Sophie: nocatsplash-0.91-1mdk src

nocatsplash-0.91-1mdk.src.rpm

NoCatSplash Basic Setup		Dec 15, 2004 S.Benedict

Testing of the package was done with a fairly basic setup.  I've included 
this document just as a little more of a guide to getting things going.

There are security issues of course in opening your network to public 
access.  A more secure setup would be to use a seperate gateway machine.

WAP -> eth1 -> install machine -> eth0 -> WAP/Router -> Cable Modem

eth1: 192.168.193.0
eth0: 192.168.192.0

WAP 		Open System, 
		no WEP 
		fixed IP 192.168.193.2
		channel 11
		ESSID norris_net

WAP/Router  	Shared Key
		128 Bit WEP
		fixed IP 192.168.192.12
		channel 6
		ESSID ays_net

Server		eth1 is 192.168.193.1
		eth0 is 192.168.192.45
		gateway is 192.168.192.12

The fact that the Router also is a WAP is incidental.  As it turns out, it 
allows me to continue to use WEP on that box for my own devices, while 
allowing open access through the WAP for public access. The WAP has a 
12dBi omni antenna mounted on the roof.  I live in a very rural area, so 
my exposure as far as war driving etc., is pretty small. 

Iptables is installed on the server machine. You would want to have IP 
forwarding/masquerading enabled to forward the eth1 traffic to eth0 for 
outside access.

A script to set this up, if you're not using the "Internet Sharing" setup 
can be found at (works for 2.6 kernel also):

http://www.ecst.csuchico.edu/~dranch/LINUX/ipmasq/examples/rc.firewall-2.4

I'm running dhcpd on the server machine, with fixed IPs asigned to my own 
gear, and a dynamic pool to the 192.168.193 network.  I'm also running 
named on this machine. domain-anme-servers should point to an appropriate 
address.

subnet 192.168.193.0 netmask 255.255.255.0 {
        # default gateway
        option routers 192.168.193.1;
        option subnet-mask 255.255.255.0;

        option domain-name "linuxcontrol.org";
        option domain-name-servers    192.168.193.1;
        option nis-domain "linuxcontrol.org";

        range dynamic-bootp 192.168.193.100 192.168.193.150;
        default-lease-time 21600;
        max-lease-time 43200;
}

For an initial test you can make 2 changes to /etc/nocat.conf:

LoginTimeout    120	

(users will need to acknowledge again after 2 minutes)

LocalNetwork    192.168.193.0/24

(this should agree with your WAP end of the network)

If your setup resembles mine, ExternalDevice and InternalDevice of eth0 
and eth1 whould be correct.  Otherwise change accordingly.

You can also tailor which protocols you want to pass. by default 
everything but port 25 is open.

Just to be sure, you may want to flush any iptables rules:

[root@powerbook root]# iptables -F

Now running splashd from the command line should show something like this 
when you use a wireless device connected to the public side of the network 
and try to browse the web. (In this case a Zaurus 5500). When I try to 
browse to mapquest, I instead get the NoCatSplash banner page and have to 
acknowledge that I'm using the network, then I'm redirected to my desired 
URL.  After 120 secs, I'll again see the splash screen, should I continue 
to try and browse the internet.

[root@powerbook root]# splashd 
Message: Read 31 config items from /etc/nocat.conf

** WARNING **: Got command /usr/lib/nocat/initialize.fw from action 
ResetCmd

** WARNING **: ResetCmd of peer (null) returned 1
Message: starting main loop
DEBUG: adder: adding an item 0x10002ca4
DEBUG: adder: queue == 0, waking all workers
DEBUG: worker 16386: dequeuing item 0x10002ca4
Message: Checking peers for expiration
DEBUG: adder: adding an item 0x10002ca4
DEBUG: adder: queue == 0, waking all workers
DEBUG: worker 16386: dequeuing item 0x10002ca4
Message: Checking peers for expiration
DEBUG: adder: adding an item 0x10002dec
DEBUG: adder: queue == 0, waking all workers
DEBUG: worker 16386: dequeuing item 0x10002dec
Message: thread entering handle_read
Message: Header in: User-agent=Mozilla/4.0 (compatible; MSIE 5.0; Linux 
2.4.6-rmk1-np2-embedix armv4l; 240x320) Opera 5.0  [en]
Message: Header in: Host=192.168.193.1:5280
Message: Header in: Accept=text/html, image/png, image/jpeg, image/gif, 
image/x-xbitmap, */*
Message: Header in: Accept-encoding=deflate, gzip, x-gzip, identity, *;q=0
Message: Header in: 
Referer=http://192.168.193.1:5280/?redirect=http%3A//www.mapquest.com/redir.adp
Message: Header in: Connection=Keep-Alive, TE
Message: Header in: Content-type=application/x-www-form-urlencoded
Message: Header in: Content-length=81
Message: Accepting peer 192.168.193.148

** WARNING **: Got command /usr/lib/nocat/access.fw permit 
00:06:25:24:91:35 192.168.193.148 Public from action PermitCmd
Message: Header out: HTTP/1.1 302 Moved
Location: http://www.mapquest.com/redir.adp

Message: thread exiting handle_read
DEBUG: adder: adding an item 0x10002ca4
DEBUG: adder: queue == 0, waking all workers
DEBUG: worker 16386: dequeuing item 0x10002ca4
Message: Checking peers for expiration
Message: Checking peer 192.168.193.148 for expire: 117 sec. remain
DEBUG: adder: adding an item 0x10002ca4
DEBUG: adder: queue == 0, waking all workers
DEBUG: worker 16386: dequeuing item 0x10002ca4
Message: Checking peers for expiration
Message: Checking peer 192.168.193.148 for expire: 112 sec. remain
DEBUG: adder: adding an item 0x10002ca4
DEBUG: adder: queue == 0, waking all workers
DEBUG: worker 16386: dequeuing item 0x10002ca4
Message: Checking peers for expiration
Message: Checking peer 192.168.193.148 for expire: 107 sec. remain
DEBUG: adder: adding an item 0x10002ca4
DEBUG: adder: queue == 0, waking all workers
DEBUG: worker 16386: dequeuing item 0x10002ca4
Message: Checking peers for expiration
Message: Checking peer 192.168.193.148 for expire: 102 sec. remain
DEBUG: adder: adding an item 0x10002ca4
DEBUG: adder: queue == 0, waking all workers
DEBUG: worker 16386: dequeuing item 0x10002ca4
Message: Checking peers for expiration
Message: Checking peer 192.168.193.148 for expire: 92 sec. remain
DEBUG: adder: adding an item 0x10002ca4
DEBUG: adder: queue == 0, waking all workers
DEBUG: worker 16386: dequeuing item 0x10002ca4
Message: Checking peers for expiration
Message: Checking peer 192.168.193.148 for expire: 47 sec. remain
DEBUG: adder: adding an item 0x10002ca4
DEBUG: adder: queue == 0, waking all workers
DEBUG: worker 16386: dequeuing item 0x10002ca4
Message: Checking peers for expiration
Message: Checking peer 192.168.193.148 for expire: 42 sec. remain
DEBUG: adder: adding an item 0x10002ca4
DEBUG: adder: queue == 0, waking all workers
DEBUG: worker 16386: dequeuing item 0x10002ca4
Message: Checking peers for expiration
Message: Checking peer 192.168.193.148 for expire: 37 sec. remain
DEBUG: adder: adding an item 0x10002ca4
DEBUG: adder: queue == 0, waking all workers
DEBUG: worker 16386: dequeuing item 0x10002ca4
Message: Checking peers for expiration
Message: Checking peer 192.168.193.148 for expire: 32 sec. remain
DEBUG: adder: adding an item 0x10002ca4
DEBUG: adder: queue == 0, waking all workers
DEBUG: worker 16386: dequeuing item 0x10002ca4
Message: Checking peers for expiration
Message: Checking peer 192.168.193.148 for expire: 27 sec. remain
DEBUG: adder: adding an item 0x10002ca4
DEBUG: adder: queue == 0, waking all workers
DEBUG: worker 16386: dequeuing item 0x10002ca4
Message: Checking peers for expiration
Message: Checking peer 192.168.193.148 for expire: 22 sec. remain
DEBUG: adder: adding an item 0x10002ca4
DEBUG: adder: queue == 0, waking all workers
DEBUG: worker 16386: dequeuing item 0x10002ca4
Message: Checking peers for expiration
Message: Checking peer 192.168.193.148 for expire: 17 sec. remain
DEBUG: adder: adding an item 0x10002ca4
DEBUG: adder: queue == 0, waking all workers
DEBUG: worker 16386: dequeuing item 0x10002ca4
Message: Checking peers for expiration
Message: Checking peer 192.168.193.148 for expire: 12 sec. remain
DEBUG: adder: adding an item 0x10002ca4
DEBUG: adder: queue == 0, waking all workers
DEBUG: worker 16386: dequeuing item 0x10002ca4
Message: Checking peers for expiration
Message: Checking peer 192.168.193.148 for expire: 7 sec. remain
DEBUG: adder: adding an item 0x10002ca4
DEBUG: adder: queue == 0, waking all workers
DEBUG: adder: queue == 0, waking all workers
DEBUG: worker 16386: dequeuing item 0x10002ca4
Message: Checking peers for expiration
Message: Checking peer 192.168.193.148 for expire: 2 sec. remain
DEBUG: adder: adding an item 0x10002ca4
DEBUG: adder: queue == 0, waking all workers
DEBUG: worker 16386: dequeuing item 0x10002ca4
Message: Checking peers for expiration
Message: Checking peer 192.168.193.148 for expire: 4294967293 sec. remain
Message: Removing peer 192.168.193.148

** WARNING **: Got command /usr/lib/nocat/access.fw deny 00:06:25:24:91:35 
192.168.193.148 Public from action DenyCmd
DEBUG: adder: adding an item 0x10002ca4
DEBUG: adder: queue == 0, waking all workers
DEBUG: worker 16386: dequeuing item 0x10002ca4
Message: Checking peers for expiration
DEBUG: adder: adding an item 0x10002ca4
DEBUG: adder: queue == 0, waking all workers
DEBUG: worker 16386: dequeuing item 0x10002ca4
Message: Checking peers for expiration
Message: Caught SIGINT!
Message: exiting main loop

(I intentionally Ctrl-C'd out of the daemon).

That's it!  The daemon could probably use an initscript, and the sister 
software NoCatAuth, has a 2 part authentication and gateway setup that 
allows you to define classes of users with more or less access in terms of 
time allotted and what protocols they might use. NoCatSplash will probably 
grow to include more features.  The program is in it's early stages right 
now.