[CoovaChilli] Documentation about xt_coova/ipt-coova/nfcoova

Pierre Parent pparent at comminter.com
Wed Feb 8 13:11:52 GMT 2017


Hi,

I finally found the solution to my problem (see older posts). It seems that 
very packet from the uam server was received with a duplicate.

Adding the following iptable solves the problem (when 192.168.111.1 is 
the uam server) :

iptables -I INPUT -d 192.168.111.1 -i eth0.1  -j DROP

Enclosed my final working config.

Hope it can help!

Pierre.

----------------Lancher-------------------------------------------------------
#!/bin/sh

killall chilli
chilli -c /etc/chilli_xt.conf &
ifconfig eth0.1 10.1.0.1

iptables -F 
iptables -F -t nat

iptables -I INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -I FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT 

iptables -I FORWARD -i eth0.1 -m coova --name chilli  -j ACCEPT
iptables -I FORWARD -o eth0.1   -m coova --name chilli --dest   -j ACCEPT

iptables -I INPUT -d 192.168.111.1 -j ACCEPT
iptables -I INPUT -d 192.168.111.1 -i eth0.1  -j DROP
iptables -I INPUT -d 10.1.0.1 -j ACCEPT
iptables -I FORWARD -d portail.xxxxxx.com -j ACCEPT
iptables -I FORWARD -s portail.xxxxxx.com -j ACCEPT
iptables -I FORWARD -d 1.1.1.1 -j ACCEPT

iptables -A FORWARD -j REJECT

IP_WAN=$(ifconfig eth0.2 | grep inet | awk '{print $2}'  | cut -d: -f2)

iptables -I POSTROUTING -t nat -s 10.1.0.0/24 -j SNAT --to-source $IP_WAN

----------------------------------------------------------------------------------------------------------------------

---------chilli_xt.conf-------------------------------------------------------
radiusserver1   "192.168.8.90"
radiusserver2   "192.168.8.90"
radiussecret    "xxxxxxxxxxx"
radiusauthport  1812
radiusacctport  1813

# UAM
uamserver       "http://xxxxxxxxxxx/" 
uamport         3990 
uamhomepage     http://xxxxxxxxxxx/ 
uamlogoutip     1.1.1.1


net 10.1.0.0/16
dynip 10.1.0.0/24
statip 10.1.1.0/24

uamlisten  192.168.111.1 
uamallowed 192.168.111.1
dhcplisten 10.1.0.1
dhcpstart 10
uamaliasname chilli
ipup=
ipdown=

dhcpif eth0.1 
uamdomain coova.org
cmdsock /var/run/chilli.sock
kname chilli

uamsecret "xxxxxxxxxxx"

dns1            "10.1.0.1"

uamdomain       
www.paypal.com,www.sandbox.paypal.com,www.paypalobjects.com,paypalo
bjects.com,paypal.112.2o7.net,developer.paypal.com,evsecure-
ocsp.verisign.com,evsecure-crl.verisign.com,102.112.2o7.n
uamallowed      0.0.0.0/0:110
uamallowed      0.0.0.0/0:143
uamallowed      0.0.0.0/0:587
uamallowed      0.0.0.0/0:993
uamallowed      0.0.0.0/0:995

radiusnasid     xxxxxxxxxxx
nasmac xxxxxxxxxxx

redirssl
sslkeyfile      /etc/chilli/server.key
sslcertfile     /etc/chilli/server.crt


Le jeudi 16 juin 2016, 08:51:51 Brian Andrews a écrit :
> That Access-Reject via Radius can’t be helping
> 
> coova-chilli[1993]: redir_main handling Access-Reject
> 
> I’d resolve that first and then see if redir works.
> 
> -
> brian
> 
> > On 15/06/2016, at 8:25 PM, Pierre Parent <pparent at comminter.com> 
wrote:
> > 
> > <log-chilli.txt>



More information about the CoovaChilli mailing list