-# $Header$
+# $Id$
# WiFiDog Configuration file
# Parameter: GatewayID
# Default: default
-# Optional but essential for monitoring purposes
+# Optional
#
-# Set this to the template ID on the auth server
-# this is used to give a customized login page to the clients
-# If none is supplied, the default login page will be used.
+# Set this to the node ID on the auth server
+# this is used to give a customized login page to the clients and for
+# monitoring/statistics purpose
+# If none is supplied, the mac address of the GatewayInterface interface will be used,
+# without the : separators
GatewayID default
# Default: NONE
# Optional
#
-# Set this to the external interface. Typically vlan1 for OpenWrt, and eth0 or ppp0 otherwise
+# Set this to the external interface (the one going out to the Inernet or your larger LAN).
+# Typically vlan1 for OpenWrt, and eth0 or ppp0 otherwise,
+# Normally autodetected
# ExternalInterface eth0
# Default: NONE
# Mandatory
#
-# Set this to the internal interface. Typically br-lan for OpenWrt, and eth1 otherwise
+# Set this to the internal interface (typically your wifi interface).
+# Typically br-lan for OpenWrt, and eth1, wlan0, ath0, etc. otherwise
GatewayInterface br-lan
# Default: Find it from GatewayInterface
# Optional
#
-# Set this to the internal IP address of the gateway
+# Set this to the internal IP address of the gateway. Not normally required.
# GatewayAddress 192.168.1.1
-# Parameter: AuthServMaxTries
-# Default: 1
-# Optional
-#
-# Sets the number of auth servers the gateway will attempt to contact when a request fails.
-# this number should be equal to the number of AuthServer lines in this
-# configuration but it should probably not exceed 3.
-
-# AuthServMaxTries 3
-
# Parameter: AuthServer
# Default: NONE
-# Mandatory
+# Mandatory, repeatable
#
-# Set this to the hostname or IP of your auth server, the path where
-# WiFiDog-auth resides and optionally as a second argument, the port it
-# listens on.
+# This allows you to configure your auth server(s). Each one will be tried in order, untill one responds.
+# Set this to the hostname or IP of your auth server(s), the path where
+# WiFiDog-auth resides in and the port it listens on.
#AuthServer {
-# Hostname (Mandatory; Default: NONE)
-# SSLAvailable (Optional; Default: no; Possible values: yes, no)
-# SSLPort 443 (Optional; Default: 443)
-# HTTPPort 80 (Optional; Default: 80)
-# Path wifidog/ (Optional; Default: /wifidog/ Note: The path must be both prefixed and suffixed by /. Use a single / for server root.)
+# Hostname (Mandatory; Default: NONE)
+# SSLAvailable (Optional; Default: no; Possible values: yes, no)
+# SSLPort (Optional; Default: 443)
+# HTTPPort (Optional; Default: 80)
+# Path (Optional; Default: /wifidog/ Note: The path must be both prefixed and suffixed by /. Use a single / for server root.)
+# LoginScriptPathFragment (Optional; Default: login/? Note: This is the script the user will be sent to for login.)
+# PortalScriptPathFragment (Optional; Default: portal/? Note: This is the script the user will be sent to after a successfull login.)
+# MsgScriptPathFragment (Optional; Default: gw_message.php? Note: This is the script the user will be sent to upon error to read a readable message.)
+# PingScriptPathFragment (Optional; Default: ping/? Note: This is the script the user will be sent to upon error to read a readable message.)
+# AuthScriptPathFragment (Optional; Default: auth/? Note: This is the script the user will be sent to upon error to read a readable message.)
#}
#AuthServer {
# Path /
#}
-#AuthServer {
-# Hostname auth3.ilesansfil.org
-# SSLAvailable yes
-# Path /
-#}
-
# Parameter: Daemon
# Default: 1
# Optional
# Default: 60
# Optional
#
-# How many seconds should we wait between timeout checks
+# How many seconds should we wait between timeout checks. This is also
+# how often the gateway will ping the auth server and how often it will
+# update the traffic counters on the auth server. Setting this too low
+# wastes bandwidth, setting this too high will cause the gateway to take
+# a long time to switch to it's backup auth server(s).
+
CheckInterval 60
# Parameter: ClientTimeout
# The timeout will be INTERVAL * TIMEOUT
ClientTimeout 5
+# Parameter: TrustedMACList
+# Default: none
+# Optional
+#
+# Comma separated list of MAC addresses who are allowed to pass
+# through without authentication
+#TrustedMACList 00:00:DE:AD:BE:AF,00:00:C0:1D:F0:0D
+
# Parameter: FirewallRuleSet
# Default: none
# Mandatory
# Rule Set: global
#
# Used for rules to be applied to all other rulesets except locked.
-# This is the default config for the Teliphone service.
FirewallRuleSet global {
- FirewallRule allow udp to 69.90.89.192/27
- FirewallRule allow udp to 69.90.85.0/27
- FirewallRule allow tcp port 80 to 69.90.89.205
+ ## To block SMTP out, as it's a tech support nightmare, and a legal liability
+ #FirewallRule block tcp port 25
+
+ ## Use the following if you don't want clients to be able to access machines on
+ ## the private LAN that gives internet access to wifidog. Note that this is not
+ ## client isolation; The laptops will still be able to talk to one another, as
+ ## well as to any machine bridged to the wifi of the router.
+ # FirewallRule block to 192.168.0.0/16
+ # FirewallRule block to 172.16.0.0/12
+ # FirewallRule block to 10.0.0.0/8
+
+ ## This is an example ruleset for the Teliphone service.
+ #FirewallRule allow udp to 69.90.89.192/27
+ #FirewallRule allow udp to 69.90.85.0/27
+ #FirewallRule allow tcp port 80 to 69.90.89.205
}
# Rule Set: validating-users
#
# Used for new users validating their account
FirewallRuleSet validating-users {
- FirewallRule block tcp port 25
FirewallRule allow to 0.0.0.0/0
}
# Rule Set: locked-users
#
-# Used for users that have been locked out.
+# Not currently used
FirewallRuleSet locked-users {
FirewallRule block to 0.0.0.0/0
}
projects / openwrt / svn-archive / packages.git / commitdiff