I decide to create hotspot from my server to allow other connect to Internet for free. I used “Captive portal” solution based on these applications:
When somebody wants to connect to Internet using my wifi, the first page he can see is the register/login page (whatever page he wants to visit).
After registration/login he is able to connect to Internet.
So let’s see how I did it.
Let’s have one server with two network interfaces – first (eth0) goes to Internet, the second one (eth1) is the wifi for “unknown” clients.
Intermet —eth0-dhcp-Hot Spot Server-eth1-192.168.10.1———((((- ))))———–Client Read the rest of this entry »
Posted in databases, debian, mysql, Networking, ubuntu | 5 Comments »
How to NAT on freebsd for LAN network/SOHO February 17th, 2010
Network Address Translation (NAT, also known as Network Masquerading, Native Address Translation or IP Masquerading) involves re-writing the source and/or destination addresses of IP packets as they pass through a router or firewall. Most systems using NAT do so in order to enable multiple hosts on a private network to access the Internet using a single public IP address (see gateway). Many network administrators find NAT a convenient technique and use it widely. Nonetheless, NAT can introduce complications in communication between hosts and may have a performance impact.
As FreeBSD mania, i would like to share my experience build up a NAT gateway.
this is the topology.
LAN NETWORK ———> freebsd NAT ROUTER/GATEWAY ———-> INTERNET
I would like to use NAT in this case. The gateway has two NIC, one for the upstream and one for the downstream. I use realtek interface card to be the upstream interface. I give it IP address 202.14.xxx.xxx. And the other interface i give IP address 192.168.1.1.
Then I use packet filter ( PF ) to run NAT function.
This is the configuration to load pf in booting system.
use kldload pf to enable module in kernal by default its loaded
use pfctl -e command to enable pf firewall
edit your /etc/rc.conf
pf_enable="YES"
pf_rules="/etc/pf.conf"
pflog_enable="YES"
pflog_logfile="/var/log/pflog"
gateway_enable="YES"
then edit the /etc/pf.conf
nat on rl0 from 192.168.1.0/24 to any -> (rl0)
after that, try the PC client the allocation IP address.
And,
if problem add this line to /etc/sysctl.conf
sysctl net.inet.ip.forwarding=1
Its done.
Happy Nating!
Posted in feebsd, Networking | No Comments »
how to compile kernel for transparent squid and pf & install latest squid on freebsd 8 February 12th, 2010
First we will compile kernal
proxy # cd / usr/src/sys/i386/conf /
backup your kernel configuration file used to it:
Proxy # cp GENERIC GENERIC-BAK
edit GENERIC file with your favorite editor
Proxy#nano GENERIC
and add these below options
its is optional for telling your kernal about cpu
cpu I686_CPU
#For optimizing squid #
options SYSVMSG
options MSGMNB=32768
options MSGMNI=164
options MSGSEG=8196
options MSGSSZ=512
options MSGTQL=2048
Add these lines below device
# For PF #
device pf
device pflog
device pfsync
options ALTQ
options ALTQ_CBQ # Class Bases Queuing (CBQ)
options ALTQ_RED # Random Early Detection (RED)
options ALTQ_RIO # RED In / Out
options ALTQ_HFSC # Hierarchical Packet Scheduler (HFSC)
options ALTQ_PRIQ # Priority Queuing (PRIQ)
options ALTQ_NOPCC # Required for SMP build
after that
Proxy # config GENERIC
proxy # cd .. / .. / compile / GENERIC
or some times if you have installed standard installation then
proxy # cd .. / compile / GENERIC
proxy # make & & make depend
proxy # make & & make install
Install Squid
we need perl
proxy# cd /usr/ports/lang/perl5.10/
proxy# make install clean
Create group and user that will be used to run the squid:
proxy# pw group add squid -g 100
proxy# pw user add squid -u 100 -g squid -s /usr/sbin/nologin -d /usr/local/squid
proxy# chown -Rv squid:squid /cache
proxy# cd /usr/local/
proxy# fetch http://www.squid-cache.org/Versions/v3/3.0/squid-3.0.STABLE23.tar.bz2
proxy# tar -zxvf squid-3.0.STABLE23.tar.bz2
proxy# cd squid-3.0.STABLE23
proxy# ./configure -prefix=/usr/local/squid \
–enable-gnuregex \
–enable-async-io=24 –with-pthreads –with-aio –with-dl –with-aufs-threads=24 –with-pthreads \
-enable-pf-transparent \
–enable-ipfw-transparent \
-enable-storeio=aufs \
-enable-removal-policies=heap \
-enable-delay-pools \
-enable-underscores \
–enable-http-violations \
–enable-unlinkd \
-enable-snmp \
-enable-useragent-log \
-enable-htcp \
-enable-ssl \
-enable-icmp \
–enable-poll \
-enable-arp-acl \
-enable-cache-digests \
-enable-kill-parent-hack \
-enable-large-cache-files \
-enable-follow-x-forwarded-for \
-enable-default-err-languages=English \
-enable-err-languages=English \
-disable-ident-lookups \
-disable-hostname-checks \
-disable-wccpv2 \
-disable-wccp && “Successful Done”proxy# make && make install
After that edit the squid.conf is in accordance with the needs
proxy# ee /usr/local/squid/etc/squid.conf
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl localnet src 192.168.10.0/27
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access allow localhost
http_access deny all
http_port 8080 transparent
hierarchy_stoplist cgi-bin ?cache_mem 6 MB
maximum_object_size_in_memory 32 KB
memory_replacement_policy heap LFUDAcache_replacement_policy heap GDSF
cache_dir aufs /cache 10000 24 256
maximum_object_size 128 MB
cache_swap_low 90
cache_swap_high 95access_log /var/log/squid/logs/access.log
cache_log /var/log/squid/logs/cache.logcoredump_dir /cache
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320cache_mgr webmaster@domainku.com-(0752-xxxxxx)
cachemgr_passwd squid-cache password
cache_effective_user squid
cache_effective_group squid
proxy# squid -z
2009/05/10 16:38:37| Creating Swap Directories
first lets check the configuration with the command:
proxy # / usr / local / squid / sbin / squid-k parse
proxy # / usr / local / squid / sbin / squid-NCd1
once considered sufficient, a squid path:
proxy # / usr / local / squid / sbin / squid
and to run the config change, can be a command
proxy # / usr / local / squid / sbin / squid-k reconfigure
let me restart the streets every time the input parameters to the / etc / rc.conf
squid_enable = “YES”
pf_enable = “YES”
or enter the command /usr/local/squid/sbin/squid to /etc/rc.local
then add in / etc/ rc.local
chgrp squid /dev/pf & & chmod g+rw /dev/ pf
Posted in feebsd, Networking | No Comments »
