From pulpo at chilesincables.org Tue Jul 3 18:22:54 2007 From: pulpo at chilesincables.org (Pulpo) Date: Tue, 03 Jul 2007 21:22:54 -0400 Subject: [NoCatNet] Nocat and layer7+ipp2p Message-ID: <468AF66E.2010505@chilesincables.org> Hi; I manage a free-public wireless network, witch Nocat in Openmode, transparent proxy and layer7 and ipp2p to control and block (or try at least) p2p traffic. My problem is that when i run Nocat with the layer7 and ipp2p scripts (added at the bottom of initialize.fw file), the network stop working, this means there is no captive portal. I attach the scripts i am actually using, maybe somebody can helpme or guide me through, to make this scripts work with Nocat. Thanks in advance. P.S: Please excuse my terrible english :-o --Bottom of initialize.fw-- #Ipp2p low rate iptables -t mangle -A PREROUTING -p tcp -j CONNMARK --restore-mark iptables -t mangle -A PREROUTING -p tcp -m mark ! --mark 0 -j ACCEPT iptables -t mangle -A PREROUTING -p tcp -m ipp2p --ares -j MARK --set-mark 1 iptables -t mangle -A PREROUTING -p tcp -m mark --mark 1 -j CONNMARK --save-mark iptables -t mangle -A POSTROUTING -o br0 -m mark --mark 1 -j CLASSIFY --set-class 1:12 iptables -t mangle -A POSTROUTING -o eth1 -m mark --mark 1 -j CLASSIFY --set-class 2:12 #layer7 drop rules iptables -t mangle -A PREROUTING -m layer7 --l7proto ares -j DROP iptables -t mangle -A PREROUTING -m layer7 --l7proto bittorrent -j DROP iptables -t mangle -A PREROUTING -m layer7 --l7proto directconnect -j DROP iptables -t mangle -A PREROUTING -m layer7 --l7proto edonkey -j DROP iptables -t mangle -A PREROUTING -m layer7 --l7proto fasttrack -j DROP iptables -t mangle -A PREROUTING -m layer7 --l7proto gnutella -j DROP iptables -t mangle -A PREROUTING -m layer7 --l7proto goboogy -j DROP iptables -t mangle -A PREROUTING -m layer7 --l7proto mute -j DROP iptables -t mangle -A PREROUTING -m layer7 --l7proto openft -j DROP iptables -t mangle -A PREROUTING -m layer7 --l7proto soulseek -j DROP -- Human Knowledge Belongs to the Humanity Linux User #338337 From wchan at honolulu.gov Tue Jul 3 19:05:01 2007 From: wchan at honolulu.gov (Chan, Wilson) Date: Tue, 3 Jul 2007 16:05:01 -1000 Subject: [NoCatNet] Setup NoCatSplash with Dansguardian/Squid/Transparent proxy Message-ID: Hi Group, Im trying to setup a free wireless network however im having a problem getting nocatsplash to work right with dansguardian, squid, and transparent proxy all in one box. Here is the current setup and my understanding of how the web traffic is flowing. ===NoCat Traffic Flow== Laptop sends port 80 traffic (google.com) || NoCat Splash intercepts port 80 traffic || Redirects traffic to port 5180 || Acceptance splash page || Forwards web traffic (google.com) ==ALL IN ONE PROXY SERVER== Laptop sends port 80 traffic (google.com) || IPTABLES redirects port 80 traffic to port 8080 (DansGuardain) || DansGuardian Checks content and then redirects traffic to port 3128 (Squid) || Squid sents traffic out port 80 to Internet connection However, I have an all in one proxy firewall that is doing transparent proxying (redirect w/iptables). When I try to incorporate NoCatSplash into this proxy server it doesn?t work because the Transparent Proxying doesn?t allow the traffic to flow to NoCat first. Is there anyone who knows how to make this work? Eth0 = RR Modem Eth1 = LAN (192.168.100.1) ------------------------------------------------------------------------------------------------- /etc/squid/squid.conf http_port 3128 transparent <----Add transparent #Recommended minimum configuration: acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl wirelessNetwork src 192.168.100.0/255.255.255.0 <---- # And finally deny all other access to this proxy ## Allow Wireless http_access allow wirelessNetwork <---- http_access allow localhost http_access deny all ## Transparent Proxying httpd_accel_host virtual <---- httpd_accel_port 80 <---- httpd_accel_with_proxy on <---- httpd_accel_uses_host_header on <---- ------------------------------------------------------------------------------------------------- /etc/sysconfig/iptables # Firewall configuration written by system-config-securitylevel # Manual customization of this file is not recommended. *nat :PREROUTING ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-ports 8080 -A POSTROUTING -s 192.168.100.0/24 -o eth0 -j MASQUERADE COMMIT *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :RH-Firewall-1-INPUT - [0:0] -A INPUT -j RH-Firewall-1-INPUT -A FORWARD -j RH-Firewall-1-INPUT -A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT # Some ICMP messages aren't particularly useful and can be particularly # nasty, so drop them or rate limit them as appropriate. # -A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type 5 -j DROP -A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type 9 -j DROP -A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type 10 -j DROP -A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type 15 -j DROP -A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type 16 -j DROP -A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type 17 -j DROP -A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type 18 -j DROP -A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type 8 -m limit --limit 1/sec -j ACCEPT -A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type 8 -j DROP -A RH-Firewall-1-INPUT -p icmp -m icmp ! --icmp-type 8 -j ACCEPT -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT Wilson No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.476 / Virus Database: 269.9.14/885 - Release Date: 7/3/2007 10:02 AM From jchriste at sonic.net Tue Jul 10 11:58:30 2007 From: jchriste at sonic.net (Jack Christensen) Date: Tue, 10 Jul 2007 11:58:30 -0700 Subject: [NoCatNet] WSCICC Board Meeting Message-ID: Hi, The WSCICC Board is having a board meeting this Wednesday 7/11 @ 6:30PM in the Youth Annex of the Sebastopol Community Center on Morris Street in Sebastopol. Board meetings are open, so if there is something here that interests you, please feel free to attend. Preliminary Agenda: 1. Thorn Workday on 7/28 - Jack 2. Technical Support - getting more folks trained to provide - Ron/All? 3. Paid Installers - Update - Matt 4. 5.8Ghz Backhaul between Thorn and Silvercrest Towers (AccessNet Connection) - Update - Glen 5. Moving WSCICC members off GV - Update - Matt 6. TWG proposal - budget - purchase authority - Update - Matt 7. Deliberant & EZ3 Radio Performance - Update - Matt/Ron? Thanks, Jack Christensen President WSCICC From jchriste at sonic.net Tue Jul 10 11:58:30 2007 From: jchriste at sonic.net (Jack Christensen) Date: Tue, 10 Jul 2007 11:58:30 -0700 Subject: [NoCatNet] WSCICC Board Meeting Message-ID: Hi, The WSCICC Board is having a board meeting this Wednesday 7/11 @ 6:30PM in the Youth Annex of the Sebastopol Community Center on Morris Street in Sebastopol. Board meetings are open, so if there is something here that interests you, please feel free to attend. Preliminary Agenda: 1. Thorn Workday on 7/28 - Jack 2. Technical Support - getting more folks trained to provide - Ron/All? 3. Paid Installers - Update - Matt 4. 5.8Ghz Backhaul between Thorn and Silvercrest Towers (AccessNet Connection) - Update - Glen 5. Moving WSCICC members off GV - Update - Matt 6. TWG proposal - budget - purchase authority - Update - Matt 7. Deliberant & EZ3 Radio Performance - Update - Matt/Ron? Thanks, Jack Christensen President WSCICC From gordon at gsathome.com Tue Jul 17 16:39:54 2007 From: gordon at gsathome.com (Gordon Stewart) Date: Tue, 17 Jul 2007 16:39:54 -0700 Subject: [NoCatNet] Power over Ethernet problems In-Reply-To: <157B982DD6939449B51FC07ED5533CB204C3F6@SBS.gmellc.local> References: <157B982DD6939449B51FC07ED5533CB204C3F6@SBS.gmellc.local> Message-ID: <004601c7c8cb$c72140b0$6401a8c0@Gordon> This is an FYI to the group on problems I've had with POE. POE is Power Over Ethernet which uses a Linksys WAPPOE device using two of the spare wires in the cat 5 cable to carry power to the device at the other end - a WET11 in my case. At the supply end the injector puts 48 VDC on the unused pair and the splitter at the other end knocks it down to the required 5 VDC which powers the WET11. My setup consists of a WRT54G > POE injector > 50' Cat 5 cable > POE Splitter > WET11 > antenna. I've recently been having frequent interruptions in service where I have not been able to ping the WET11. I can cycle the power, fiddle with the cables and eventually it comes back on line. The cat5 cable is commercial 50' cable with RJ45s on each end. I noticed recently that the RJ45 at the injector end where it plugs into the POE is blackened as if it has been overheating. There are carbon deposits on the connectors and it is easy to see how the connection may be impaired. The splitter end looks good with no damage. During a service interruption this morning I dragged a power cord onto the roof and installed a 5 volt supply to bypass the POE equipment completely. The system came on line immediately. I have now installed permanent 110VAC power to the WET11 at the antenna. It is possible that I had a bad connection bewteen the RJ45 and the injector and this cooked the RJ45. Perhaps the RJ45 was not designed to carry even the low power required to drive a remote device. Gordon From matt_townsend at earthlink.net Tue Jul 17 17:06:34 2007 From: matt_townsend at earthlink.net (Matt Townsend) Date: Tue, 17 Jul 2007 17:06:34 -0700 Subject: [NoCatNet] Power over Ethernet problems In-Reply-To: <004601c7c8cb$c72140b0$6401a8c0@Gordon> References: <157B982DD6939449B51FC07ED5533CB204C3F6@SBS.gmellc.local> <004601c7c8cb$c72140b0$6401a8c0@Gordon> Message-ID: I wonder if you might get a reply by posting this over at the board at http://www.linksysinfo.org/index.php At 04:39 PM 7/17/2007 -0700, Gordon Stewart wrote: >This is an FYI to the group on problems I've had with POE. > >POE is Power Over Ethernet which uses a Linksys WAPPOE device using two of >the spare wires in the cat 5 cable to carry power to the device at the other >end - a WET11 in my case. At the supply end the injector puts 48 VDC on the >unused pair and the splitter at the other end knocks it down to the required >5 VDC which powers the WET11. > >My setup consists of a WRT54G > POE injector > 50' Cat 5 cable > POE >Splitter > WET11 > antenna. > >I've recently been having frequent interruptions in service where I have not >been able to ping the WET11. I can cycle the power, fiddle with the cables >and eventually it comes back on line. > >The cat5 cable is commercial 50' cable with RJ45s on each end. I noticed >recently that the RJ45 at the injector end where it plugs into the POE is >blackened as if it has been overheating. There are carbon deposits on the >connectors and it is easy to see how the connection may be impaired. The >splitter end looks good with no damage. > >During a service interruption this morning I dragged a power cord onto the >roof and installed a 5 volt supply to bypass the POE equipment completely. >The system came on line immediately. I have now installed permanent 110VAC >power to the WET11 at the antenna. > >It is possible that I had a bad connection bewteen the RJ45 and the injector >and this cooked the RJ45. Perhaps the RJ45 was not designed to carry even >the low power required to drive a remote device. > >Gordon > > > >_______________________________________________ >NoCatNet mailing list >NoCatNet at nocat.net >http://lists.nocat.net/mailman/listinfo/nocatnet From kgtcoop at sonic.net Wed Jul 18 16:19:03 2007 From: kgtcoop at sonic.net (Timothy Cooper) Date: Wed, 18 Jul 2007 16:19:03 -0700 Subject: [NoCatNet] connections... Message-ID: <2516694602adb2746af53c57166529b8@sonic.net> Is there something wrong with Gold Ridge? My connection has been down since yesterday afternoon. Thanks, Tim Cooper From mark at pon.net Thu Jul 26 22:00:45 2007 From: mark at pon.net (Mark) Date: Thu, 26 Jul 2007 22:00:45 -0700 Subject: [NoCatNet] Site Work Day Saturday? Message-ID: <000c01c7d00b$17e8d120$9100a8c0@pon.net> Hey, Are you guys still working on Thorn, etc. Saturday? If so, do you still need more bodies? If so, I'm available from reasonably early morning till(?). Let me know. Mark Hawk From gordon at gsathome.com Fri Jul 27 17:21:34 2007 From: gordon at gsathome.com (Gordon Stewart) Date: Fri, 27 Jul 2007 17:21:34 -0700 Subject: [NoCatNet] Site Work Day Saturday? In-Reply-To: <000c01c7d00b$17e8d120$9100a8c0@pon.net> References: <000c01c7d00b$17e8d120$9100a8c0@pon.net> Message-ID: <007201c7d0ad$4157ef30$6501a8c0@Gordon> What's the plan? I've set the day aside climb ladders and stuff, is the work day still on? Gordon -----Original Message----- From: nocatnet-bounces at nocat.net [mailto:nocatnet-bounces at nocat.net] On Behalf Of Mark Sent: Thursday, July 26, 2007 10:01 PM To: nocatnet at lists.nocat.net Subject: [NoCatNet] Site Work Day Saturday? Hey, Are you guys still working on Thorn, etc. Saturday? If so, do you still need more bodies? If so, I'm available from reasonably early morning till(?). Let me know. Mark Hawk _______________________________________________ NoCatNet mailing list NoCatNet at nocat.net http://lists.nocat.net/mailman/listinfo/nocatnet