X-Git-Url: http://git.openwrt.org/?p=openwrt%2Fsvn-archive%2Farchive.git;a=blobdiff_plain;f=net%2Fwifidog%2Ffiles%2Fwifidog.conf;h=c316ec32364493b287ef14fc7d8768c6d172c905;hp=10b173a9a2f1cbf2cedc25e6e09b9dba26b3f6ef;hb=2aac3d612c32a51c9a3a1fac12ddf7f86b36bf88;hpb=6bb6b82d6afb5f2711231e588a3aafdbedd3b62e diff --git a/net/wifidog/files/wifidog.conf b/net/wifidog/files/wifidog.conf index 10b173a9a2..c316ec3236 100644 --- a/net/wifidog/files/wifidog.conf +++ b/net/wifidog/files/wifidog.conf @@ -1,13 +1,15 @@ -# $Header$ +# $Id$ # WiFiDog Configuration file # Parameter: GatewayID # Default: default -# Optional but essential for monitoring purposes +# Optional # -# Set this to the template ID on the auth server -# this is used to give a customized login page to the clients -# If none is supplied, the default login page will be used. +# Set this to the node ID on the auth server +# this is used to give a customized login page to the clients and for +# monitoring/statistics purpose +# If none is supplied, the mac address of the GatewayInterface interface will be used, +# without the : separators GatewayID default @@ -15,7 +17,9 @@ GatewayID default # Default: NONE # Optional # -# Set this to the external interface. Typically vlan1 for OpenWrt, and eth0 or ppp0 otherwise +# Set this to the external interface (the one going out to the Inernet or your larger LAN). +# Typically vlan1 for OpenWrt, and eth0 or ppp0 otherwise, +# Normally autodetected # ExternalInterface eth0 @@ -23,41 +27,37 @@ GatewayID default # Default: NONE # Mandatory # -# Set this to the internal interface. Typically br0 for OpenWrt, and eth1 otherwise +# Set this to the internal interface (typically your wifi interface). +# Typically br-lan for OpenWrt, and eth1, wlan0, ath0, etc. otherwise -GatewayInterface br0 +GatewayInterface br-lan # Parameter: GatewayAddress # Default: Find it from GatewayInterface # Optional # -# Set this to the internal IP address of the gateway +# Set this to the internal IP address of the gateway. Not normally required. # GatewayAddress 192.168.1.1 -# Parameter: AuthServMaxTries -# Default: 1 -# Optional -# -# Sets the number of auth servers the gateway will attempt to contact when a request fails. -# this number should be equal to the number of AuthServer lines in this -# configuration but it should probably not exceed 3. - -# AuthServMaxTries 3 - # Parameter: AuthServer # Default: NONE -# Mandatory +# Mandatory, repeatable # -# Set this to the hostname or IP of your auth server, the path where -# WiFiDog-auth resides and optionally as a second argument, the port it -# listens on. +# This allows you to configure your auth server(s). Each one will be tried in order, untill one responds. +# Set this to the hostname or IP of your auth server(s), the path where +# WiFiDog-auth resides in and the port it listens on. #AuthServer { -# Hostname (Mandatory; Default: NONE) -# SSLAvailable (Optional; Default: no; Possible values: yes, no) -# SSLPort 443 (Optional; Default: 443) -# HTTPPort 80 (Optional; Default: 80) -# Path wifidog/ (Optional; Default: /wifidog/ Note: The path must be both prefixed and suffixed by /. Use a single / for server root.) +# Hostname (Mandatory; Default: NONE) +# SSLAvailable (Optional; Default: no; Possible values: yes, no) +# SSLPort (Optional; Default: 443) +# HTTPPort (Optional; Default: 80) +# Path (Optional; Default: /wifidog/ Note: The path must be both prefixed and suffixed by /. Use a single / for server root.) +# LoginScriptPathFragment (Optional; Default: login/? Note: This is the script the user will be sent to for login.) +# PortalScriptPathFragment (Optional; Default: portal/? Note: This is the script the user will be sent to after a successfull login.) +# MsgScriptPathFragment (Optional; Default: gw_message.php? Note: This is the script the user will be sent to upon error to read a readable message.) +# PingScriptPathFragment (Optional; Default: ping/? Note: This is the script the user will be sent to upon error to read a readable message.) +# AuthScriptPathFragment (Optional; Default: auth/? Note: This is the script the user will be sent to upon error to read a readable message.) #} #AuthServer { @@ -72,12 +72,6 @@ GatewayInterface br0 # Path / #} -#AuthServer { -# Hostname auth3.ilesansfil.org -# SSLAvailable yes -# Path / -#} - # Parameter: Daemon # Default: 1 # Optional @@ -110,7 +104,12 @@ GatewayInterface br0 # Default: 60 # Optional # -# How many seconds should we wait between timeout checks +# How many seconds should we wait between timeout checks. This is also +# how often the gateway will ping the auth server and how often it will +# update the traffic counters on the auth server. Setting this too low +# wastes bandwidth, setting this too high will cause the gateway to take +# a long time to switch to it's backup auth server(s). + CheckInterval 60 # Parameter: ClientTimeout @@ -121,6 +120,14 @@ CheckInterval 60 # The timeout will be INTERVAL * TIMEOUT ClientTimeout 5 +# Parameter: TrustedMACList +# Default: none +# Optional +# +# Comma separated list of MAC addresses who are allowed to pass +# through without authentication +#TrustedMACList 00:00:DE:AD:BE:AF,00:00:C0:1D:F0:0D + # Parameter: FirewallRuleSet # Default: none # Mandatory @@ -135,18 +142,28 @@ ClientTimeout 5 # Rule Set: global # # Used for rules to be applied to all other rulesets except locked. -# This is the default config for the Teliphone service. FirewallRuleSet global { - FirewallRule allow udp to 69.90.89.192/27 - FirewallRule allow udp to 69.90.85.0/27 - FirewallRule allow tcp port 80 to 69.90.89.205 + ## To block SMTP out, as it's a tech support nightmare, and a legal liability + #FirewallRule block tcp port 25 + + ## Use the following if you don't want clients to be able to access machines on + ## the private LAN that gives internet access to wifidog. Note that this is not + ## client isolation; The laptops will still be able to talk to one another, as + ## well as to any machine bridged to the wifi of the router. + # FirewallRule block to 192.168.0.0/16 + # FirewallRule block to 172.16.0.0/12 + # FirewallRule block to 10.0.0.0/8 + + ## This is an example ruleset for the Teliphone service. + #FirewallRule allow udp to 69.90.89.192/27 + #FirewallRule allow udp to 69.90.85.0/27 + #FirewallRule allow tcp port 80 to 69.90.89.205 } # Rule Set: validating-users # # Used for new users validating their account FirewallRuleSet validating-users { - FirewallRule block tcp port 25 FirewallRule allow to 0.0.0.0/0 } @@ -171,7 +188,7 @@ FirewallRuleSet unknown-users { # Rule Set: locked-users # -# Used for users that have been locked out. +# Not currently used FirewallRuleSet locked-users { FirewallRule block to 0.0.0.0/0 }