search

coova / coova-chilli

CoovaChilli is an open-source software access controller for captive portal hotspots.
Other
512 stars 258 forks source link

no snat rule in the up.sh and down.sh #558

Open pan2za opened 1 year ago

pan2za commented 1 year ago

should add snat rule for up.sh and down.sh

pan2za commented 1 year ago 
iptables -F POSTROUTING -t nat
iptables -I POSTROUTING -t nat -o $HS_WANIF -j MASQUERADE
yumarca commented 1 year ago

what is the purpose of this rule ?

pan2za commented 1 year ago

when the wanif is up, snat should be enabled simultaneously

yumarca commented 1 year ago

OK . I have a problem setting download upload bw limits when I use https://coova.github.io/mail-archive/chilli/2010-April/001239.html David's recipe. Do you have any idea how can I do it ?

My up.sh looks like

!/bin/sh

iptables -I FORWARD -o eth0 --src 10.0.0.0/8 -m coova --name chilli -j ACCEPT iptables -I FORWARD -i eth0 --dst 10.0.0.0/8 -m coova --name chilli --dest -j ACCEPT

iptables -I FORWARD --src 11.0.0.0/8 -j ACCEPT iptables -I FORWARD --dst 11.0.0.0/8 -j ACCEPT

chilli_query list 40-A5-EF-EF-A2-EB 0.0.0.0 none 167221675400000002 0 - 0/0 0/0 0/0 0/0 0 0 0/0 0/0 - 82-3B-A8-A0-04-2D 10.1.0.11 pass 167221581300000003 1 82-3B-A8-A0-04-2D 1740/0 1/900 189368937/0 20547455/0 0 0 0/0 0/0 - E0-E1-A9-2C-1D-1B 10.1.0.10 dnat 167221579100000001 0 E0-E1-A9-2C-1D-1B 0/0 0/0 0/0 0/0 0 0 0/0 0/0 -

as you can see bwup bwdown looks 0

cat /proc/net/coova/chilli mac=82-3B-A8-A0-04-2D src=10.1.0.11 state=1 bin=20900593 bout=197089968 pin=113177 pout=165057 mac=E0-E1-A9-2C-1D-1B src=10.1.0.10 state=0 bin=0 bout=0 pin=0 pout=0

network config

config interface 'loopback' option proto 'static' option ipaddr '127.0.0.1' option netmask '255.0.0.0' option device 'lo'

config globals 'globals' option packet_steering '1'

config interface 'wan' option proto 'dhcp' option device 'eth0'

config interface 'vlan705' option device 'eth1.705' option proto 'static' option ipaddr '10.1.0.1' option netmask '255.255.0.0'

chilli config

config chilli option interval '3600' option txqlen '1000' option sndbuf '2097152' option rcvbuf '2097152' option ipup '/etc/chilli/up.sh' option ipdown '/etc/chilli/down.sh' option radiusserver1 'xxxxxxxxxxxxx' option radiusserver2 '31.145.254.83' option radiusnasid 'hs_7_2_1' option radiussecret 'xxxxxxxx' option dns1 '1.1.1.1' option dns2 '8.8.8.8' option uamport '3990' option uamuiport '4990' option uamaliasname 'chilli' option papalwaysok '1' option acctupdate '1' option uamsecret 'xxxxxxxxxxx' option tundev 'tap1' option usetap '1' option dhcpif 'eth1.705' option lease '900' option dhcpstart '10' option uamlisten '11.1.0.1' option dhcplisten '10.1.0.1' option net '10.1.0.0/16' option dynip '10.1.0.0/24' option statip '10.1.1.0/24' option maxclients '2000' option kname 'chilli' option uamanyip '1' option macauth '1' option macpasswd 'password' option uamallowed 'xxxxxxxxxxxxxxxxxxxxxt' option uamserver 'https://xxxxdefault.aspx'

I appreciate any advise .

pan2za commented 4 months ago

nope. still snat is needed.