Chillispot forum

Hello everyone,

I'm trying to install the Chillihotspot onto a Debian Lenny. For that I have taken the HowTo for Ubuntu 8.05 and followed it's instructions. Since I’m using Lenny and not Ubuntu, I have tried to adapt it but I’m unsure I did that correctly. The Chillihotspot-SW seems to be working. Clients get an IP - But that’s it. The Clients can’t ping the DNS Server or any other IP behind the chillispot. I can connect to chillispot login-page and register correctly (but not via a redirection from another Page, only if I access the URL of the Chillispot directly).
After the registration, connections to PC’s after the chillispot aren’t possible. I can’t ping tun0, or the vlan130 interface IP of the chillispot. Even the PC’s listed under uamallowed aren’t accessible.

The Network is like this:
The Clients, who want access to the Internet, come from a tagged VLAN (ID=130) on eth0. Since the PC only has one Interface, I created a VLAN Interface onto eth0 with the IP 192.168.130.254. In the firewall-Script I changed the INTIF Parameter to vlan130. Extif is still eth0.
Eth0 get’s it’s IP via an DHCP request. On the Chillispot, I can ping any PC (in the intranet, internet or if it is one of the clients).


Chillispot ist configured is as followed:

net 192.168.130.0/24
dynip 192.168.130.0/24
dns1 192.168.254.8
dns2 192.168.254.88
domain key.chillispot.org
…
dhcpif  vlan130
uamserver https://192.168.130.1/cgi-bin/hotspotlogin.cgi
uamsecret test1234teset
uamlisten 192.168.130.1
#uamhomepage http://…..
uamallowed 192.168.130.0/24,192.168.23.0/24,192.168.254.8,192.168.254.88
uamport 3990

route –n gives:

Ziel            Router          Genmask         Flags Metric Ref    Use Iface
192.168.23.0    0.0.0.0         255.255.255.0   U     0      0        0 eth0
192.168.130.0   0.0.0.0         255.255.255.0   U     0      0        0 vlan130
192.168.130.0   0.0.0.0         255.255.255.0   U     0      0        0 tun0
0.0.0.0         192.168.23.1    0.0.0.0         UG    0      0        0 eth0

Ip-tables script:

#!/bin/sh

IPTABLES="/sbin/iptables"
EXTIF="eth0"
INTIF="vlan130"

$IPTABLES -P INPUT DROP
$IPTABLES -P FORWARD ACCEPT
$IPTABLES -P OUTPUT ACCEPT

#Allow related and established on all interfaces (input)
$IPTABLES -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

#Allow releated, established and ssh on $EXTIF. Reject everything else.
$IPTABLES -A INPUT -i $EXTIF -p tcp -m tcp --dport 22 --syn -j ACCEPT
$IPTABLES -A INPUT -i $EXTIF -j REJECT

#Allow related and established from $INTIF. Drop everything else.
$IPTABLES -A INPUT -i $INTIF -j DROP

#Allow http and https on other interfaces (input).
#This is only needed if authentication server is on same server as chilli
$IPTABLES -A INPUT -p tcp -m tcp --dport 80 --syn -j ACCEPT
$IPTABLES -A INPUT -p tcp -m tcp --dport 443 --syn -j ACCEPT

#Allow 3990 on other interfaces (input).
$IPTABLES -A INPUT -p tcp -m tcp --dport 3990 --syn -j ACCEPT

#Allow everything on loopback interface.
$IPTABLES -A INPUT -i lo -j ACCEPT

# Drop everything to and from $INTIF (forward)
# This means that access points can only be managed from ChilliSpot
$IPTABLES -A FORWARD -i $INTIF -j DROP
$IPTABLES -A FORWARD -o $INTIF -j DROP

#Enable NAT on output device
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE



Can anyone help me?