User Tools

Site Tools


setting_up_a_captive_portal_from_scratch_using_debian

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
setting_up_a_captive_portal_from_scratch_using_debian [2018/12/06 20:13]
abeverley
setting_up_a_captive_portal_from_scratch_using_debian [2018/12/06 20:16] (current)
abeverley
Line 72: Line 72:
  
   * Create file /​etc/​ppp/​peers/​isp0 with the following contents:   * Create file /​etc/​ppp/​peers/​isp0 with the following contents:
- 
-<​html><​code></​html>​ 
  
 <​code>​ <​code>​
Line 85: Line 83:
 0.0.38 0.0.38
 </​code>​ </​code>​
-<​html></​code></​html>​+
  
 Replace username as appropriate Replace username as appropriate
Line 100: Line 98:
  
   * Install PPP using the command   * Install PPP using the command
- 
-<​html><​code></​html>​ 
  
 <​code>​ <​code>​
 apt-get install ppp apt-get install ppp
 </​code>​ </​code>​
-<​html></​code></​html>​+
  
 Create file /​etc/​ppp/​chap-secrets with the following contents: Create file /​etc/​ppp/​chap-secrets with the following contents:
Line 115: Line 111:
  
 Create file /​etc/​ppp/​peers/​isp0 with the following contents: Create file /​etc/​ppp/​peers/​isp0 with the following contents:
- 
-<​html><​code></​html>​ 
  
 <​code>​ <​code>​
Line 128: Line 122:
 0.38 0.38
 </​code>​ </​code>​
-<​html></​code></​html>​+
  
 Replace username as appropriate Replace username as appropriate
Line 143: Line 137:
  
 A number of additional packages are needed and can be installed using apt. Because the installation was initially done from a CD, no network repositories will be available, so it is best to set one up using the netselect command. However, netselect is not currently installed and is not on the CD! So, setup a temporary network repository first: A number of additional packages are needed and can be installed using apt. Because the installation was initially done from a CD, no network repositories will be available, so it is best to set one up using the netselect command. However, netselect is not currently installed and is not on the CD! So, setup a temporary network repository first:
- 
-<​html><​code></​html>​ 
  
 <​code>​ <​code>​
Line 150: Line 142:
 apt-get update apt-get update
 </​code>​ </​code>​
-<​html></​code></​html>​+
  
 Then install netselect-apt:​ Then install netselect-apt:​
- 
-<​html><​code></​html>​ 
  
 <​code>​ <​code>​
 apt-get install netselect-apt apt-get install netselect-apt
 </​code>​ </​code>​
-<​html></​code></​html>​+
  
 And finally use netselect to setup the best repositories:​ And finally use netselect to setup the best repositories:​
- 
-<​html><​code></​html>​ 
  
 <​code>​ <​code>​
Line 170: Line 158:
 apt-get update apt-get update
 </​code>​ </​code>​
-<​html></​code></​html>​+
  
   * Now install additional packages using the command:   * Now install additional packages using the command:
Line 188: Line 176:
   * Edit /​etc/​network/​interfaces   * Edit /​etc/​network/​interfaces
   * Ensure the eth0 entry looks as follows:   * Ensure the eth0 entry looks as follows:
- 
-<​html><​code></​html>​ 
  
 <​code>​ <​code>​
Line 197: Line 183:
 netmask 255.255.0.0 netmask 255.255.0.0
 </​code>​ </​code>​
-<​html></​code></​html>​+
  
   * If required set up a second ethernet interface. This can be used to provide internet access for a separate independent network if required. Add the following code to /​etc/​network/​interface:​   * If required set up a second ethernet interface. This can be used to provide internet access for a separate independent network if required. Add the following code to /​etc/​network/​interface:​
- 
-<​html><​code></​html>​ 
  
 <​code>​ <​code>​
Line 209: Line 193:
 netmask 255.255.255.0 netmask 255.255.255.0
 </​code>​ </​code>​
-<​html></​code></​html>​+
  
   * Restart networking:   * Restart networking:
- 
-<​html><​code></​html>​ 
  
 <​code>​ <​code>​
 /​etc/​init.d/​networking restart /​etc/​init.d/​networking restart
 </​code>​ </​code>​
-<​html></​code></​html>​+
  
 ===== Update config files ===== ===== Update config files =====
Line 225: Line 207:
  
   * Set up web server for captive portal (apache). The following instructions download all the files from this website. They can be edited as required, or alternatively full instructions for this method of setting up a captive portal are detailed elsewhere on this site.   * Set up web server for captive portal (apache). The following instructions download all the files from this website. They can be edited as required, or alternatively full instructions for this method of setting up a captive portal are detailed elsewhere on this site.
- 
-<​html><​code></​html>​ 
  
 <​code>​ <​code>​
Line 234: Line 214:
 rm portalshaper-www.tar.gz rm portalshaper-www.tar.gz
 </​code>​ </​code>​
-<​html></​code></​html>​+
  
   - Edit settings.php and set all variables at beginning of the file as required, including the passwords   - Edit settings.php and set all variables at beginning of the file as required, including the passwords
Line 246: Line 226:
  
   * Configure URL redirect for captive portal by enabling mod_rewrite:​   * Configure URL redirect for captive portal by enabling mod_rewrite:​
- 
-<​html><​code></​html>​ 
  
 <​code>​ <​code>​
Line 253: Line 231:
 ln -s ../​mods-available/​rewrite.load ln -s ../​mods-available/​rewrite.load
 </​code>​ </​code>​
-<​html></​code></​html>​ 
  
-  * Edit /​etc/​apache2/​sites-enabled/​000-default and add rewrite rules after ServerAdmin (be sure to edit server name qualso and add any other webserver names): 
  
-<​html><​code><​/html>+  * Edit /etc/​apache2/​sites-enabled/​000-default and add rewrite rules after ServerAdmin (be sure to edit server name qualso and add any other webserver names):
  
 <​code>​ <​code>​
Line 266: Line 242:
 RewriteRule . http://​qualso.wardroom/​index.php/​%{HTTP_HOST}%{REQUEST_URI}?​%{QUERY_STRING} [L,R] RewriteRule . http://​qualso.wardroom/​index.php/​%{HTTP_HOST}%{REQUEST_URI}?​%{QUERY_STRING} [L,R]
 </​code>​ </​code>​
-<​html></​code></​html>​+
  
   * Restart Apache: ''​%%apache2ctl%%''​ ''​%%restart%%''​   * Restart Apache: ''​%%apache2ctl%%''​ ''​%%restart%%''​
Line 276: Line 252:
   * Edit /​etc/​bind/​named.conf.local   * Edit /​etc/​bind/​named.conf.local
   * Add the following after the "​localhost"​ domain:   * Add the following after the "​localhost"​ domain:
- 
-<​html><​code></​html>​ 
  
 <​code>​ <​code>​
Line 285: Line 259:
 }; };
 </​code>​ </​code>​
-<​html></​code></​html>​+
  
   * Go to /etc/bind   * Go to /etc/bind
Line 291: Line 265:
   * Edit db.wardroom   * Edit db.wardroom
   * Add required hostnames at the end of the file. These entries setup 3 different names for the main server (spaces should be tabs, and make sure that you increase the serial number). qualso is the name you gave your server earlier, earth is the name of the server as assumed by the web server and the captive portal web scripts.   * Add required hostnames at the end of the file. These entries setup 3 different names for the main server (spaces should be tabs, and make sure that you increase the serial number). qualso is the name you gave your server earlier, earth is the name of the server as assumed by the web server and the captive portal web scripts.
- 
-<​html><​code></​html>​ 
  
 <​code>​ <​code>​
Line 299: Line 271:
 mail        A      10.0.0.1 mail        A      10.0.0.1
 </​code>​ </​code>​
-<​html></​code></​html>​+
  
   * Reload BIND with ''​%%/​etc/​init.d/​bind9%%''​ ''​%%reload%%''​   * Reload BIND with ''​%%/​etc/​init.d/​bind9%%''​ ''​%%reload%%''​
Line 311: Line 283:
   - Add ''​%%allow%%''​ ''​%%booting;​%%''​ and ''​%%allow%%''​ ''​%%bootp;​%%''​ after the above lines (only if using network boot clients - see later)   - Add ''​%%allow%%''​ ''​%%booting;​%%''​ and ''​%%allow%%''​ ''​%%bootp;​%%''​ after the above lines (only if using network boot clients - see later)
   - Add the following at the end of the file:   - Add the following at the end of the file:
- 
-<​html><​code></​html>​ 
  
 <​code>​ <​code>​
Line 325: Line 295:
 } }
 </​code>​ </​code>​
-<​html></​code></​html>​+
  
 The last 3 lines are only for network booting of clients. On a separate page (see link later) it is shown how to set up some network booting deskstations that will boot a network live copy of Ubunutu. The last 3 lines are only for network booting of clients. On a separate page (see link later) it is shown how to set up some network booting deskstations that will boot a network live copy of Ubunutu.
Line 334: Line 304:
 /​etc/​init.d/​isc-dhcp-server restart /​etc/​init.d/​isc-dhcp-server restart
 </​code>​ </​code>​
-<​html></​code></​html>​+
  
 ===== Install IPSet ===== ===== Install IPSet =====
  
 IPSet is a program that allows sets of IP addresses to be stored within iptables rules. It is used to collate a list of clients using P2P software. IPSet consists of both a kernel module and a userspace program. The module is not yet in the kernel provided with Debian. The following will install both the userspace program and the kernel module. IPSet is a program that allows sets of IP addresses to be stored within iptables rules. It is used to collate a list of clients using P2P software. IPSet consists of both a kernel module and a userspace program. The module is not yet in the kernel provided with Debian. The following will install both the userspace program and the kernel module.
- 
-<​html><​code></​html>​ 
  
 <​code>​ <​code>​
Line 346: Line 314:
 module-assistant auto-install ipset-source module-assistant auto-install ipset-source
 </​code>​ </​code>​
-<​html></​code></​html>​+
  
 ===== Install specialist internet scripts ===== ===== Install specialist internet scripts =====
Line 354: Line 322:
   * This program removes cached tracks from the tracking table for a particular client. When a client is registered or unregistered from the network, this makes sure the correct web pages are presented on browsing the internet, otherwise any redirects are not properly flushed.   * This program removes cached tracks from the tracking table for a particular client. When a client is registered or unregistered from the network, this makes sure the correct web pages are presented on browsing the internet, otherwise any redirects are not properly flushed.
  
-<​html><​code></​html>​ 
  
 <​code>​ <​code>​
Line 361: Line 328:
 chmod +x rmtrack chmod +x rmtrack
 </​code>​ </​code>​
-<​html></​code></​html>​ 
  
-  * The following checks that the PPP link is up and reconnects if it is not 
  
-<​html><​code></​html>​+  * The following checks that the PPP link is up and reconnects if it is not
  
 <​code>​ <​code>​
Line 376: Line 341:
 insserv test-ppp.init insserv test-ppp.init
 </​code>​ </​code>​
-<​html></​code></​html>​+
  
   * The next 3 show the current internet bandwidth use in classes   * The next 3 show the current internet bandwidth use in classes
- 
-<​html><​code></​html>​ 
  
 <​code>​ <​code>​
Line 391: Line 354:
 chmod +x tc-viewer chmod +x tc-viewer
 </​code>​ </​code>​
-<​html></​code></​html>​ 
  
-  * And finally the firewall which sets up all the required iptables rules including the captive portal and shaping. This downloads the scripts and forces them to run when the network is brought up. 
  
-<​html><​code></​html>​+  * And finally the firewall which sets up all the required iptables rules including the captive portal and shaping. This downloads the scripts and forces them to run when the network is brought up.
  
 <​code>​ <​code>​
Line 403: Line 364:
 rm portalshaper-sh.tar.gz rm portalshaper-sh.tar.gz
 </​code>​ </​code>​
-<​html></​code></​html>​+
  
   * Edit ''​%%/​usr/​local/​portal/​settings%%''​ as required   * Edit ''​%%/​usr/​local/​portal/​settings%%''​ as required
Line 437: Line 398:
  
   * Edit /​etc/​network/​interfaces adding the following:   * Edit /​etc/​network/​interfaces adding the following:
- 
-<​html><​code></​html>​ 
  
 <​code>​ <​code>​
Line 447: Line 406:
         post-up /​usr/​local/​portalshaper/​master         post-up /​usr/​local/​portalshaper/​master
 </​code>​ </​code>​
-<​html></​code></​html>​ 
  
-  * If using a second interface add it as well: 
  
-<​html><​code></​html>​+  * If using a second interface add it as well:
  
 <​code>​ <​code>​
Line 460: Line 417:
         post-up /​usr/​local/​portalshaper/​master         post-up /​usr/​local/​portalshaper/​master
 </​code>​ </​code>​
-<​html></​code></​html>​+
  
   * Add pre-connection helper script (will need editing if using a speedtouch modem):   * Add pre-connection helper script (will need editing if using a speedtouch modem):
  
-<​html><​code></​html>​+
  
 <​code>​ <​code>​
Line 471: Line 428:
 chmod +x solos-preload chmod +x solos-preload
 </​code>​ </​code>​
-<​html></​code></​html>​+
  
   * Disconnect the current connection:   * Disconnect the current connection:
Line 485: Line 442:
   * Run ''​%%visudo%%''​ and add the following lines. Sudo is used to allow the apache web server to add and remove the needed iptables rules each time a user signs up to access the internet, as well as update the Squid session helper when displaying announcement pages   * Run ''​%%visudo%%''​ and add the following lines. Sudo is used to allow the apache web server to add and remove the needed iptables rules each time a user signs up to access the internet, as well as update the Squid session helper when displaying announcement pages
  
-<​html><​code></​html>​ 
  
 <​code>​ <​code>​
Line 493: Line 449:
 www-data ALL = (proxy) NOPASSWD: /​usr/​lib/​squid3/​ext_session_acl www-data ALL = (proxy) NOPASSWD: /​usr/​lib/​squid3/​ext_session_acl
 </​code>​ </​code>​
-<​html></​code></​html>​+
  
 Note: sudo does not use regular expressions,​ so the last statement is not as accurate as it should be Note: sudo does not use regular expressions,​ so the last statement is not as accurate as it should be
Line 499: Line 455:
 ===== Configure Squid ===== ===== Configure Squid =====
  
-|<​HTML>​\\ <​center>​\\ </​HTML>​\\ <​html><​strong></​html>​Squid is configured to show splash page announcements and mark packets for traffic shaping. Both of these require recent patches which are only contained in the latest beta version of Squid. Therefore, a very recent version of Squid will need to be compiled and installed over the standard Debian build<​html></​strong></​html>​\\ \\ <​HTML>​\\ </​center>​\\ </HTML>|+|\\ Squid is configured to show splash page announcements and mark packets for traffic shaping. Both of these require recent patches which are only contained in the latest beta version of Squid. Therefore, a very recent version of Squid will need to be compiled and installed over the standard Debian build\\ \\ >|
  
 The web proxy is used to speed up requests, as well as log all requests and show a splash page periodically. The web proxy is used to speed up requests, as well as log all requests and show a splash page periodically.
Line 506: Line 462:
   * Add the following to the beginning of the file:   * Add the following to the beginning of the file:
  
-<​html><​code></​html>​ 
  
 <​code>​ <​code>​
Line 518: Line 473:
 qos_flows mark miss=0x1000000/​0xF000000 qos_flows mark miss=0x1000000/​0xF000000
 </​code>​ </​code>​
-<​html></​code></​html>​+
  
   * Change "​http_port 3128" to "​http_port 3128 transparent"​   * Change "​http_port 3128" to "​http_port 3128 transparent"​
Line 529: Line 484:
   * Locate the section "​INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS"​ and add the following rules (replacing qualso as required):   * Locate the section "​INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS"​ and add the following rules (replacing qualso as required):
  
-<​html><​code></​html>​ 
  
 <​code>​ <​code>​
Line 549: Line 503:
 http_access allow our_networks http_access allow our_networks
 </​code>​ </​code>​
-<​html></​code></​html>​+
  
   * Create a session database. This is used to display the splash pages periodically. The associated /​var/​www/​announce_days.txt file should be created when the web files are installed.   * Create a session database. This is used to display the splash pages periodically. The associated /​var/​www/​announce_days.txt file should be created when the web files are installed.
- 
-<​html><​code></​html>​ 
  
 <​code>​ <​code>​
Line 559: Line 511:
 chown proxy:proxy /​var/​lib/​squid/​session/​ chown proxy:proxy /​var/​lib/​squid/​session/​
 </​code>​ </​code>​
-<​html></​code></​html>​+
  
   * Install the date/time external ACL helper:   * Install the date/time external ACL helper:
Line 627: Line 579:
   * Create a file /​etc/​postfix/​relay_passwd with the following contents, replacing values as required:   * Create a file /​etc/​postfix/​relay_passwd with the following contents, replacing values as required:
  
-<​html><​code></​html>​ 
  
 <​code>​ <​code>​
 isp.server.name USERNAME:​PASSWORD isp.server.name USERNAME:​PASSWORD
 </​code>​ </​code>​
-<​html></​code></​html>​+
  
   * Change the permissions on the file:   * Change the permissions on the file:
  
-<​html><​code></​html>​+
  
 <​code>​ <​code>​
Line 642: Line 593:
 chmod 600 /​etc/​postfix/​relay_passwd  ​ chmod 600 /​etc/​postfix/​relay_passwd  ​
 </​code>​ </​code>​
-<​html></​code></​html>​+
  
   * Setup the files hash:   * Setup the files hash:
  
-<​html><​code></​html>​ 
  
 <​code>​ <​code>​
 postmap /​etc/​postfix/​relay_passwd postmap /​etc/​postfix/​relay_passwd
 </​code>​ </​code>​
-<​html></​code></​html>​+
  
   * Edit /​etc/​postfix/​main.cf and add the following lines below the relayhost option:   * Edit /​etc/​postfix/​main.cf and add the following lines below the relayhost option:
  
-<​html><​code></​html>​ 
  
 <​code>​ <​code>​
Line 662: Line 611:
 smtp_sasl_security_options = smtp_sasl_security_options =
 </​code>​ </​code>​
-<​html></​code></​html>​+
  
   * Edit /​etc/​mailname and set a valid FQDN (eg. qualso.simplelists.com). This will be the default mail domain for mail sent from the server.   * Edit /​etc/​mailname and set a valid FQDN (eg. qualso.simplelists.com). This will be the default mail domain for mail sent from the server.
Line 671: Line 620:
  
   * Add a linux local user to the system with appropriate password. Users will use this account to authenticate against the SMTP server:   * Add a linux local user to the system with appropriate password. Users will use this account to authenticate against the SMTP server:
- 
-<​html><​code></​html>​ 
  
 <​code>​ <​code>​
Line 678: Line 625:
 passwd mailuser passwd mailuser
 </​code>​ </​code>​
-<​html></​code></​html>​+
  
   * After adding the user edit /etc/passwd and add ''​%%/​bin/​false%%''​ on the end of the line for the new user. This will stop people logging into the server using that username and password!   * After adding the user edit /etc/passwd and add ''​%%/​bin/​false%%''​ on the end of the line for the new user. This will stop people logging into the server using that username and password!
setting_up_a_captive_portal_from_scratch_using_debian.1544127185.txt.gz ยท Last modified: 2018/12/06 20:13 by abeverley