root/trunk/wifidog/wifidog.conf

Revision 1422, 6.7 KB (checked in by gbastien, 8 years ago)

* Release 20090925
* Update contrib Makefiles

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
Line 
1# $Id$
2# WiFiDog Configuration file
3
4# Parameter: GatewayID
5# Default: default
6# Optional
7#
8# Set this to the node ID on the auth server
9# This is used to give a customized login page to the clients and for
10# monitoring/statistics purpose. If you run multiple gateways on the same
11# machine each gateway needs to have a different gateway id.
12# If none is supplied, the mac address of the GatewayInterface interface will be used,
13# without the : separators
14
15# GatewayID default
16
17# Parameter: ExternalInterface
18# Default: NONE
19# Optional
20#
21# Set this to the external interface (the one going out to the Inernet or your larger LAN). 
22# Typically vlan1 for OpenWrt, and eth0 or ppp0 otherwise,
23# Normally autodetected
24
25# ExternalInterface eth0
26
27# Parameter: GatewayInterface
28# Default: NONE
29# Mandatory
30#
31# Set this to the internal interface (typically your wifi interface).   
32# Typically br0 for whiterussian, br-lan for kamikaze (by default the wifi interface is bridged with wired lan in openwrt)
33# and eth1, wlan0, ath0, etc. otherwise
34# You can get this interface with the ifconfig command and finding your wifi interface
35
36GatewayInterface br0
37
38# Parameter: GatewayAddress
39# Default: Find it from GatewayInterface
40# Optional
41#
42# Set this to the internal IP address of the gateway.  Not normally required.
43
44# GatewayAddress 192.168.1.1
45
46# Parameter: HtmlMessageFile
47# Default: wifidog-msg.html
48# Optional
49#
50# This allows you to specify a custome HTML file which will be used for
51# system errors by the gateway. Any $title, $message and $node variables
52# used inside the file will be replaced.
53#
54# HtmlMessageFile /opt/wifidog/etc/wifidog-.html
55
56# Parameter: AuthServer
57# Default: NONE
58# Mandatory, repeatable
59#
60# This allows you to configure your auth server(s).  Each one will be tried in order, untill one responds.
61# Set this to the hostname or IP of your auth server(s), the path where
62# WiFiDog-auth resides in and the port it listens on.
63#AuthServer {
64#       Hostname                 (Mandatory; Default: NONE)
65#       SSLAvailable             (Optional; Default: no; Possible values: yes, no)
66#       SSLPort                  (Optional; Default: 443)
67#       HTTPPort                 (Optional; Default: 80)
68#       Path                     (Optional; Default: /wifidog/ Note:  The path must be both prefixed and suffixed by /.  Use a single / for server root.)
69#   LoginScriptPathFragment  (Optional; Default: login/? Note:  This is the script the user will be sent to for login.)
70#   PortalScriptPathFragment (Optional; Default: portal/? Note:  This is the script the user will be sent to after a successfull login.)
71#   MsgScriptPathFragment    (Optional; Default: gw_message.php? Note:  This is the script the user will be sent to upon error to read a readable message.)
72#   PingScriptPathFragment    (Optional; Default: ping/? Note:  This is the script the user will be sent to upon error to read a readable message.)
73#   AuthScriptPathFragment    (Optional; Default: auth/? Note:  This is the script the user will be sent to upon error to read a readable message.)
74#}
75
76#AuthServer {
77#    Hostname auth.ilesansfil.org
78#    SSLAvailable yes
79#    Path /
80#}
81
82#AuthServer {
83#    Hostname auth2.ilesansfil.org
84#    SSLAvailable yes
85#    Path /
86#}
87
88# Parameter: Daemon
89# Default: 1
90# Optional
91#
92# Set this to true if you want to run as a daemon
93# Daemon 1
94
95# Parameter: GatewayPort
96# Default: 2060
97# Optional
98#
99# Listen on this port
100# GatewayPort 2060
101
102# Parameter: HTTPDName
103# Default: WiFiDog
104# Optional
105#
106# Define what name the HTTPD server will respond
107# HTTPDName WiFiDog
108
109# Parameter: HTTPDMaxConn
110# Default: 10
111# Optional
112#
113# How many sockets to listen to
114# HTTPDMaxConn 10
115
116# Parameter: HTTPDRealm
117# Default: WiFiDog
118# Optional
119#
120# The name of the HTTP authentication realm. This only used when a user
121# tries to access a protected WiFiDog internal page. See HTTPUserName.
122# HTTPDRealm WiFiDog
123
124# Parameter: HTTPDUserName / HTTPDPassword
125# Default: unset
126# Optional
127#
128# The gateway exposes some information such as the status page through its web
129# interface. This information can be protected with a username and password,
130# which can be set through the HTTPDUserName and HTTPDPassword parameters.
131# HTTPDUserName admin
132# HTTPDPassword secret
133
134# Parameter: CheckInterval
135# Default: 60
136# Optional
137#
138# How many seconds should we wait between timeout checks.  This is also
139# how often the gateway will ping the auth server and how often it will
140# update the traffic counters on the auth server.  Setting this too low
141# wastes bandwidth, setting this too high will cause the gateway to take
142# a long time to switch to it's backup auth server(s).
143
144# CheckInterval 60
145
146# Parameter: ClientTimeout
147# Default: 5
148# Optional
149#
150# Set this to the desired of number of CheckInterval of inactivity before a client is logged out
151# The timeout will be INTERVAL * TIMEOUT
152ClientTimeout 5
153
154# Parameter: TrustedMACList
155# Default: none
156# Optional
157#
158# Comma separated list of MAC addresses who are allowed to pass
159# through without authentication
160#TrustedMACList 00:00:DE:AD:BE:AF,00:00:C0:1D:F0:0D
161
162# Parameter: FirewallRuleSet
163# Default: none
164# Mandatory
165#
166# Groups a number of FirewallRule statements together.
167
168# Parameter: FirewallRule
169# Default: none
170#
171# Define one firewall rule in a rule set.
172
173# Rule Set: global
174#
175# Used for rules to be applied to all other rulesets except locked.
176FirewallRuleSet global {
177    ## To block SMTP out, as it's a tech support nightmare, and a legal liability
178    #FirewallRule block tcp port 25
179   
180    ## Use the following if you don't want clients to be able to access machines on
181    ## the private LAN that gives internet access to wifidog.  Note that this is not
182    ## client isolation;  The laptops will still be able to talk to one another, as
183    ## well as to any machine bridged to the wifi of the router.
184    # FirewallRule block to 192.168.0.0/16
185    # FirewallRule block to 172.16.0.0/12
186    # FirewallRule block to 10.0.0.0/8
187   
188    ## This is an example ruleset for the Teliphone service.
189    #FirewallRule allow udp to 69.90.89.192/27
190    #FirewallRule allow udp to 69.90.85.0/27
191    #FirewallRule allow tcp port 80 to 69.90.89.205
192}
193
194# Rule Set: validating-users
195#
196# Used for new users validating their account
197FirewallRuleSet validating-users {
198    FirewallRule allow to 0.0.0.0/0
199}
200
201# Rule Set: known-users
202#
203# Used for normal validated users.
204FirewallRuleSet known-users {
205    FirewallRule allow to 0.0.0.0/0
206}
207
208# Rule Set: unknown-users
209#
210# Used for unvalidated users, this is the ruleset that gets redirected.
211#
212# XXX The redirect code adds the Default DROP clause.
213FirewallRuleSet unknown-users {
214    FirewallRule allow udp port 53
215    FirewallRule allow tcp port 53
216    FirewallRule allow udp port 67
217    FirewallRule allow tcp port 67
218}
219
220# Rule Set: locked-users
221#
222# Not currently used
223FirewallRuleSet locked-users {
224    FirewallRule block to 0.0.0.0/0
225}
Note: See TracBrowser for help on using the browser.