You are not logged in. Please login or register.
i am running chillispot with a few AP's on a LAN (10.15.0.*)
I am fiddling with IPTables right now to allow the host machine to ping the AP's to monitor status
eth0 - external IP
eth1 - use for chilli
tun0 - 10.15.0.1
Any ping requests i send to the AP IP's is refused.
Can anyone help me with the iptables rules i need to foward the icmp packets to the AP's and back again?
thanks
Hi,
I have used the 'monit' package to accomplish this:
http://www.chillispot.info/chilliforum/viewtopic.php?id=18
The standard firewall supplied with the Chillispot source worked for me when pinging the WDS APs from the Chillispot host.
hi, i tried that one, also did not work. below is my current iptables setup
IPTABLES="/sbin/iptables"
EXTIF="eth0"
INTIF="eth1"
$IPTABLES -P INPUT DROP
$IPTABLES -P FORWARD ACCEPT
$IPTABLES -P OUTPUT ACCEPT
#Allow related and established on all interfaces (input)
$IPTABLES -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
#Allow releated, established and ssh on $EXTIF. Reject everything else.
$IPTABLES -A INPUT -i $EXTIF -p tcp -m tcp --dport 8833 --syn -j ACCEPT
$IPTABLES -A INPUT -i $EXTIF -j REJECT
#Allow related and established from $INTIF. Drop everything else.
$IPTABLES -A INPUT -i $INTIF -j DROP
#Allow http and https on other interfaces (input).
#This is only needed if authentication server is on same server as chilli
$IPTABLES -A INPUT -p tcp -m tcp --dport 80 --syn -j ACCEPT
$IPTABLES -A INPUT -p tcp -m tcp --dport 8080 --syn -j ACCEPT
$IPTABLES -A INPUT -p tcp -m tcp --dport 443 --syn -j ACCEPT
#Allow 3990 on other interfaces (input).
$IPTABLES -A INPUT -p tcp -m tcp --dport 3990 --syn -j ACCEPT
#Allow everything on loopback interface.
$IPTABLES -A INPUT -i lo -j ACCEPT
# Drop everything to and from $INTIF (forward)
# This means that access points can only be managed from ChilliSpot
$IPTABLES -A FORWARD -i $INTIF -j DROP
$IPTABLES -A FORWARD -o $INTIF -j DROP
#Enable NAT on output device
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
#For chillispot and squid
$IPTABLES -t nat -A POSTROUTING -d my.ext.int.face -o eth1 -p tcp -m tcp --dport 3128 -j MASQUERADE
$IPTABLES -t nat -A PREROUTING -d ! 10.0.0.1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
$IPTABLES -A INPUT -p tcp -m tcp --dport 3128 --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
any help on why i cant ping my AP's in the 10.15.0.* subnet would be greatly appreciated.
thanks
I have got this problem before and i have resolved it.
What 's your ap ip?
this my method
1. I set eth1 to static and add it 's ip is 192.168.0.1
2. set your ap ip address to 192.168.0.xx
3. you can ping and access to your ap in your local network (only on your chilli server cause on another client ,it was blocked by chilli iptables)
4. but you can not access to your ap from internet because you are blocked from chilli.iptables.
i try to resolve it but now it 's in progress.. comming soon
Hi,
If you set your APs IP address range to be within the address range handed out by Chillispot, this should work out of the box. Try the following settings in your chilli.conf:
net 192.168.182.0/23 # This makes a network mask of 255.255.254.0
dynip 192.168.182.0/24 # The Chillispot dynamic range
If you now put your APs in the 192.168.183.0 network, this should work out of the box.
Powered by PunBB 1.4.4, supported by Informer Technologies, Inc.