User Tools

Site Tools


router_setup_instructions

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
router_setup_instructions [2007/07/20 10:52]
gabe
router_setup_instructions [2013/09/28 16:06] (current)
Line 1: Line 1:
-====== Linksys WRT54G setup with WiFi Dog instructions ======+====== Linksys WRT54G setup with WiFi Dog instructions ====== ​
  
   - make sure you have the supported version of OpenWRT -- get it here:   - make sure you have the supported version of OpenWRT -- get it here:
Line 22: Line 22:
 ipkg update ipkg update
 ipkg install iptables-extra ​ kmod-iptables-extra libpthread libgcc ipkg install iptables-extra ​ kmod-iptables-extra libpthread libgcc
-ipkg install http://​wirelesstoronto.ca/​dist/​wifidog_1.1.3-1_mipsel.ipk+ipkg install http://​wirelesstoronto.ca/​dist/​wifidog_1.1.5-1_mipsel_whiterussian.ipk
 vi /​etc/​wifidog.conf vi /​etc/​wifidog.conf
 </​code>​ </​code>​
Line 28: Line 28:
   - Uncomment the ExternalInterface line, and change the value to vlan1   - Uncomment the ExternalInterface line, and change the value to vlan1
   - Change the value of the GatewayInterface line to br0   - Change the value of the GatewayInterface line to br0
-  - Paste this into the AuthServer section:<​code>​+  - Paste the appropriate chunk into the AuthServer section
 +    - for wifidog versions prior to 1.1.3:<​code>​
 AuthServer { AuthServer {
 Hostname auth.wirelesstoronto.ca Hostname auth.wirelesstoronto.ca
 SSLAvailable yes SSLAvailable yes
 +Path /
 +}
 +</​code>​
 +    - for wifidog versions 1.1.3 and later:<​code>​
 +AuthServer {
 +Hostname auth.wirelesstoronto.ca
 +SSLPort 443
 Path / Path /
 } }
Line 214: Line 222:
 </​code>​ </​code>​
  
 +===== preventing wifi users from accessing the local LAN =====
 +
 +add to the end of /​etc/​firewall.user:​
 +
 +<​code>​
 +### secure the LAN
 +iptables -A forwarding_rule -s 192.168.1.0/​24 -d 172.18.92.0/​24 -j DROP
 +iptables -A input_rule -s 192.168.1.0/​24 -d 172.18.92.0/​24 -j DROP
 +</​code>​
 +
 +where 192.168.17.0 is the wired LAN.  you won't be able to ping 192.168.17.1,​ but traffic will still flow through it
 +
 +===== separating wifi & wired networks ("​breaking the bridge"​) =====
 +
 +You'd want to do this if you want wifi users to authenticate to wifidog, but for computers plugged into the ethernet ports to not have to authenticate.
 +
 +The original config on the router is probably:<​code>​
 +lan_ifname="​br0"​
 +lan_proto=static
 +lan_ipaddr=192.168.1.1
 +lan_netmask=255.255.255.0
 +wifi_ifname=""​
 +wifi_proto=""​
 +wifi_ipaddr=""​
 +wifi_netmask=""​
 +lan_ifnames="​vlan0 eth1 eth2"
 +</​code>​
 +
 +Run these commands:<​code>​
 +nvram set lan_ifname=vlan0
 +nvram set lan_proto=static
 +nvram set lan_ipaddr=192.168.2.1
 +nvram set lan_netmask=255.255.255.0
 +nvram set wifi_ifname=eth1
 +nvram set wifi_proto=static
 +nvram set wifi_ipaddr=192.168.1.1
 +nvram set wifi_netmask=255.255.255.0
 +nvram set lan_ifnames=vlan0
 +nvram commit
 +</​code>​
 +
 +Edit /​etc/​dnsmasq.conf,​ adding these lines:<​code>​
 +dhcp-range=eth1,​192.168.1.100,​192.168.1.250,​255.255.255.0,​12h
 +dhcp-range=vlan0,​192.168.2.100,​192.168.2.250,​255.255.255.0,​12h
 +</​code>​
 +
 +Edit /​etc/​wifidog.conf,​ and change "​GatewayInterface"​ to eth1
 +
 +Reboot
 +
 +(Done!)
router_setup_instructions.1184946724.txt.gz · Last modified: 2013/09/28 16:06 (external edit)