Differences

This shows you the differences between two versions of the page.

--- router_setup_instructions [2007/05/28 11:31]
66.207.222.14
+++ router_setup_instructions [2011/04/26 15:16]
gabe
@@ Line 1: / Line 1: @@
 ====== Linksys WRT54G setup with WiFi Dog instructions ======
   - make sure you have the supported version of OpenWRT -- get it here:
@@ Line 22: / Line 22: @@
 ipkg update
 ipkg install iptables-extra  kmod-iptables-extra libpthread libgcc
-ipkg install http://wirelesstoronto.ca/dist/wifidog_1.1.3_beta6-1_mipsel_whiterussianRC6.ipk
+ipkg install http://wirelesstoronto.ca/dist/wifidog_1.1.5-1_mipsel_whiterussian.ipk
 vi /etc/wifidog.conf
 </code>
@@ Line 28: / Line 28: @@
   - Uncomment the ExternalInterface line, and change the value to vlan1
   - Change the value of the GatewayInterface line to br0
-  - Paste this into the AuthServer section:<code>
+  - Paste the appropriate chunk into the AuthServer section:
+    - for wifidog versions prior to 1.1.3:<code>
 AuthServer {
 Hostname auth.wirelesstoronto.ca
 SSLAvailable yes
+Path /
+}
+</code>
+    - for wifidog versions 1.1.3 and later:<code>
+AuthServer {
+Hostname auth.wirelesstoronto.ca
+SSLPort 443
 Path /
 }
@@ Line 119: / Line 127: @@
   - http://wrt54g.free.fr/openwrt/b4/ipkg/openvpn_2.0test19_mipsel.ipk
-===== Upgrading OpenWRT to latest version (might be out of date) =====
-Cobbled together from instructions:
+===== Upgrading OpenWRT to latest version =====
+Perhaps refer to (newer?) instructions at:
   * http://wiki.openwrt.org/OpenWrtDocs/Installing#head-4f88301b6db87e0ff6c54cb4e65102e7aae8f6d9
   * http://wiki.openwrt.org/OpenWrtDocs/Deinstalling
-  - Wget new firmware
+  - cd /tmp
-  - wget mtd.static
+  - wget http://downloads.openwrt.org/whiterussian/rc6/bin/openwrt-brcm-2.4-squashfs.trx
-  - Upgrade using mtd
+  - mtd -r write firmware.trx linux
   - telnet to 192.168.1.1 and set password using 'passwd'. Telnet will be disabled and SSH enabled.
@@ Line 213: / Line 222: @@
 </code>
+===== preventing wifi users from accessing the local LAN =====
+add to the end of /etc/firewall.user:
+<code>
+### secure the LAN
+iptables -A forwarding_rule -s 192.168.1.0/24 -d 172.18.92.0/24 -j DROP
+iptables -A input_rule -s 192.168.1.0/24 -d 172.18.92.0/24 -j DROP
+</code>
+where 192.168.17.0 is the wired LAN.  you won't be able to ping 192.168.17.1, but traffic will still flow through it
+===== separating wifi & wired networks ("breaking the bridge") =====
+You'd want to do this if you want wifi users to authenticate to wifidog, but for computers plugged into the ethernet ports to not have to authenticate.
+The original config on the router is probably:<code>
+lan_ifname="br0"
+lan_proto=static
+lan_ipaddr=192.168.1.1
+lan_netmask=255.255.255.0
+wifi_ifname=""
+wifi_proto=""
+wifi_ipaddr=""
+wifi_netmask=""
+lan_ifnames="vlan0 eth1 eth2"
+</code>
+Run these commands:<code>
+nvram set lan_ifname=vlan0
+nvram set lan_proto=static
+nvram set lan_ipaddr=192.168.2.1
+nvram set lan_netmask=255.255.255.0
+nvram set wifi_ifname=eth1
+nvram set wifi_proto=static
+nvram set wifi_ipaddr=192.168.1.1
+nvram set wifi_netmask=255.255.255.0
+nvram set lan_ifnames=vlan0
+nvram commit
+</code>
+Edit /etc/dnsmasq.conf, adding these lines:<code>
+dhcp-range=eth1,192.168.1.100,192.168.2.250,255.255.255.0,12h
+dhcp-range=vlan0,192.168.2.100,192.168.2.250,255.255.255.0,12h
+</code>
+Edit /etc/wifidog.conf, and change "GatewayInterface" to eth1
+Reboot
+(Done!)

Wireless Toronto

User Tools

Site Tools

Differences

Page Tools