from time to time. lo it does on openwrt too. I've seen serveral systems for bring it back from the dead MeshAP uses a cron job to test it and restart it. Pebble uses inittab to respawn it if it dies. I've now gone for the pebble method. here's my inittab - i don't pretend to uderstand it but it works.

::sysinit:/etc/init.d/rcS
::shutdown:/sbin/halt
tts/0::askfirst:/bin/ash --login
NC:23:respawn:start-stop-daemon -S -c nocat --exec /usr/sbin/splashd -D

With chillispot is about the same trick, use the provided chilly firewall script instead of the default. Then it works nice with hotradius from chillspot.com.

(Last edited by marc999 on 16 Aug 2005, 21:00)

After MANY fruitless hours trying to get nocatsplash to work on OpenWrt, I followed oceanhippie's suggestions and --  TA DAH! -- it works!

oceanhippie has put together the ideas above on a web page, here:
http://www.oceanhippie.net/content.php? … mp;Res=140

Thank you, op!

OK, despite adding this line to inittab:
NC:23:respawn:start-stop-daemon -S -c nocat --exec /usr/sbin/splashd -D

splashd still refuses to respawn after dying.
Is start-stop-daemon available?  It is not listed in busybox's list of functions.  So how can I get it on my WRT?  How can I get splashd to respawn after dies?

Your of course right that line in the initab doesn't work..... Sorry guys! It started from /etc/init.d/ and for once stayed up for a couple of days - by sheer luck I think.

Have unfortuanlty given up on nocat completely. Its not stable. On any platform bar a friends Pebble MiniITX box. Mind you thats where I got the innitab line from in the first place. Cos er.... nocat dies on pebble to and needs restarting. I think of nocat like Shrodingers Qauntum Cat. Its both alive and dead - you never know till you look at your linux box. Mind you its more oftern than not dead... Locust World meshap has a crontab job which basically goes "Oi nocat!" and if its dead restarts it. Pebble does it from inittab. It is an ex cat it has ceased to be.

I Love Chillispot! I wanna have its Babies. its wonderfull - Its worth learning radius just to get it all running. I have converted most of piertopier nets team to chillispot fan club too. Reluctantly, but its stability is brilliant. It also does very many very nice things, Radius Accounting, Mac Athentication, User and Password. You can also pass bandwidth, redirect urls, Staic IPs, Time limits, Data transfer limits etc from the Radius Sever. Also its tun0 interface leaves you free to use ospf and wds to mesh wrtg's It Rocks.

Ok so I havn't figured out ospf yet - its doing something but not sure what.

Tom

VERY QUICK CHILLISPOT HOWTO:

(works for me on RC2)

ipkg update
ipkg install chillispot.

Go to https://radius.chillispot.org/radius/ - sign up for a free radius acount (or get freeradius and DIY it).

On the wrtg edit chilli's setting with:

vi /etc/chilli.conf

The radius secret needs to be edited, as per confirmation email from the chillispot org radius.
dhcpif should be br0 FOR TESTING PERPOSES ONLY! If you do this chillispot will run with the default S45script! Its also posible to avoid being splashed - br0 has an ipaddress, so you can manually asign an address on its net and go arround chillispot, this is insecure, but very handy for testing, or if you are as incompetant as me.

dhcpif br0

If you use chillispot.org's splash then carry on, May need a secret set for that too.
If not find a weberserver somehere and put hotspotlogin.cgi on it its arroud the web some where so google for it, i got mine by isntalling the chillispot rpm for fedora core. I use a PHP  version istead now, writern by some nice Germans, l like php, and oddly, for an englishman Germans.

If you want a guest login then create an account on the radius called guest with password guest,

Ok you "Should" be ready to start chillispot now.
/etc/inti.d/chilli start

should do. If you've got the radius server and spalsh set rigth it will start if not it wont and will gripe. Fix it.

When you've got it to start, type:

killall dnsmasq

To shut down the default dhcp server - Chilli's got its own.

Do a release and a renew on a client device. You should have a 192.168.182.xxx ip and be spashed.

chilli helpfull logs interesting stuff typing

logread

should include its messages about dhcp and authentications.

to fix it so it starts on boot. Do
mv /etc/init.d/S45dnsmasq K45dnsmasq  - I've leanrd the crorrect way of doing it now, might not be S45 - I've removed dnsmasq, so no way to check
and
mv /etc/init.d/chilli S60chilli - so chilli will start isntead.

NOTE this post was rushed, and its not perfect. I jumped most of the above steps - more info from http://www.oceanhippie.net/wiki/index.p … WRT_howtos IT MAY DESROY YOUR LIFE, kill you kitten, scare you budgie and make life very unpleasant. No guarentee or liability acepted what ever you do:

Its not my fault....

Tom

Hi!
I hope this is the right place for this post, since I'm new to this kind of thing.
I want to setup a hotspot for my building neightbours using my WRT54GS v.4.
I want it to run completely on the router, since I don't want to keep the PC running (specially now, that summers coming).
I want it to be open only during my working hours and during the night, the rest of the time I want it to act as normal (closed, WEP encrypted). This must be automated.
I want a custom splash screen to welcome users (and maybe showing a kind of agreement). I want it to be a custom page because I want to publicise the hotspot among my neighbours and I need a consistent image to make sure they are using my connection and not other peoples connection (to avoid problems).
If you can point me to how-tos or resources to get this done, I'll really appreciate it.
Please, keep in mind that I'm a graphic designer and I have little knowledge of *nix (I'm just starting to play with Linux).
Thanks in advance.

Damian

I would do somehting like:
Set you box up for your home net? I assume it is.
enable cron using instuctions here.
http://wiki.openwrt.org/HowtoEnableCron
install nocat  instuctions above or on my website:
http://www.oceanhippie.net/content.php? … mp;Res=140 - ignoring the start up stuff like stoping S45firewall leave that intact, also don't do the innittab bit eather - for starters it doesn't work.
use the start up script for nocat above, but call it /etc/init.d/nocat - don't stick an s on the front so it doesn't start on boot. Saftey first!
Then create a cron job at 9:00am pointing to a script something like

#!/bin/sh
#PierToPier.net Daytime HotSport Starter Use at own risk!
#Not my fault, you ran it.
# flush firewall rules - nocat has its own
iptables -F INPUT
iptables -F OUTPUT 
iptables -F FORWARD
#turn wep off (insert wireless inteface name for you model) and give it a different ssid
iwconfig [ifnamehere] essid "free hotspot" key off
#start nocat splash
/etc/init.d/nocat start
# end hotpsot start script

then at 5:00 have a cron job run a script like:

#!/bin/sh
#PierToPier.net Daytime HotSport Stopper Use at own risk!
#Not my fault, you ran it.
#Stop nocat
/etc/init.d/nocat stop
#revert to "Normal" configuration" as stored in NvRam
ifup wifi
wifi up
#sort the firewall out
/etc/init.d/S45firewall

If you want to swich over when your throwing a sicky then just type the stop script or start script by hand as apropriate.

CAVEAT: the chances are neither of those scripts will actually work. But the concepts sound enought you may have to fiddle a bit. Do the scripts FIRST then when they work to you satisfaction add the cron jobs (pleanty of help on cron on the internet).
You could do the same thing with chillispot, nocat can crash on a wrtg sometimes, however it'll be fine if your going to start and stop it regularly. Chillspot however requires an external radius and you'll have to get an http server running for it on the ap too. NoCat has its own http server for the splash.

Oh and if you get it too work do say I'm sure your not the only person who'd want to do somehting like that!

Tom - Free hotspot 27/7(when I'm not experimenting with it)

(Last edited by oceanhippie on 13 Mar 2006, 14:27)

Guilt set in (finaly) today that for ages the link to my website posted by someone above contains instrcutions on getting NoCat to work which were wrong..... I've fixed it.

http://www.oceanhippie.net/content.php? … mp;Res=140

Now should actaully work.....

Tom

You may also try my setup consisting of Chillispot + WDS + OpenWRT:

http://www.chillispot.org/forum/viewtopic.php?t=1216

For reference I recently got this to work using kamikaze:

http://wiki.openwrt.org/HotspotHowTo