665
edits
Changes
From SME Server
Jump to navigationJump to search
mLine 229:
Line 229: − + Line 238:
Line 238: − − === Bypass authentication for a list of Mac addresses === − − CoovaChilli has an interesting features which allow the authentication to be bypassed for a list of mac addresses. It can be useful if you want to connect devices without any browser (playstation etc...) − To enable this feature, you'll have to create a custom template: − − mkdir -p /etc/e-smith/templates-custom/etc/chilli.conf − vim /etc/e-smith/templates-custom/etc/chilli.conf/99MacAuth − − And put something like this − macallowed 0022431665B3 − macallowed 0045EF1AF9CC − macallowlocal − − You can use one macallowed directive per mac address, or specify multiple mac addresses, separated by a comma. − Once you saved this file, restart chilli with: − signal-event chilli-update − − Now the devices you've specified will be able to connect without authenticating. You should see a line like this one in /var/log/messages when one of this device is connecting: − Jun 21 19:36:47 smetest coova-chilli[25483]: chilli.c: 2746: Granted MAC=00-22-47-16-29-AB with IP=10.1.0.10 access without radius auth
→What authenticated users have access to ?
*AllowedOutgoing will allow more outgoing traffic. It's a list of proto/host/port clients will be able to contact on the internet (These rules only apply to forwarded traffic, nothing will be allowed to the private network). Wildcard '*' (or keyword 'any') can replace host or port. Eg:
*AllowedOutgoing will allow more outgoing traffic. It's a list of proto/host/port clients will be able to contact on the internet (These rules only apply to forwarded traffic, nothing will be allowed to the private network). Wildcard '*' (or keyword 'any') can replace host or port. Eg:
db configuration setprop AllowedOutgoing tcp:56.23.41.1:25,udp:*:1194,tcp:4.5.6.7:any,tcp:any:123
db configuration setprop chilli AllowedOutgoing tcp:56.23.41.1:25,udp:*:1194,tcp:4.5.6.7:any,tcp:any:123
This will allow:
This will allow:
{{ Note box|proto can be tcp or udp only for now, there's now way to add icmp rules with db commands.}}
{{ Note box|proto can be tcp or udp only for now, there's now way to add icmp rules with db commands.}}
=== Troubleshoot ===
=== Troubleshoot ===
