FreeBSD7.0+opengate+ipfw
Captive Portal
( 网页认证 )
介绍.................................................................................................................................................2
安装FREEBSD...............................................................................................................................2
配置内核.........................................................................................................................................2
编译内核.........................................................................................................................................4
安装BIND9.....................................................................................................................................4
安装isc-dhcp3.................................................................................................................................5
安装apache22.................................................................................................................................6
rc.conf文件的基本配置..................................................................................................................7
安装opengate..................................................................................................................................8
设置ipfw防火墙............................................................................................................................9
设置syslog记录日志...................................................................................................................10
测试...............................................................................................................................................10
介绍
如果用过m0n0wall 这个东西的朋友应该知道里面有个Captive Portal 功能。就是通过
网页认证的方式来接入internet.最近无聊,准备选一个open source在linux下或者BSD下
自己做一个。本来准备移植m0n0的,但是嫌麻烦。
有兴趣的朋友可以在这里看一下:http://wiki.personaltelco.net/PortalSoftware
这里有很多开源的和商业化的。最后我选到了Opengate 原因是因为我很多都试过了。感
觉支持不是很好opengate是日本saga大学维护这个项目。唯一的缺陷是只能在BSD下。
呵呵。好。我来大概说一下安装调式的步骤。
首先申明本人仅仅只是对opengate的安装过程拿官方的文挡做了简单的翻译和自己实现了
一次的过程,在实现过程中很多都是最简化的配置.在这里并不讨论稳定性和安全性..
安装FREEBSD
首先安装FREEBSD7.0 我采用的是最小化安装,装上sys ports和cvsup拿来更新
ports树…(我采用的是vmware6.0 虚拟两张网卡.一张物理连接.一张连接到vmnet8 最后
测试的时候我采用windows上的VMware Network Adapter VMnet8进行测试.本地连接上
随便配置一个IP就可以了.)
配置内核
我的内核配置是这样的:
cpu I486_CPU
cpu I586_CPU
cpu I686_CPU
ident MYKERNEL
makeoptions DEBUG=-g # Build kernel with gdb(1) debug symbols
options SCHED_4BSD # 4BSD scheduler
options PREEMPTION # Enable kernel thread preemption
options INET # InterNETworking
options INET6 # IPv6 communications protocols
options SCTP # Stream Control Transmission Protocol
options FFS # Berkeley Fast Filesystem
options SOFTUPDATES # Enable FFS soft updates support
options UFS_ACL # Support for access control lists
options UFS_DIRHASH # Improve performance on big directories
options UFS_GJOURNAL # Enable gjournal-based UFS journaling
options MD_ROOT # MD is a potential root device
options CD9660 # ISO 9660 Filesystem
options PROCFS # Process filesystem (requires PSEUDOFS)
options PSEUDOFS # Pseudo-filesystem framework
options GEOM_PART_GPT # GUID Partition Tables.
options GEOM_LABEL # Provides labelization
options COMPAT_43TTY # BSD 4.3 TTY compat [KEEP THIS!]
options COMPAT_FREEBSD4 # Compatible with FreeBSD4
options COMPAT_FREEBSD5 # Compatible with FreeBSD5
options COMPAT_FREEBSD6 # Compatible with FreeBSD6
options SCSI_DELAY=5000 # Delay (in ms) before probing SCSI
options KTRACE # ktrace(1) support
options SYSVSHM # SYSV-style shared memory
options SYSVMSG # SYSV-style message queues
options SYSVSEM # SYSV-style semaphores
options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions
options KBD_INSTALL_CDEV # install a CDEV entry in /dev
options ADAPTIVE_GIANT # Giant mutex is adaptive.
options STOP_NMI # Stop CPUS using NMI instead of IPI
options AUDIT # Security event auditing
options IPDIVERT
options IPFIREWALL
options IPFIREWALL_FORWARD
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=100
#options IPFIREWALL_DEFAULT_TO_ACCEPT
options IPSEC
device crypto
device apic # I/O APIC
device cpufreq
device pci
# ATA and ATAPI devices
device ata
device atadisk # ATA disk drives
# atkbdc0 controls both the keyboard and the PS/2 mouse
device atkbdc # AT keyboard controller
device atkbd # AT keyboard
device psm # PS/2 mouse
device kbdmux # keyboard multiplexer
device vga # VGA video card driver
device splash # Splash screen and screen saver support
# syscons is the default console driver, resembling an SCO console
device sc
device agp # support several AGP chipsets
# Add suspend/resume support for the i8254.
device pmtimer
device le # AMD Am7900 LANCE and Am79C9xx PCnet
device miibus # MII bus support
device bge # Broadcom BCM570xx Gigabit Ethernet
# Pseudo devices.
device loop # Network loopback
device random # Entropy device
device ether # Ethernet support
device sl # Kernel SLIP
device ppp # Kernel PPP
device tun # Packet tunnel.
device pty # Pseudo-ttys (telnet etc)
device md # Memory "disks"
device gif # IPv6 and IPv4 tunneling
device faith # IPv6-to-IPv4 relaying (translation)
device firmware # firmware assist module
# The `bpf' device enables the Berkeley Packet Filter.
# Be aware of the administrative consequences of enabling this!
# Note that 'bpf' is required for DHCP.
device bpf # Berkeley packet filter
编译内核
#config MYKERNEL
#cd ../compile/MYKERNEL
#make cleandepend && make depend
#make
#make install
安装BIND9
#cd /usr/ports/dns/bind9/
# make install clean ; rehash
我的最简单的DNS的配置文件:启动会报错rndc有问题没关系.
# cat /etc/namedb/named.conf
options {
directory "/etc/namedb";
pid-file "/var/run/named/pid";
dump-file "/var/dump/named_dump.db";
statistics-file "/var/stats/named.stats";
allow-query { 192.168.15/24; } ;
allow-transfer { 192.168.15/24; } ;
};
zone "." {
type hint;
file "named.root";
};
zone "opengate.cn" {
type master;
file "opengate.cn";
};
# cat /etc/namedb/opengate.cn
$TTL 3600
@ IN SOA ns.opengate.cn. root.ns.opengate.cn. (
2005051702 ;
3600
1200
2419200
86400 )
@ IN NS ns.opengate.cn.
ns IN A 192.168.15.1
gateway IN A 192.168.15.1
其实这样就可以启动DNS了..如果你做为安全的关系的话.自己多做其他设置.我这里只做测
试.
安装isc-dhcp3
# cd /usr/ports/net/isc-dhcp3-server
# make install clean ; rehash
Dhcpd.conf配置文件的最简单的写法:
# cat /usr/local/etc/dhcpd.conf
ddns-update-style none;
log-facility local7;
subnet 192.168.15.0 netmask 255.255.255.0 {
range 192.168.15.5 192.168.15.20;
option domain-name-servers 192.168.15.1;
option domain-name "opengate.cn";
option routers 192.168.15.1;
option broadcast-address 192.168.15.255;
default-lease-time 6000;
max-lease-time 72000;
}