setting_up_a_captive_portal_from_scratch_using_debian
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revision | Last revisionBoth sides next revision | ||
setting_up_a_captive_portal_from_scratch_using_debian [2018/12/06 20:13] – abeverley | setting_up_a_captive_portal_from_scratch_using_debian [2018/12/06 20:15] – abeverley | ||
---|---|---|---|
Line 72: | Line 72: | ||
* Create file / | * Create file / | ||
- | |||
- | < | ||
< | < | ||
Line 85: | Line 83: | ||
0.0.38 | 0.0.38 | ||
</ | </ | ||
- | < | + | |
Replace username as appropriate | Replace username as appropriate | ||
Line 100: | Line 98: | ||
* Install PPP using the command | * Install PPP using the command | ||
- | |||
- | < | ||
< | < | ||
apt-get install ppp | apt-get install ppp | ||
</ | </ | ||
- | < | + | |
Create file / | Create file / | ||
Line 115: | Line 111: | ||
Create file / | Create file / | ||
- | |||
- | < | ||
< | < | ||
Line 128: | Line 122: | ||
0.38 | 0.38 | ||
</ | </ | ||
- | < | + | |
Replace username as appropriate | Replace username as appropriate | ||
Line 143: | Line 137: | ||
A number of additional packages are needed and can be installed using apt. Because the installation was initially done from a CD, no network repositories will be available, so it is best to set one up using the netselect command. However, netselect is not currently installed and is not on the CD! So, setup a temporary network repository first: | A number of additional packages are needed and can be installed using apt. Because the installation was initially done from a CD, no network repositories will be available, so it is best to set one up using the netselect command. However, netselect is not currently installed and is not on the CD! So, setup a temporary network repository first: | ||
- | |||
- | < | ||
< | < | ||
Line 150: | Line 142: | ||
apt-get update | apt-get update | ||
</ | </ | ||
- | < | + | |
Then install netselect-apt: | Then install netselect-apt: | ||
- | |||
- | < | ||
< | < | ||
apt-get install netselect-apt | apt-get install netselect-apt | ||
</ | </ | ||
- | < | + | |
And finally use netselect to setup the best repositories: | And finally use netselect to setup the best repositories: | ||
- | |||
- | < | ||
< | < | ||
Line 170: | Line 158: | ||
apt-get update | apt-get update | ||
</ | </ | ||
- | < | + | |
* Now install additional packages using the command: | * Now install additional packages using the command: | ||
Line 188: | Line 176: | ||
* Edit / | * Edit / | ||
* Ensure the eth0 entry looks as follows: | * Ensure the eth0 entry looks as follows: | ||
- | |||
- | < | ||
< | < | ||
Line 197: | Line 183: | ||
netmask 255.255.0.0 | netmask 255.255.0.0 | ||
</ | </ | ||
- | < | + | |
* If required set up a second ethernet interface. This can be used to provide internet access for a separate independent network if required. Add the following code to / | * If required set up a second ethernet interface. This can be used to provide internet access for a separate independent network if required. Add the following code to / | ||
- | |||
- | < | ||
< | < | ||
Line 209: | Line 193: | ||
netmask 255.255.255.0 | netmask 255.255.255.0 | ||
</ | </ | ||
- | < | + | |
* Restart networking: | * Restart networking: | ||
- | |||
- | < | ||
< | < | ||
/ | / | ||
</ | </ | ||
- | < | + | |
===== Update config files ===== | ===== Update config files ===== | ||
Line 225: | Line 207: | ||
* Set up web server for captive portal (apache). The following instructions download all the files from this website. They can be edited as required, or alternatively full instructions for this method of setting up a captive portal are detailed elsewhere on this site. | * Set up web server for captive portal (apache). The following instructions download all the files from this website. They can be edited as required, or alternatively full instructions for this method of setting up a captive portal are detailed elsewhere on this site. | ||
- | |||
- | < | ||
< | < | ||
Line 234: | Line 214: | ||
rm portalshaper-www.tar.gz | rm portalshaper-www.tar.gz | ||
</ | </ | ||
- | < | + | |
- Edit settings.php and set all variables at beginning of the file as required, including the passwords | - Edit settings.php and set all variables at beginning of the file as required, including the passwords | ||
Line 246: | Line 226: | ||
* Configure URL redirect for captive portal by enabling mod_rewrite: | * Configure URL redirect for captive portal by enabling mod_rewrite: | ||
- | |||
- | < | ||
< | < | ||
Line 253: | Line 231: | ||
ln -s ../ | ln -s ../ | ||
</ | </ | ||
- | < | ||
- | * Edit / | ||
- | < | + | * Edit /etc/ |
< | < | ||
Line 266: | Line 242: | ||
RewriteRule . http:// | RewriteRule . http:// | ||
</ | </ | ||
- | < | + | |
* Restart Apache: '' | * Restart Apache: '' | ||
Line 276: | Line 252: | ||
* Edit / | * Edit / | ||
* Add the following after the " | * Add the following after the " | ||
- | |||
- | < | ||
< | < | ||
Line 285: | Line 259: | ||
}; | }; | ||
</ | </ | ||
- | < | + | |
* Go to /etc/bind | * Go to /etc/bind | ||
Line 291: | Line 265: | ||
* Edit db.wardroom | * Edit db.wardroom | ||
* Add required hostnames at the end of the file. These entries setup 3 different names for the main server (spaces should be tabs, and make sure that you increase the serial number). qualso is the name you gave your server earlier, earth is the name of the server as assumed by the web server and the captive portal web scripts. | * Add required hostnames at the end of the file. These entries setup 3 different names for the main server (spaces should be tabs, and make sure that you increase the serial number). qualso is the name you gave your server earlier, earth is the name of the server as assumed by the web server and the captive portal web scripts. | ||
- | |||
- | < | ||
< | < | ||
Line 299: | Line 271: | ||
mail A 10.0.0.1 | mail A 10.0.0.1 | ||
</ | </ | ||
- | < | + | |
* Reload BIND with '' | * Reload BIND with '' | ||
Line 311: | Line 283: | ||
- Add '' | - Add '' | ||
- Add the following at the end of the file: | - Add the following at the end of the file: | ||
- | |||
- | < | ||
< | < | ||
Line 325: | Line 295: | ||
} | } | ||
</ | </ | ||
- | < | + | |
The last 3 lines are only for network booting of clients. On a separate page (see link later) it is shown how to set up some network booting deskstations that will boot a network live copy of Ubunutu. | The last 3 lines are only for network booting of clients. On a separate page (see link later) it is shown how to set up some network booting deskstations that will boot a network live copy of Ubunutu. | ||
Line 334: | Line 304: | ||
/ | / | ||
</ | </ | ||
- | < | + | |
===== Install IPSet ===== | ===== Install IPSet ===== | ||
IPSet is a program that allows sets of IP addresses to be stored within iptables rules. It is used to collate a list of clients using P2P software. IPSet consists of both a kernel module and a userspace program. The module is not yet in the kernel provided with Debian. The following will install both the userspace program and the kernel module. | IPSet is a program that allows sets of IP addresses to be stored within iptables rules. It is used to collate a list of clients using P2P software. IPSet consists of both a kernel module and a userspace program. The module is not yet in the kernel provided with Debian. The following will install both the userspace program and the kernel module. | ||
- | |||
- | < | ||
< | < | ||
Line 346: | Line 314: | ||
module-assistant auto-install ipset-source | module-assistant auto-install ipset-source | ||
</ | </ | ||
- | < | + | |
===== Install specialist internet scripts ===== | ===== Install specialist internet scripts ===== | ||
Line 354: | Line 322: | ||
* This program removes cached tracks from the tracking table for a particular client. When a client is registered or unregistered from the network, this makes sure the correct web pages are presented on browsing the internet, otherwise any redirects are not properly flushed. | * This program removes cached tracks from the tracking table for a particular client. When a client is registered or unregistered from the network, this makes sure the correct web pages are presented on browsing the internet, otherwise any redirects are not properly flushed. | ||
- | < | ||
< | < | ||
Line 361: | Line 328: | ||
chmod +x rmtrack | chmod +x rmtrack | ||
</ | </ | ||
- | < | ||
- | * The following checks that the PPP link is up and reconnects if it is not | ||
- | < | + | * The following checks that the PPP link is up and reconnects if it is not |
< | < | ||
Line 376: | Line 341: | ||
insserv test-ppp.init | insserv test-ppp.init | ||
</ | </ | ||
- | < | + | |
* The next 3 show the current internet bandwidth use in classes | * The next 3 show the current internet bandwidth use in classes | ||
- | |||
- | < | ||
< | < | ||
Line 391: | Line 354: | ||
chmod +x tc-viewer | chmod +x tc-viewer | ||
</ | </ | ||
- | < | ||
- | * And finally the firewall which sets up all the required iptables rules including the captive portal and shaping. This downloads the scripts and forces them to run when the network is brought up. | ||
- | < | + | * And finally the firewall which sets up all the required iptables rules including the captive portal and shaping. This downloads the scripts and forces them to run when the network is brought up. |
< | < | ||
Line 403: | Line 364: | ||
rm portalshaper-sh.tar.gz | rm portalshaper-sh.tar.gz | ||
</ | </ | ||
- | < | + | |
* Edit '' | * Edit '' | ||
Line 437: | Line 398: | ||
* Edit / | * Edit / | ||
- | |||
- | < | ||
< | < | ||
Line 447: | Line 406: | ||
post-up / | post-up / | ||
</ | </ | ||
- | < | ||
- | * If using a second interface add it as well: | ||
- | < | + | * If using a second interface add it as well: |
< | < | ||
Line 460: | Line 417: | ||
post-up / | post-up / | ||
</ | </ | ||
- | < | + | |
* Add pre-connection helper script (will need editing if using a speedtouch modem): | * Add pre-connection helper script (will need editing if using a speedtouch modem): | ||
- | < | + | |
< | < | ||
Line 471: | Line 428: | ||
chmod +x solos-preload | chmod +x solos-preload | ||
</ | </ | ||
- | < | + | |
* Disconnect the current connection: | * Disconnect the current connection: | ||
Line 485: | Line 442: | ||
* Run '' | * Run '' | ||
- | < | ||
< | < | ||
Line 493: | Line 449: | ||
www-data ALL = (proxy) NOPASSWD: / | www-data ALL = (proxy) NOPASSWD: / | ||
</ | </ | ||
- | < | + | |
Note: sudo does not use regular expressions, | Note: sudo does not use regular expressions, | ||
Line 499: | Line 455: | ||
===== Configure Squid ===== | ===== Configure Squid ===== | ||
- | |< | + | |\\ < |
The web proxy is used to speed up requests, as well as log all requests and show a splash page periodically. | The web proxy is used to speed up requests, as well as log all requests and show a splash page periodically. | ||
Line 506: | Line 462: | ||
* Add the following to the beginning of the file: | * Add the following to the beginning of the file: | ||
- | < | ||
< | < | ||
Line 518: | Line 473: | ||
qos_flows mark miss=0x1000000/ | qos_flows mark miss=0x1000000/ | ||
</ | </ | ||
- | < | + | |
* Change " | * Change " | ||
Line 529: | Line 484: | ||
* Locate the section " | * Locate the section " | ||
- | < | ||
< | < | ||
Line 549: | Line 503: | ||
http_access allow our_networks | http_access allow our_networks | ||
</ | </ | ||
- | < | + | |
* Create a session database. This is used to display the splash pages periodically. The associated / | * Create a session database. This is used to display the splash pages periodically. The associated / | ||
- | |||
- | < | ||
< | < | ||
Line 559: | Line 511: | ||
chown proxy:proxy / | chown proxy:proxy / | ||
</ | </ | ||
- | < | + | |
* Install the date/time external ACL helper: | * Install the date/time external ACL helper: | ||
Line 627: | Line 579: | ||
* Create a file / | * Create a file / | ||
- | < | ||
< | < | ||
isp.server.name USERNAME: | isp.server.name USERNAME: | ||
</ | </ | ||
- | < | + | |
* Change the permissions on the file: | * Change the permissions on the file: | ||
- | < | + | |
< | < | ||
Line 642: | Line 593: | ||
chmod 600 / | chmod 600 / | ||
</ | </ | ||
- | < | + | |
* Setup the files hash: | * Setup the files hash: | ||
- | < | ||
< | < | ||
postmap / | postmap / | ||
</ | </ | ||
- | < | + | |
* Edit / | * Edit / | ||
- | < | ||
< | < | ||
Line 662: | Line 611: | ||
smtp_sasl_security_options = | smtp_sasl_security_options = | ||
</ | </ | ||
- | < | + | |
* Edit / | * Edit / | ||
Line 671: | Line 620: | ||
* Add a linux local user to the system with appropriate password. Users will use this account to authenticate against the SMTP server: | * Add a linux local user to the system with appropriate password. Users will use this account to authenticate against the SMTP server: | ||
- | |||
- | < | ||
< | < | ||
Line 678: | Line 625: | ||
passwd mailuser | passwd mailuser | ||
</ | </ | ||
- | < | + | |
* After adding the user edit /etc/passwd and add '' | * After adding the user edit /etc/passwd and add '' |
setting_up_a_captive_portal_from_scratch_using_debian.txt · Last modified: 2018/12/06 20:16 by abeverley