Setup guide
Christian Louis
I've seen your interesting project, but after downloading the source
and trying to install it, I'm kind of stuck.
Could you please be so kind and list the following information:
a) what binaries do you use? What purpose do they have?
b) what other software does one need to run your product (I've seen:
Apache2)
c) for what platform / distribution do you optimize your project
(CentOS? Ubuntu?)
d) How to setup the Captive Portal? How to administer it?
Thanks in advance
Christian
Fred Moyer
You need Apache 2.x, iptables 1.4, and mod_perl. You should be able
to install all of these using yum on Fedora or Centos. I haven't
tried Ubuntu, but the same software packages can be installed there.
If you install App::SilverSplash by downloading it from CPAN, it will
check for needed dependencies when you run perl Makefile.PL
Once you have all the dependencies and App::SilverSplash installed,
take a look at conf/sl.conf and update those values to suit your
network, then run 'perl bin/sl_cp' which will fire up the Apache
server and setup the needed iptables rules. At that point, if you
connect to the LAN interface of the device it is running on, you
should see the splash page.
Hope that helps - this public release is still new, so feel free to
ask any additional questions you need to get it running.
- Fred
> --
> ------------------------------------------------------------
> SilverSplash is an open source captive portal developed by Silver Lining Networks
> http://dev.slwifi.com/silversplash
> http://www.slwifi.com/
>
> You received this message because you are subscribed to the Google
> Groups "Silver Splash Captive Portal" group.
> To post to this group, send email to silver...@googlegroups.com
> To unsubscribe from this group, send email to
> silversplash...@googlegroups.com
> For more options, visit this group at
> http://groups.google.com/group/silversplash?hl=en
>
--
Silver Lining Networks
http://slwifi.com/
http://twitter.com/slwifi
o: 888.334.6602
m: 415.720.2103
Fred Moyer
Please cc the list on replies so that everyone can benefit from this
interaction.
On Fri, Sep 3, 2010 at 3:54 PM, Christian Louis
<christi...@gmail.com> wrote:
> Hi Fred,
>
> thanks for your brilliantly fast feedback.
>
> I have managed to persuade Apache et.al. to work, however when starting the
> sl_splash (sl_cp is not part of the distribution as I can get it from
> git),
Good to know, I'll add that to the manifest.
> I see the following error message:
>
> [Sat Sep 04 00:52:53 2010] [error] could not iptables '-t mangle -F',
> err: , ret: 256\n at
You may not have the needed iptables module installed. Can you try
this from the command line?
iptables -t mangle -L -n
> /usr/lib/perl5/site_perl/5.8.8/App/SilverSplash/IPTables.pm line
> 234\n\tApp::SilverSplash::IPTables::iptables('-t mangle -F') called at
> /usr/lib/perl5/site_perl/5.8.8/App/SilverSplash/IPTables.pm line
> 223\n\tApp::SilverSplash::IPTables::clear_firewall('App::SilverSplash::IPTables')
> called at /usr/lib/perl5/site_perl/5.8.8/App/SilverSplash/IPTables.pm
> line 72\n\tApp::SilverSplash::IPTables::init_firewall('App::SilverSplash::IPTables')
> called at /etc/sl/startup.pl line 40\n\trequire /etc/sl/startup.pl
> called at (eval 2) line 1\n\teval 'require qCompilation failed in
> require at (eval 2) line 1.\n
> [Sat Sep 04 00:52:53 2010] [error] Can't load Perl file:
> /etc/sl/startup.pl for server aircloud.slwifi.com:0, exiting...
>
>
> Any idea what hapened there?
>
> Christian
Christian Louis
>> [Sat Sep 04 00:52:53 2010] [error] could not iptables '-t mangle -F',
>> err: , ret: 256\n at
>
> You may not have the needed iptables module installed. Can you try
> this from the command line?
>
> iptables -t mangle -L -n
>
iptables is installed and I can run the command above from the command
line without any problems.
Both iptable_filter and iptable_mangle modules are also loaded.
By the way, another bug that stroke me:
In the startup.pl script, you named the module SL::Config, however I
had to change that to Config::SL.
Thanks for your ideas
Christian
Fred Moyer
<christi...@gmail.com> wrote:
> Hi Fred,
>
>>> [Sat Sep 04 00:52:53 2010] [error] could not iptables '-t mangle -F',
>>> err: , ret: 256\n at
>>
>> You may not have the needed iptables module installed. Can you try
>> this from the command line?
>>
>> iptables -t mangle -L -n
>>
> iptables is installed and I can run the command above from the command
> line without any problems.
> Both iptable_filter and iptable_mangle modules are also loaded.
So you will need to add the apache user to /etc/sudoers and give it
permission to run iptables. Here's the entry I'm using:
apache ALL=NOPASSWD:/sbin/iptables
Depending on what version of Linux you are using, you may need to set
a bit on /usr/bin/sudo if you get an error like "can't setuid root" or
something similar. This part can be a real pain, but I'm here to help
you out :) This 0.01 doesn't have these gotchas documented yet.
I'd suggest testing the sudo setup with something like "su - apache -c
'sudo /sbin/iptables -t mangle -L'" so that you can verify the apache
user has the correct permissions. This is needed so that the apache
user can manipulate the firewall rules as needed.
> By the way, another bug that stroke me:
> In the startup.pl script, you named the module SL::Config, however I
> had to change that to Config::SL.
Ah thanks for the spot, I will correct that!
>
> Thanks for your ideas
> Christian
>
--
Christian Louis
some more remarks:
1st: I'm using CentOS as this is probably closer to your development
platform, not Ubuntu anymore.
- adding apache to iptables worked quite well, however I also had to
comment out
# Defaults requiretty
- Next thing I stumbled upon is that there is no sanity check for the
entries you add to cp_hosts_allow.txt and cp_sslhosts_allow.txt. This
resulted in a crash in the startup.pl script, as non resolvable names
in the iptables command stop this script.
- It is a little bit confusing when /etc/sl and when /usr/local/SL-CP
is used for configuration. You might add a description on symlinking
the both directories to each other or your prefered way of setup to
the distro.
Just my 2 cents as usual
Christian
Christian Louis
another addition to what doesn't quite work:
it seems that the perlbal bit is missing in the distribution. Could
you please explain what purpose perlbal has and how to configure it in
this setup?
Thanks
Christian
Fred Moyer
Perlbal is used as a reverse proxy in front of the mod_perl server to
support lots and lots of connections. You may not technically need it
- if you just use the port that your apache server is listening on in
sl.conf you should be good to go.
Fred Moyer
<christi...@gmail.com> wrote:
> Hi Fred,
>
> some more remarks:
>
> 1st: I'm using CentOS as this is probably closer to your development
> platform, not Ubuntu anymore.
>
> - adding apache to iptables worked quite well, however I also had to
> comment out
> # Defaults requiretty
Good stuff, I'll add that note to the distribution.
> - Next thing I stumbled upon is that there is no sanity check for the
> entries you add to cp_hosts_allow.txt and cp_sslhosts_allow.txt. This
> resulted in a crash in the startup.pl script, as non resolvable names
> in the iptables command stop this script.
That's right - there aren't currently any checks in place. Some of
those entries are used to allow all PayPal resources in the walled
garden, and may vary depending on your region.
> - It is a little bit confusing when /etc/sl and when /usr/local/SL-CP
> is used for configuration. You might add a description on symlinking
> the both directories to each other or your prefered way of setup to
> the distro.
I'll add the symlinking instructions. I plan on wrapping an rpm for
this distribution, and haven't quite figured out exactly the best
place for config files, doc root, etc.
> Just my 2 cents as usual
It is much appreciated :) Keep them coming; and let me know when you
have it up and operational. I will be pushing out version 0.02
soonish with your recommendations and a few fixes.
Christian Louis
Hi Fred,
Have it up and running now. A bit confusing: bandwidth limits do not seem to work. Besides that the default value for PayPal does not match the default button for 3 USD or so but is 0.05 USD. Can you add this as a sl.conf variable together with the currency - at least EUR and GBP would be nice.
Thanks for your support,
Christian
Fred Moyer
<christi...@gmail.com> wrote:
> Hi Fred,
>
> Have it up and running now. A bit confusing: bandwidth limits do not seem to
> work. Besides that the default value for PayPal does not match the default
> button for 3 USD or so but is 0.05 USD. Can you add this as a sl.conf
> variable together with the currency - at least EUR and GBP would be nice.
To get the bandwidth limits working, run the cronjob (sl_cp_bouncer)
every minute or every five minutes. It checks the total bandwidth
used and disconnects users who exceed that limit, or the time limit in
the BerkeleyDB store on the disk. If it still isn't working with the
cronjob on, let me know and I'll take a look. We spent a lot of time
testing that feature, but it could be your setup is a bit different.
The 0.05 USD value is for testing - I think you can change that in
lib/App/SilverSplash.pm. I'll add that to the conf file.
I'll look at adding currency also, the paypal module supports it.
> Thanks for your support,
Thank you for taking on the somewhat dauting task of being the first
person to install it and report back issues!
--
Christian Louis
Hi Fred,
Will test it later or tomorrow as I am out with friends at the moment. One thing also worth mentioning is that the gateway has to run dnsmasq to provide MAC to IP resolution. BTW is there a way to run it IP only based with an external DHCP server?
Christian
Fred Moyer
yet, there's a problem with the system call that I haven't figured out
yet. I'll take another look at that for the next release.
On Sat, Sep 4, 2010 at 1:45 PM, Christian Louis
Christian Louis
just a heads up:
you've mentioned http://dev.slwifi.com/silversplash in the docu,
however this URL throws a trac error..
Christian
Christian Louis
> To get the bandwidth limits working, run the cronjob (sl_cp_bouncer)
> every minute or every five minutes. It checks the total bandwidth
> used and disconnects users who exceed that limit, or the time limit in
> the BerkeleyDB store on the disk. If it still isn't working with the
> cronjob on, let me know and I'll take a look. We spent a lot of time
> testing that feature, but it could be your setup is a bit different.
The script works now. However I found that I had to adjust IPTables.pm
in the function
check_overage()
a bit. There was a hardcoded iptables command there, that didn't use
the $Iptables variable from the command line. Once I've changed these
iptables statements to /sbin/iptables the accounting worked quite
nicely.
Hope that helps again
Christian
Fred Moyer
core machine, so I temporarily took it down. I may bring it back up
again running under mod_python, and move the mailing list there. Have
gotten some feedback that Google Groups is not accessible everywhere
in the world.
On Sat, Sep 4, 2010 at 6:44 PM, Christian Louis
JwizWifi
I am kinda stuck on how to get the two dependencies that silversplash
needs. Where can I get the Template 2.18 and
a URI::Escape version 3.3 (that is how Makefile.PL generated when I
was inspecting the dependencies prior to install silversplash
Johnny
> o: 888.334.6602
> m: 415.720.2103
Fred Moyer
You probably want to install cpanminus for installing the perl modules.
wget http://xrl.us/cpanminus
chmod +x cpanminus
./cpanminus Template
./cpanminus URI::Escape
Or you can 'yum install perl-Template' to install that perl modules using Yum.
JwizWifi
Hi Fred
Thank you very much for helping . There are so many dependencies
involved .
I'm glad that I have installed it piece by piece and make the
SilverSplash installed successfully.
Next stop ... configuration. Hope I will make it work.
Johnny
On Sep 9, 10:38 am, Fred Moyer <f...@slwifi.com> wrote:
> Hi Johnny,
>
> You probably want to install cpanminus for installing the perl modules.
>
JwizWifi
I was able to install the silversplash and made it up and running .
Using the default configuration, what would be my LAN IP address? is
it the same with
DMZ? Upon firing up perl bin/sl_splash, no errors were generated .
Does this mean the iptables were set correctly? I have a host with
192.168.1.2 Ip address
connected but it wont have the splash page. how would I know if the
silversplash is working?
Johnny
On Sep 9, 10:38 am, Fred Moyer <f...@slwifi.com> wrote:
> Hi Johnny,
>
> You probably want to install cpanminus for installing the perl modules.
>
Fred Moyer
the lan is. To have the paypal functionality work correctly, the DMZ
address must be valid, so that the IPN notification from paypal is
accepted by SilverSplash and it sets up the rules for the paid user.
Internet
|
|
Linksys, ip 27.119.73.5
|
| - eth0, sl_wan_if in sl.conf, ip from linksys is 192.168.1.224
(or something else)
SilverSplash in DMZ, DMZ address is 27.119.73.5 (note linksys must
designate this as in the DMZ)
| - eth1, sl_lan_if in sl.conf
|
User, ip 10.0.1.111 from SilverSplash device dnsmasq server running on eth1.
To check the iptables layout, run 'iptables -t nat -L -n'. You should
see several rules. Also, check logs/error_log for any log errors and
post them here if they don't make sense.
To check if silversplash is working, you connect to
http://10.0.1.1:9999, where 10.0.1.1 is the ip of eth1 on the
silversplash box, and 9999 is sl_perlbal_port in sl.conf. You can
also connect to eth0 on sl_wan_listen, but the best way to check is to
connect via eth1, and try to surf. You should be redirected to the
splash page.
Hope this helps, let me know if you have other questions.
Fred Moyer
<christi...@gmail.com> wrote:
> By the way, another bug that stroke me:
> In the startup.pl script, you named the module SL::Config, however I
> had to change that to Config::SL.
I just pushed 0.02 to github and CPAN which contains this and a couple
of other minor fixes you reported. New features coming in 0.03
shortly.
Thanks for the spots Christian, I added you to the Changes log.
JwizWifi
Thank you for replying. Several things I would like to clarify.
1. Can the silversplash box act as an Internet gateway ? Thus
removing the linksys that was in your diagram.
2. Does the 10.1.0.0 subnet is built-in for the silversplash and the
dnsmasq?
johnny
On Sep 11, 10:16 am, Fred Moyer <f...@slwifi.com> wrote:
> Your LAN IP is whatever the ip of the ethernet interface connected to
> the lan is. To have the paypal functionality work correctly, the DMZ
> address must be valid, so that the IPN notification from paypal is
> accepted by SilverSplash and it sets up the rules for the paid user.
>
> Internet
> |
> |
> Linksys, ip 27.119.73.5
> |
> | - eth0, sl_wan_if in sl.conf, ip from linksys is 192.168.1.224
> (or something else)
> SilverSplash in DMZ, DMZ address is 27.119.73.5 (note linksys must
> designate this as in the DMZ)
> | - eth1, sl_lan_if in sl.conf
> |
> User, ip 10.0.1.111 from SilverSplash device dnsmasq server running on eth1.
>
> To check the iptables layout, run 'iptables -t nat -L -n'. You should
> see several rules. Also, check logs/error_log for any log errors and
> post them here if they don't make sense.
>
Fred Moyer
> Thank you for replying. Several things I would like to clarify.
>
> 1. Can the silversplash box act as an Internet gateway ? Thus
> removing the linksys that was in your diagram.
It can act as an internet gateway, but it can also function behind an
existing gateway in the DMZ. When acting as a gateway, the wan and
dmz ip addresses will be the same in sl.conf.
> 2. Does the 10.1.0.0 subnet is built-in for the silversplash and the
> dnsmasq?
You can set whatever class of network you desire in dnsmasq. I just
checked the codebase and didn't see any leftover references to the
test network.
JwizWifi
upon doing the command for iptables the result is this :
[root@localhost App-SilverSplash-0.01]# perl bin/sl_splash
Starting with command: /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -
k start
[root@localhost App-SilverSplash-0.01]# iptables -t nat -L -n
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@localhost App-SilverSplash-0.01]#
no values or whatever in the table.
Does it mean the sl_splash is not running
?
Do I have to install a dhcp daemon or silversplash does it?
Johnny
On Sep 15, 4:25 am, Fred Moyer <f...@slwifi.com> wrote:
Fred Moyer
> Hi Fred
> upon doing the command for iptables the result is this :
>
> [root@localhost App-SilverSplash-0.01]# perl bin/sl_splash
> Starting with command: /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -
> k start
Can you post the contents of logs/error_log?
> Do I have to install a dhcp daemon or silversplash does it?
Right now silversplash only works with the dnsmasq dhcp daemon.
Should be available via yum install.
JwizWifi
Wed Sep 15 15:54:12 2010] [notice] SELinux policy enabled; httpd
running as context unconfined_u:unconfined_r:unconfined_t:s0
[Wed Sep 15 15:54:12 2010] [notice] suEXEC mechanism enabled
(wrapper: /usr/sbin/suexec)
[Wed Sep 15 15:54:12 2010] [notice] Digest: generating secret for
digest authentication ...
[Wed Sep 15 15:54:12 2010] [notice] Digest: done
[Wed Sep 15 15:54:12 2010] [notice] Apache/2.2.14 (Unix) DAV/2
mod_perl/2.0.4 Perl/v5.10.0 configured -- resuming normal operations
[Wed Sep 15 16:02:34 2010] [notice] caught SIGTERM, shutting down
[Wed Sep 15 16:02:39 2010] [notice] SELinux policy enabled; httpd
running as context unconfined_u:unconfined_r:unconfined_t:s0
[Wed Sep 15 16:02:39 2010] [notice] suEXEC mechanism enabled
(wrapper: /usr/sbin/suexec)
[Wed Sep 15 16:02:39 2010] [notice] Digest: generating secret for
digest authentication ...
[Wed Sep 15 16:02:39 2010] [notice] Digest: done
[Wed Sep 15 16:02:39 2010] [notice] Apache/2.2.14 (Unix) DAV/2
mod_perl/2.0.4 Perl/v5.10.0 configured -- resuming normal operations
[Wed Sep 15 16:02:47 2010] [notice] caught SIGTERM, shutting down
[Wed Sep 15 16:06:59 2010] [notice] SELinux policy enabled; httpd
running as context unconfined_u:unconfined_r:unconfined_t:s0
[Wed Sep 15 16:06:59 2010] [notice] suEXEC mechanism enabled
(wrapper: /usr/sbin/suexec)
[Wed Sep 15 16:06:59 2010] [notice] Digest: generating secret for
digest authentication ...
[Wed Sep 15 16:06:59 2010] [notice] Digest: done
[Wed Sep 15 16:06:59 2010] [notice] Apache/2.2.14 (Unix) DAV/2
mod_perl/2.0.4 Perl/v5.10.0 configured -- resuming normal operations
[Wed Sep 15 17:08:41 2010] [notice] caught SIGTERM, shutting down
On Sep 15, 8:15 am, Fred Moyer <f...@slwifi.com> wrote:
Fred Moyer
Do you need SELinux enabled or can you disable it?
JwizWifi
I can turn the SELinux off . It is not important to my requirements.
As long as the silversplash box can be a gateway that is what matter.
I'll give some feedbacks when I have already tried running
silversplash without the SELinux running.
Johnny
On Sep 17, 5:10 am, Fred Moyer <f...@slwifi.com> wrote:
> Hmm, I haven't tried it with SELinux, and am not sure if it will work.
> Do you need SELinux enabled or can you disable it?
>
>
> read more »
JwizWifi
There were no difference. It is still not working. I cannot even
access the http://<local ip address of silversplash box>:9999 If I
will run the iptable commands there were no rules on the machine.
iptables -t nat -L -n yields :
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Please help.
>
> read more »
Fred Moyer
that we can help you out.
--
Silver Lining Networks
http://slwifi.com/