[Server] Mega Aiuto su configurazione Hotspot Server

[zazzazenigata]

Ciao a tutti!

vi sto scrivendo perchè sono un niubbo che ha bisogno di un grosso aiuto... Spiego la mia situazione:
Mi è stato chiesto di creare un server Hotspot per l'autenticazione e il log del traffico, da tenere nel nostro ufficio, da parte di access point remoti (da installare da un nostro cliente).
Sono 3 giorni che navigo in rete per trovare un tutorial decente, funzionante e soprattutto per niubbi. Facendo un riassunto di quello che ho capito leggendo mille post e forum è che mi serve una roba di questo tipo:

-un server  con 2 schede di rete, una per la connettività e una a cui collegare i vari access point (immagino tramite vpn o qualche soluzione simile);
-mysql server per gestire i database delle utenze generate con la registrazione
-freeradius come interfaccia per la gestione delle utenze
-coovachilli con coovaap (per il captive portal)
-apache2 non ho ben capito per cosa ma immagino per far funzionare le cose
- un router con montato CoovaAp (quello l'ho già disponibile e ci ho già installato il firmware CoovaAp)

Da quello che ho detto sopra avrete capito che sono un po a digiuno :-( Dal punto di vista di conoscenze tecniche ci sono abbastanza, sono un sistemista Junior in ambiente windows; ma linux mi sta intrigando non indifferentemente nonostante la sua complessità (parlo sempre da principiante)
Dopo le ore di ricerca la guida che ho trovato più completa è questa:

http://it.fon.wikia.com/wiki/Hotspot

ho tirato su la mia bella macchina fisica ed ho cominciato ad installare, finita tutta l'installazione e seguita la guida passo passo mi sono trovato ad avere phpmyprepaid che mi chiedeva il login per navigare, tutto bene se non fosse che dopo aver creato un voucher le credenziali non venivano accettate...
Allora ho formattato e reinstallato tutto da capo perchè mi ero accorto di aver utilizzato freerdius 2.x e non 1.1.7.
Ora sono arrivato al punto dell'installazione di freeradius, ho scaricato da internet la versione 1.1.7 l'ho installata ed ho cominciato ad installate le librerie una ad una, risultato 4 librerie non sono installabili e mi sono fermato dopo il comando:
dpkg-buildpackage -rfakeroot
che non ha dato esiti positivi.

Ora ho tre domande:
1) mi conviene continuare su questa strada?
2) avete qualche tutorial aggiornato e dettagliato che io non sono riuscito a trovare in internet che fa al caso mio?
3) qualcuno si voi ha voglia e tempo di imbarcarsi nell'impresa di darmi un minimo di supporto per potermi far arrivare al mio scopo?

Se nessuno mi aiuterà non vi biasimo, mi rendo conto che è una richiesta un po assurda la mia ma confido sempre nella buona volontà della gente :-)
Se vi serve qualsiasi informazione sono a vostra totale disposizione (assistenze ai clienti permettendo)
P.S.: Giusto per rendere semplici le cose mi piacerebbe poter creare gli utenti mandando un sms sul telefono del richiedente; tipo lui manda un sms vuuoto ad un numero e gli ritorna un sms con il nome utente e la password (ma questa cosa la guarderò quando funzionerà tutto).


Grazie a tutti dell'attenzione
Ciao
Carlo

[Iron Bishop]

Giusto per aggiungere un po' di confusione, ti consiglio di guardare http://www.pfsense.org/index.php?option ... &Itemid=43 ...contento? :\

[zazzazenigata]

Hihi nelle mie ore di ricerche avevo guardato anche questo! :-) Ma non è proprio niubbo friendly come gestione... Perderei più tempo per capire come settarlo che altro:-)
Comunque grazie per la dritta, indago un po meglio a riguardo!

[zazzazenigata]

Mi sono riguardato meglio pfsense (ho visto anche tutti i video tutorial) ed è veramente una bomba! Mi vengono 3 domande spontanee:
-posso implementare una gestione\creazione automatica degli utenti? Tipo phpmyprepaid (in caso devo avere una seconda macchina con LAMP e phpmyprepayd)?
-posso fare in modo di salvare il log il traffico dei vari utenti?
-posso usare un router con openwrt per fare una vpn con il mio server pfsense?

Comincia a piacermi questa soluzione che avevo scartato in partenza!
Se qualcuno ha qualche consiglio è ben accetto!!

Ciao
Carlo

[Iron Bishop]

1.Da qualche parte c'è anche il modulo per autenticare gli utenti tramite SMS, quindi probabilmente c'è anche la gestione automatica degli utenti.
2. Boh. La data retention non risolve niente, quindi non mi sono mai posto il problema.
3. Sì, certo.

[zazzazenigata]

Non è che saresti così gentile da postare qualche link alle discussioni riguardanti quello che mi hai detto? Mi sa che il mio metodo di ricerca su questo forum non funziona molto :-(

Grazie Ancora!
Zazza

[Iron Bishop]

1. non posso fare di più che fare riferimento alla documentazione ufficiale http://doc.pfsense.org/ ; da una rapida ricerca senza risultati, direi che il modulo SMS di cui mi hanno parlato non arriva da BSD Perimeter LLC ma da qualcun'altro che non ha rilasciato i sorgenti

2. se c'è un proxy ci sono anche dei log...
2a. http://www.dataretentionisnosolution.co ... hp?lang=it
2b. http://werebuild.eu/wiki/index.php?titl ... _in_italia
2c. http://www.inventati.org/it/stuff/netwo ... proxy.html

3. non c'è alcun problema nell'aggiungere un'interfaccia di rete virtuale al server per collegarlo in VPN come client; più complicato, ma va verificato sul campo, può essere usare quell'interfaccia come principale di pfSense; per utilizzare psFense come server VPN, vedi http://doc.pfsense.org/index.php/VPN_Capability_OpenVPN

[zazzazenigata]

Ciao,

grazie per la risposta. Ho provato un po a smanettare con pfsense ma non sono riuscito neanche a capire come fare ad entrare sull'interfaccia grafica dopo l'installazione...
Comunque riprenderò questo discorso più avanti.

ho una domanda da fare, io ho seguito la solita procedura:
http://it.fon.wikia.com/wiki/Hotspot

penso di essere riuscito a fare tutto ma quando restarto il demone di shorewall mi dice:

Codice: Seleziona tutto

root@CoovaServer:~# /etc/init.d/shorewall restart
Restarting "Shorewall firewall": not done (check /var/log/shorewall-init.log).
root@CoovaServer:~# 

il log ho controlato e riporto:

Codice: Seleziona tutto

Compiling...
Processing /etc/shorewall/shorewall.conf...
Feb 17 19:26:29 Processing /etc/shorewall/shorewall.conf...
Loading Modules...
Feb 17 19:26:29 Loading Modules...
Shorewall has detected the following capabilities:
   Address Type Match: Available
   CLASSIFY Target: Available
   CONNMARK Target: Available
   Capability Version: 4.4.8
   Comments: Available
   Connection Tracking Match: Available
   Connlimit Match: Available
   Connmark Match: Available
   Extended CONNMARK Target: Available
   Extended Connection Tracking Match: Available
   Extended Connmark Match: Available
   Extended Mark Target: Available
   Extended Mark Target 2: Available
   Extended Multi-port Match: Available
   Extended Reject: Available
   Flow Classifier: Not Available
   Goto Support: Available
   Hashlimit Match: Available
   Helper Match: Available
   IP Range Match: Available
   IPMARK Target: Not Available
   IPP2P Match: Not Available
   Ipset Match: Not Available
   Kernel Version: 2.6.35
   LOG Target: Available
   LOGMARK Target: Not Available
   MARK Target: Available
   Mangle FORWARD Chain: Available
   Multi-port Match: Available
   NAT: Available
   NFQUEUE Target: Available
   Old Hash Limit Match: Available
   Old IPP2P Match Syntax: Not Available
   Old conntrack match syntax: Not Available
   Owner Match: Available
   Packet Mangling: Available
   Packet Type Match: Available
   Packet length Match: Available
   Persistent SNAT: Available
   Physdev Match: Available
   Physdev-is-bridged support: Available
   Policy Match: Available
   Raw Table: Available
   Realm Match: Available
   Recent Match: Available
   Repeat match: Available
   TCPMSS Match: Available
   TPROXY Target: Available
   Time Match: Available
Compiling /etc/shorewall/zones...
Compiling /etc/shorewall/interfaces...
Feb 17 19:26:29 Compiling /etc/shorewall/zones...
Feb 17 19:26:29 Compiling /etc/shorewall/interfaces...
   Interface "net eth0 detect dhcp,tcpflags,routefilter,nosmurfs,logmartians" Validated
Feb 17 19:26:29    Interface "net eth0 detect dhcp,tcpflags,routefilter,nosmurfs,logmartians" Validated
   Interface "hot tun0 detect dhcp" Validated
Feb 17 19:26:29    Interface "hot tun0 detect dhcp" Validated
   Interface "loc eth1 detect dhcp" Validated
Determining Hosts in Zones...
   fw (firewall)
   net (ipv4)
      eth0:0.0.0.0/0
   hot (ipv4)
      tun0:0.0.0.0/0
   loc (ipv4)
      eth1:0.0.0.0/0
Preprocessing Action Files...
Compiling ...
   Pre-processing /usr/share/shorewall/action.Drop...
    ..Expanding Macro /usr/share/shorewall/macro.Auth...
    ..End Macro /usr/share/shorewall/macro.Auth
    ..Expanding Macro /usr/share/shorewall/macro.AllowICMPs...
    ..End Macro /usr/share/shorewall/macro.AllowICMPs
    ..Expanding Macro /usr/share/shorewall/macro.SMB...
    ..End Macro /usr/share/shorewall/macro.SMB
    ..Expanding Macro /usr/share/shorewall/macro.DropUPnP...
    ..End Macro /usr/share/shorewall/macro.DropUPnP
    ..Expanding Macro /usr/share/shorewall/macro.DropDNSrep...
    ..End Macro /usr/share/shorewall/macro.DropDNSrep
   Pre-processing /usr/share/shorewall/action.Reject...
    ..Expanding Macro /usr/share/shorewall/macro.Auth...
    ..End Macro /usr/share/shorewall/macro.Auth
    ..Expanding Macro /usr/share/shorewall/macro.SMB...
    ..End Macro /usr/share/shorewall/macro.SMB
Compiling /etc/shorewall/policy...
   Policy for hot to net is ACCEPT using chain hot2net
   Policy for hot to fw is ACCEPT using chain hot2fw
   Policy for hot to fw is REJECT using chain hot2all
   Policy for hot to net is REJECT using chain hot2all
   Policy for hot to loc is REJECT using chain hot2all
   Policy for loc to net is ACCEPT using chain loc2net
   Policy for loc to fw is ACCEPT using chain loc2fw
   Policy for loc to fw is REJECT using chain loc2all
   Policy for loc to net is REJECT using chain loc2all
   Policy for loc to hot is REJECT using chain loc2all
   Policy for fw to net is ACCEPT using chain fw2net
   Policy for fw to hot is ACCEPT using chain fw2hot
   Policy for fw to loc is ACCEPT using chain fw2loc
   Policy for net to fw is ACCEPT using chain net2fw
   Policy for net to hot is DROP using chain net2hot
   Policy for net to fw is DROP using chain net2all
   Policy for net to hot is DROP using chain net2all
   Policy for net to loc is DROP using chain net2all
   Policy for fw to net is REJECT using chain all2all
   Policy for fw to hot is REJECT using chain all2all
   Policy for fw to loc is REJECT using chain all2all
   Policy for net to fw is REJECT using chain all2all
   Policy for net to hot is REJECT using chain all2all
   Policy for net to loc is REJECT using chain all2all
   Policy for hot to fw is REJECT using chain all2all
   Policy for hot to net is REJECT using chain all2all
   Policy for hot to loc is REJECT using chain all2all
   Policy for loc to fw is REJECT using chain all2all
   Policy for loc to net is REJECT using chain all2all
   Policy for loc to hot is REJECT using chain all2all
Adding Anti-smurf Rules
Adding rules for DHCP
Compiling TCP Flags filtering...
Compiling Kernel Route Filtering...
Compiling Martian Logging...
Compiling /etc/shorewall/masq...
   WARNING: Using an interface as the masq SOURCE requires the interface to be up and configured when Shorewall starts/restarts : /etc/shorewall/masq (line 3)
Feb 17 19:26:29    Interface "loc eth1 detect dhcp" Validated
Feb 17 19:26:29 Determining Hosts in Zones...
Feb 17 19:26:29    fw (firewall)
Feb 17 19:26:29    net (ipv4)
Feb 17 19:26:29       eth0:0.0.0.0/0
Feb 17 19:26:29    hot (ipv4)
Feb 17 19:26:29       tun0:0.0.0.0/0
Feb 17 19:26:29    loc (ipv4)
Feb 17 19:26:29       eth1:0.0.0.0/0
Feb 17 19:26:29 Preprocessing Action Files...
Feb 17 19:26:29 Compiling ...
Feb 17 19:26:29    Pre-processing /usr/share/shorewall/action.Drop...
Feb 17 19:26:29     ..Expanding Macro /usr/share/shorewall/macro.Auth...
Feb 17 19:26:29     ..End Macro /usr/share/shorewall/macro.Auth
Feb 17 19:26:29     ..Expanding Macro /usr/share/shorewall/macro.AllowICMPs...
Feb 17 19:26:29     ..End Macro /usr/share/shorewall/macro.AllowICMPs
Feb 17 19:26:29     ..Expanding Macro /usr/share/shorewall/macro.SMB...
Feb 17 19:26:29     ..End Macro /usr/share/shorewall/macro.SMB
Feb 17 19:26:29     ..Expanding Macro /usr/share/shorewall/macro.DropUPnP...
Feb 17 19:26:29     ..End Macro /usr/share/shorewall/macro.DropUPnP
Feb 17 19:26:29     ..Expanding Macro /usr/share/shorewall/macro.DropDNSrep...
Feb 17 19:26:29     ..End Macro /usr/share/shorewall/macro.DropDNSrep
Feb 17 19:26:29    Pre-processing /usr/share/shorewall/action.Reject...
Feb 17 19:26:29     ..Expanding Macro /usr/share/shorewall/macro.Auth...
Feb 17 19:26:29     ..End Macro /usr/share/shorewall/macro.Auth
Feb 17 19:26:29     ..Expanding Macro /usr/share/shorewall/macro.SMB...
Feb 17 19:26:29     ..End Macro /usr/share/shorewall/macro.SMB
Feb 17 19:26:29 Compiling /etc/shorewall/policy...
Feb 17 19:26:29    Policy for hot to net is ACCEPT using chain hot2net
Feb 17 19:26:29    Policy for hot to fw is ACCEPT using chain hot2fw
Feb 17 19:26:29    Policy for hot to fw is REJECT using chain hot2all
Feb 17 19:26:29    Policy for hot to net is REJECT using chain hot2all
Feb 17 19:26:29    Policy for hot to loc is REJECT using chain hot2all
Feb 17 19:26:29    Policy for loc to net is ACCEPT using chain loc2net
Feb 17 19:26:29    Policy for loc to fw is ACCEPT using chain loc2fw
Feb 17 19:26:29    Policy for loc to fw is REJECT using chain loc2all
Feb 17 19:26:29    Policy for loc to net is REJECT using chain loc2all
Feb 17 19:26:29    Policy for loc to hot is REJECT using chain loc2all
Feb 17 19:26:29    Policy for fw to net is ACCEPT using chain fw2net
Feb 17 19:26:29    Policy for fw to hot is ACCEPT using chain fw2hot
Feb 17 19:26:29    Policy for fw to loc is ACCEPT using chain fw2loc
Feb 17 19:26:29    Policy for net to fw is ACCEPT using chain net2fw
Feb 17 19:26:29    Policy for net to hot is DROP using chain net2hot
Feb 17 19:26:29    Policy for net to fw is DROP using chain net2all
Feb 17 19:26:29    Policy for net to hot is DROP using chain net2all
Feb 17 19:26:29    Policy for net to loc is DROP using chain net2all
Feb 17 19:26:29    Policy for fw to net is REJECT using chain all2all
Feb 17 19:26:29    Policy for fw to hot is REJECT using chain all2all
Feb 17 19:26:29    Policy for fw to loc is REJECT using chain all2all
Feb 17 19:26:29    Policy for net to fw is REJECT using chain all2all
Feb 17 19:26:29    Policy for net to hot is REJECT using chain all2all
Feb 17 19:26:29    Policy for net to loc is REJECT using chain all2all
Feb 17 19:26:29    Policy for hot to fw is REJECT using chain all2all
Feb 17 19:26:29    Policy for hot to net is REJECT using chain all2all
Feb 17 19:26:29    Policy for hot to loc is REJECT using chain all2all
Feb 17 19:26:29    Policy for loc to fw is REJECT using chain all2all
Feb 17 19:26:29    Policy for loc to net is REJECT using chain all2all
Feb 17 19:26:29    Policy for loc to hot is REJECT using chain all2all
Feb 17 19:26:30 Adding Anti-smurf Rules
Feb 17 19:26:30 Adding rules for DHCP
Feb 17 19:26:30 Compiling TCP Flags filtering...
Feb 17 19:26:30 Compiling Kernel Route Filtering...
Feb 17 19:26:30 Compiling Martian Logging...
Feb 17 19:26:30 Compiling /etc/shorewall/masq...
Feb 17 19:26:30    WARNING: Using an interface as the masq SOURCE requires the interface to be up and configured when Shorew    Masq record "eth0 tun0" Compiled
    Masq record "eth0 eth1" Compiled
Compiling MAC Filtration -- Phase 1...
Compiling /etc/shorewall/rules...
..Expanding Macro /usr/share/shorewall/macro.DNS...
    Rule "PARAM - - udp 53" Compiled
    Rule "PARAM - - tcp 53" Compiled
..End Macro /usr/share/shorewall/macro.DNS
    Rule "DNS/ACCEPT fw net" Compiled
..Expanding Macro /usr/share/shorewall/macro.SSH...
    Rule "PARAM - - tcp 22" Compiled
..End Macro /usr/share/shorewall/macro.SSH
    Rule "SSH/ACCEPT loc fw" Compiled
..Expanding Macro /usr/share/shorewall/macro.Ping...
    Rule "PARAM - - icmp 8" Compiled
..End Macro /usr/share/shorewall/macro.Ping
    Rule "Ping/ACCEPT loc fw" Compiled
..Expanding Macro /usr/share/shorewall/macro.Ping...
    Rule "PARAM - - icmp 8" Compiled
..End Macro /usr/share/shorewall/macro.Ping
    Rule "Ping/DROP net fw" Compiled
    Rule "ACCEPT fw loc icmp" Compiled
    Rule "ACCEPT fw net icmp" Compiled
Generating Transitive Closure of Used-action List...
Processing /usr/share/shorewall/action.Reject for chain Reject...
Compiling ...
..Expanding Macro /usr/share/shorewall/macro.Auth...
..End Macro
..Expanding Macro /usr/share/shorewall/macro.AllowICMPs...
..End Macro
..Expanding Macro /usr/share/shorewall/macro.SMB...
..End Macro
..Expanding Macro /usr/share/shorewall/macro.DropUPnP...
..End Macro
..Expanding Macro /usr/share/shorewall/macro.DropDNSrep...
..End Macro
Processing /usr/share/shorewall/action.Drop for chain Drop...
..Expanding Macro /usr/share/shorewall/macro.Auth...
..End Macro
..Expanding Macro /usr/share/shorewall/macro.AllowICMPs...
..End Macro
..Expanding Macro /usr/share/shorewall/macro.SMB...
..End Macro
..Expanding Macro /usr/share/shorewall/macro.DropUPnP...
..End Macro
..Expanding Macro /usr/share/shorewall/macro.DropDNSrep...
..End Macro
Compiling MAC Filtration -- Phase 2...
Applying Policies...
   Policy ACCEPT from fw to net using chain fw2net
   Policy ACCEPT from fw to hot using chain fw2hot
   Policy ACCEPT from fw to loc using chain fw2loc
   Policy ACCEPT from net to fw using chain net2fw
   Policy DROP from net to hot using chain net2hot
   Policy DROP from net to loc using chain net2loc
   Policy ACCEPT from hot to fw using chain hot2fw
   Policy ACCEPT from hot to net using chain hot2net
   Policy REJECT from hot to loc using chain hot2loc
   Policy ACCEPT from loc to fw using chain loc2fw
   Policy ACCEPT from loc to net using chain loc2net
   Policy REJECT from loc to hot using chain loc2hot
Generating Rule Matrix...
   Chain eth0_out deleted
   Chain eth0_in deleted
   Chain eth0_fwd deleted
   Chain tun0_out deleted
   Chain tun0_in deleted
   Chain eth1_out deleted
   Chain eth1_in deleted
Creating iptables-restore input...
Compiling iptables-restore input for chain mangle:...
Compiling /etc/shorewall/routestopped...
all starts/restarts : /etc/shorewall/masq (line 3)
Feb 17 19:26:30     Masq record "eth0 tun0" Compiled
Feb 17 19:26:30     Masq record "eth0 eth1" Compiled
Feb 17 19:26:30 Compiling MAC Filtration -- Phase 1...
Feb 17 19:26:30 Compiling /etc/shorewall/rules...
Feb 17 19:26:30 ..Expanding Macro /usr/share/shorewall/macro.DNS...
Feb 17 19:26:30     Rule "PARAM - - udp 53" Compiled
Feb 17 19:26:30     Rule "PARAM - - tcp 53" Compiled
Feb 17 19:26:30 ..End Macro /usr/share/shorewall/macro.DNS
Feb 17 19:26:30     Rule "DNS/ACCEPT fw net" Compiled
Feb 17 19:26:30 ..Expanding Macro /usr/share/shorewall/macro.SSH...
Feb 17 19:26:30     Rule "PARAM - - tcp 22" Compiled
Feb 17 19:26:30 ..End Macro /usr/share/shorewall/macro.SSH
Feb 17 19:26:30     Rule "SSH/ACCEPT loc fw" Compiled
Feb 17 19:26:30 ..Expanding Macro /usr/share/shorewall/macro.Ping...
Feb 17 19:26:30     Rule "PARAM - - icmp 8" Compiled
Feb 17 19:26:30 ..End Macro /usr/share/shorewall/macro.Ping
Feb 17 19:26:30     Rule "Ping/ACCEPT loc fw" Compiled
Feb 17 19:26:30 ..Expanding Macro /usr/share/shorewall/macro.Ping...
Feb 17 19:26:30     Rule "PARAM - - icmp 8" Compiled
Feb 17 19:26:30 ..End Macro /usr/share/shorewall/macro.Ping
Feb 17 19:26:30     Rule "Ping/DROP net fw" Compiled
Feb 17 19:26:30     Rule "ACCEPT fw loc icmp" Compiled
Feb 17 19:26:30     Rule "ACCEPT fw net icmp" Compiled
Feb 17 19:26:30 Generating Transitive Closure of Used-action List...
Feb 17 19:26:30 Processing /usr/share/shorewall/action.Reject for chain Reject...
Feb 17 19:26:30 Compiling ...
Feb 17 19:26:30 ..Expanding Macro /usr/share/shorewall/macro.Auth...
Feb 17 19:26:30 ..End Macro
Feb 17 19:26:30 ..Expanding Macro /usr/share/shorewall/macro.AllowICMPs...
Feb 17 19:26:30 ..End Macro
Feb 17 19:26:30 ..Expanding Macro /usr/share/shorewall/macro.SMB...
Feb 17 19:26:30 ..End Macro
Feb 17 19:26:30 ..Expanding Macro /usr/share/shorewall/macro.DropUPnP...
Feb 17 19:26:30 ..End Macro
Feb 17 19:26:30 ..Expanding Macro /usr/share/shorewall/macro.DropDNSrep...
Feb 17 19:26:30 ..End Macro
Feb 17 19:26:30 Processing /usr/share/shorewall/action.Drop for chain Drop...
Feb 17 19:26:30 ..Expanding Macro /usr/share/shorewall/macro.Auth...
Feb 17 19:26:30 ..End Macro
Feb 17 19:26:30 ..Expanding Macro /usr/share/shorewall/macro.AllowICMPs...
Feb 17 19:26:30 ..End Macro
Feb 17 19:26:30 ..Expanding Macro /usr/share/shorewall/macro.SMB...
Feb 17 19:26:30 ..End Macro
Feb 17 19:26:30 ..Expanding Macro /usr/share/shorewall/macro.DropUPnP...
Feb 17 19:26:30 ..End Macro
Feb 17 19:26:30 ..Expanding Macro /usr/share/shorewall/macro.DropDNSrep...
Feb 17 19:26:30 ..End Macro
Feb 17 19:26:30 Compiling MAC Filtration -- Phase 2...
Feb 17 19:26:30 Applying Policies...
Feb 17 19:26:30    Policy ACCEPT from fw to net using chain fw2net
Feb 17 19:26:30    Policy ACCEPT from fw to hot using chain fw2hot
Feb 17 19:26:30    Policy ACCEPT from fw to loc using chain fw2loc
Feb 17 19:26:30    Policy ACCEPT from net to fw using chain net2fw
Feb 17 19:26:30    Policy DROP from net to hot using chain net2hot
Feb 17 19:26:30    Policy DROP from net to loc using chain net2loc
Feb 17 19:26:30    Policy ACCEPT from hot to fw using chain hot2fw
Feb 17 19:26:30    Policy ACCEPT from hot to net using chain hot2net
Feb 17 19:26:30    Policy REJECT from hot to loc using chain hot2loc
Feb 17 19:26:30    Policy ACCEPT from loc to fw using chain loc2fw
Feb 17 19:26:30    Policy ACCEPT from loc to net using chain loc2net
Feb 17 19:26:30    Policy REJECT from loc to hot using chain loc2hot
Feb 17 19:26:30 Generating Rule Matrix...
Feb 17 19:26:30    Chain eth0_out deleted
Feb 17 19:26:30    Chain eth0_in deleted
Feb 17 19:26:30    Chain eth0_fwd deleted
Feb 17 19:26:30    Chain tun0_out deleted
Feb 17 19:26:30    Chain tun0_in deleted
Feb 17 19:26:30    Chain eth1_out deleted
Feb 17 19:26:30    Chain eth1_in deleted
Feb 17 19:26:30 Creating iptables-restore input...
Feb 17 19:26:30 Compiling iptables-restore input for chain mangle:...
Feb 17 19:26:30 Compiling /etc/shorewall/routestopped...
Feb 17 19:26:30    ERROR: Unknown interface (eth2) : /etc/shorewall/routestopped (line 16)
   ERROR: Unknown interface (eth2) : /etc/shorewall/routestopped (line 16)[/quote]

la configurazione del file routestopped è:
[quote]#
# Shorewall version 4.0 - Sample Routestopped File for three-interface configuration.
# Copyright (C) 2006 by the Shorewall Team
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.
#
# See the file README.txt for further details.
#------------------------------------------------------------------------------
# For information about entries in this file, type "man shorewall-routestopped"
##############################################################################
#INTERFACE    HOST(S)
eth1        -
eth2        -

Sapete per caso aiutarmi? se vi serve qualche altra configurazione chiedete pure!
Grazie Mille!
Zazza!

edit dello staff: per l'amor del cielo usiamo i tags code, hai visto quanto è lungo il coso che hai postato?

[Iron Bishop]

L'interfaccia appare in un file di configurazione, ma non è definita in /etc/shorewall/interfaces (fonte: http://www.shorewall.net/3.0/ErrorMessages.html )... quindi: definisci l'interfaccia in quel file.

[zazzazenigata]

Scusa mi sono dimeticato di dire che avevo cercato anche io un po di info ed avevo trovato quell'errore.

ho provato a inserire la riga seguente nel file /etc/shorewall/interfaces:
loc eth2 detect dhcp

ma poi l'errore cambia nel seguente:

Compiling...
Processing /etc/shorewall/shorewall.conf...
Feb 18 14:17:31 Processing /etc/shorewall/shorewall.conf...
Loading Modules...
Feb 18 14:17:31 Loading Modules...
Shorewall has detected the following capabilities:
  Address Type Match: Available
  CLASSIFY Target: Available
  CONNMARK Target: Available
  Capability Version: 4.4.8
  Comments: Available
  Connection Tracking Match: Available
  Connlimit Match: Available
  Connmark Match: Available
  Extended CONNMARK Target: Available
  Extended Connection Tracking Match: Available
  Extended Connmark Match: Available
  Extended Mark Target: Available
  Extended Mark Target 2: Available
  Extended Multi-port Match: Available
  Extended Reject: Available
  Flow Classifier: Not Available
  Goto Support: Available
  Hashlimit Match: Available
  Helper Match: Available
  IP Range Match: Available
  IPMARK Target: Not Available
  IPP2P Match: Not Available
  Ipset Match: Not Available
  Kernel Version: 2.6.35
  LOG Target: Available
  LOGMARK Target: Not Available
  MARK Target: Available
  Mangle FORWARD Chain: Available
  Multi-port Match: Available
  NAT: Available
  NFQUEUE Target: Available
  Old Hash Limit Match: Available
  Old IPP2P Match Syntax: Not Available
  Old conntrack match syntax: Not Available
  Owner Match: Available
  Packet Mangling: Available
  Packet Type Match: Available
  Packet length Match: Available
  Persistent SNAT: Available
  Physdev Match: Available
  Physdev-is-bridged support: Available
  Policy Match: Available
  Raw Table: Available
  Realm Match: Available
  Recent Match: Available
  Repeat match: Available
  TCPMSS Match: Available
  TPROXY Target: Available
  Time Match: Available
Compiling /etc/shorewall/zones...
Compiling /etc/shorewall/interfaces...
Feb 18 14:17:33 Compiling /etc/shorewall/zones...
Feb 18 14:17:33 Compiling /etc/shorewall/interfaces...
  Interface "net eth0 detect dhcp,tcpflags,routefilter,nosmurfs,logmartians" Validated
Feb 18 14:17:34    Interface "net eth0 detect dhcp,tcpflags,routefilter,nosmurfs,logmartians" Validated
  Interface "hot tun0 detect dhcp" Validated
Feb 18 14:17:34    Interface "hot tun0 detect dhcp" Validated
  Interface "loc eth1 detect dhcp" Validated
Feb 18 14:17:34    Interface "loc eth1 detect dhcp" Validated
  Interface "loc eth2 detect dhcp" Validated
Determining Hosts in Zones...
  fw (firewall)
  net (ipv4)
      eth0:0.0.0.0/0
  hot (ipv4)
      tun0:0.0.0.0/0
  loc (ipv4)
      eth1:0.0.0.0/0
      eth2:0.0.0.0/0
Preprocessing Action Files...
Compiling ...
  Pre-processing /usr/share/shorewall/action.Drop...
    ..Expanding Macro /usr/share/shorewall/macro.Auth...
    ..End Macro /usr/share/shorewall/macro.Auth
    ..Expanding Macro /usr/share/shorewall/macro.AllowICMPs...
    ..End Macro /usr/share/shorewall/macro.AllowICMPs
    ..Expanding Macro /usr/share/shorewall/macro.SMB...
    ..End Macro /usr/share/shorewall/macro.SMB
    ..Expanding Macro /usr/share/shorewall/macro.DropUPnP...
    ..End Macro /usr/share/shorewall/macro.DropUPnP
    ..Expanding Macro /usr/share/shorewall/macro.DropDNSrep...
    ..End Macro /usr/share/shorewall/macro.DropDNSrep
  Pre-processing /usr/share/shorewall/action.Reject...
    ..Expanding Macro /usr/share/shorewall/macro.Auth...
    ..End Macro /usr/share/shorewall/macro.Auth
    ..Expanding Macro /usr/share/shorewall/macro.SMB...
    ..End Macro /usr/share/shorewall/macro.SMB
Compiling /etc/shorewall/policy...
  Policy for hot to net is ACCEPT using chain hot2net
  Policy for hot to fw is ACCEPT using chain hot2fw
  Policy for hot to fw is REJECT using chain hot2all
  Policy for hot to net is REJECT using chain hot2all
  Policy for hot to loc is REJECT using chain hot2all
  Policy for loc to net is ACCEPT using chain loc2net
  Policy for loc to fw is ACCEPT using chain loc2fw
  Policy for loc to fw is REJECT using chain loc2all
  Policy for loc to net is REJECT using chain loc2all
  Policy for loc to hot is REJECT using chain loc2all
  Policy for fw to net is ACCEPT using chain fw2net
  Policy for fw to hot is ACCEPT using chain fw2hot
  Policy for fw to loc is ACCEPT using chain fw2loc
  Policy for net to fw is ACCEPT using chain net2fw
  Policy for net to hot is DROP using chain net2hot
  Policy for net to fw is DROP using chain net2all
  Policy for net to hot is DROP using chain net2all
  Policy for net to loc is DROP using chain net2all
  Policy for fw to net is REJECT using chain all2all
  Policy for fw to hot is REJECT using chain all2all
  Policy for fw to loc is REJECT using chain all2all
  Policy for net to fw is REJECT using chain all2all
  Policy for net to hot is REJECT using chain all2all
  Policy for net to loc is REJECT using chain all2all
  Policy for hot to fw is REJECT using chain all2all
  Policy for hot to net is REJECT using chain all2all
  Policy for hot to loc is REJECT using chain all2all
  Policy for loc to fw is REJECT using chain all2all
  Policy for loc to net is REJECT using chain all2all
  Policy for loc to hot is REJECT using chain all2all
Adding Anti-smurf Rules
Adding rules for DHCP
Compiling TCP Flags filtering...
Compiling Kernel Route Filtering...
Compiling Martian Logging...
Compiling /etc/shorewall/masq...
  WARNING: Using an interface as the masq SOURCE requires the interface to be up and configured when Shorewall starts/restarts : /etc/shorewall/masq (line 3)
Feb 18 14:17:34    Interface "loc eth2 detect dhcp" Validated
Feb 18 14:17:34 Determining Hosts in Zones...
Feb 18 14:17:34    fw (firewall)
Feb 18 14:17:34    net (ipv4)
Feb 18 14:17:34      eth0:0.0.0.0/0
Feb 18 14:17:34    hot (ipv4)
Feb 18 14:17:34      tun0:0.0.0.0/0
Feb 18 14:17:34    loc (ipv4)
Feb 18 14:17:34      eth1:0.0.0.0/0
Feb 18 14:17:34      eth2:0.0.0.0/0
Feb 18 14:17:34 Preprocessing Action Files...
Feb 18 14:17:34 Compiling ...
Feb 18 14:17:34    Pre-processing /usr/share/shorewall/action.Drop...
Feb 18 14:17:34    ..Expanding Macro /usr/share/shorewall/macro.Auth...
Feb 18 14:17:34    ..End Macro /usr/share/shorewall/macro.Auth
Feb 18 14:17:34    ..Expanding Macro /usr/share/shorewall/macro.AllowICMPs...
Feb 18 14:17:34    ..End Macro /usr/share/shorewall/macro.AllowICMPs
Feb 18 14:17:34    ..Expanding Macro /usr/share/shorewall/macro.SMB...
Feb 18 14:17:34    ..End Macro /usr/share/shorewall/macro.SMB
Feb 18 14:17:34    ..Expanding Macro /usr/share/shorewall/macro.DropUPnP...
Feb 18 14:17:34    ..End Macro /usr/share/shorewall/macro.DropUPnP
Feb 18 14:17:34    ..Expanding Macro /usr/share/shorewall/macro.DropDNSrep...
Feb 18 14:17:34    ..End Macro /usr/share/shorewall/macro.DropDNSrep
Feb 18 14:17:34    Pre-processing /usr/share/shorewall/action.Reject...
Feb 18 14:17:34    ..Expanding Macro /usr/share/shorewall/macro.Auth...
Feb 18 14:17:34    ..End Macro /usr/share/shorewall/macro.Auth
Feb 18 14:17:34    ..Expanding Macro /usr/share/shorewall/macro.SMB...
Feb 18 14:17:34    ..End Macro /usr/share/shorewall/macro.SMB
Feb 18 14:17:34 Compiling /etc/shorewall/policy...
Feb 18 14:17:34    Policy for hot to net is ACCEPT using chain hot2net
Feb 18 14:17:34    Policy for hot to fw is ACCEPT using chain hot2fw
Feb 18 14:17:34    Policy for hot to fw is REJECT using chain hot2all
Feb 18 14:17:34    Policy for hot to net is REJECT using chain hot2all
Feb 18 14:17:34    Policy for hot to loc is REJECT using chain hot2all
Feb 18 14:17:34    Policy for loc to net is ACCEPT using chain loc2net
Feb 18 14:17:34    Policy for loc to fw is ACCEPT using chain loc2fw
Feb 18 14:17:34    Policy for loc to fw is REJECT using chain loc2all
Feb 18 14:17:34    Policy for loc to net is REJECT using chain loc2all
Feb 18 14:17:34    Policy for loc to hot is REJECT using chain loc2all
Feb 18 14:17:34    Policy for fw to net is ACCEPT using chain fw2net
Feb 18 14:17:34    Policy for fw to hot is ACCEPT using chain fw2hot
Feb 18 14:17:34    Policy for fw to loc is ACCEPT using chain fw2loc
Feb 18 14:17:34    Policy for net to fw is ACCEPT using chain net2fw
Feb 18 14:17:34    Policy for net to hot is DROP using chain net2hot
Feb 18 14:17:34    Policy for net to fw is DROP using chain net2all
Feb 18 14:17:34    Policy for net to hot is DROP using chain net2all
Feb 18 14:17:34    Policy for net to loc is DROP using chain net2all
Feb 18 14:17:34    Policy for fw to net is REJECT using chain all2all
Feb 18 14:17:34    Policy for fw to hot is REJECT using chain all2all
Feb 18 14:17:34    Policy for fw to loc is REJECT using chain all2all
Feb 18 14:17:34    Policy for net to fw is REJECT using chain all2all
Feb 18 14:17:34    Policy for net to hot is REJECT using chain all2all
Feb 18 14:17:34    Policy for net to loc is REJECT using chain all2all
Feb 18 14:17:34    Policy for hot to fw is REJECT using chain all2all
Feb 18 14:17:34    Policy for hot to net is REJECT using chain all2all
Feb 18 14:17:34    Policy for hot to loc is REJECT using chain all2all
Feb 18 14:17:34    Policy for loc to fw is REJECT using chain all2all
Feb 18 14:17:34    Policy for loc to net is REJECT using chain all2all
Feb 18 14:17:34    Policy for loc to hot is REJECT using chain all2all
Feb 18 14:17:34 Adding Anti-smurf Rules
Feb 18 14:17:34 Adding rules for DHCP
Feb 18 14:17:34 Compiling TCP Flags filtering...
Feb 18 14:17:34 Compiling Kernel Route Filtering...
Feb 18 14:17:34 Compiling Martian Logging...
Feb 18 14:17:34 Compiling /etc/shorewall/masq...
Feb 18 14:17:34    WARNING: Using an interface as the masq SOURCE requires the interface to be up and configured when Shorewall starts/restarts : /etc/shorewall/masq (line 3)
Feb 18 14:17:34    Masq record "eth0 tun0" Compiled
Feb 18 14:17:34    Masq record "eth0 eth1" Compiled
Feb 18 14:17:34 Compiling MAC Filtration -- Phase 1...
Feb 18 14:17:34 Compiling /etc/shorewall/rules...
Feb 18 14:17:34 ..Expanding Macro /usr/share/shorewall/macro.DNS...
Feb 18 14:17:34    Rule "PARAM - - udp 53" Compiled
Feb 18 14:17:34    Rule "PARAM - - tcp 53" Compiled
Feb 18 14:17:34 ..End Macro /usr/share/shorewall/macro.DNS
Feb 18 14:17:34    Rule "DNS/ACCEPT fw net" Compiled
Feb 18 14:17:34 ..Expanding Macro /usr/share/shorewall/macro.SSH...
Feb 18 14:17:34    Rule "PARAM - - tcp 22" Compiled
Feb 18 14:17:34 ..End Macro /usr/share/shorewall/macro.SSH
Feb 18 14:17:34    Rule "SSH/ACCEPT loc fw" Compiled
Feb 18 14:17:34 ..Expanding Macro /usr/share/shorewall/macro.Ping...
Feb 18 14:17:34    Rule "PARAM - - icmp 8" Compiled
Feb 18 14:17:34 ..End Macro /usr/share/shorewall/macro.Ping
Feb 18 14:17:34    Rule "Ping/ACCEPT loc fw" Compiled
Feb 18 14:17:34 ..Expanding Macro /usr/share/shorewall/macro.Ping...
Feb 18 14:17:34    Rule "PARAM - - icmp 8" Compiled
Feb 18 14:17:34 ..End Macro /usr/share/shorewall/macro.Ping
Feb 18 14:17:34    Rule "Ping/DROP net fw" Compiled
Feb 18 14:17:34    Rule "ACCEPT fw loc icmp" Compiled
Feb 18 14:17:34    Rule "ACCEPT fw net icmp" Compiled
Feb 18 14:17:34 Generating Transitive Closure of Used-action List...
Feb 18 14:17:34 Processing /usr/share/shorewall/action.Reject for chain Reject...
Feb 18 14:17:34 Compiling ...
Feb 18 14:17:34 ..Expanding Macro /usr/share/shorewall/macro.Auth...
Feb 18 14:17:34 ..End Macro
Feb 18 14:17:34 ..Expanding Macro /usr/share/shorewall/macro.AllowICMPs...
Feb 18 14:17:34 ..End Macro
Feb 18 14:17:34 ..Expanding Macro /usr/share/shorewall/macro.SMB...
Feb 18 14:17:34 ..End Macro
Feb 18 14:17:34 ..Expanding Macro /usr/share/shorewall/macro.DropUPnP...
Feb 18 14:17:34 ..End Macro
Feb 18 14:17:34 ..Expanding Macro /usr/share/shorewall/macro.DropDNSrep...
Feb 18 14:17:34 ..End Macro
Feb 18 14:17:34 Processing /usr/share/shorewall/action.Drop for chain Drop...
Feb 18 14:17:34 ..Expanding Macro /usr/share/shorewall/macro.Auth...
Feb 18 14:17:34 ..End Macro
Feb 18 14:17:34 ..Expanding Macro /usr/share/shorewall/macro.AllowICMPs...
Feb 18 14:17:34 ..End Macro
Feb 18 14:17:34 ..Expanding Macro /usr/share/shorewall/macro.SMB...
Feb 18 14:17:34 ..End Macro
Feb 18 14:17:34 ..Expanding Macro /usr/share/shorewall/macro.DropUPnP...
Feb 18 14:17:34 ..End Macro
Feb 18 14:17:34 ..Expanding Macro /usr/share/shorewall/macro.DropDNSrep...
Feb 18 14:17:34 ..End Macro
Feb 18 14:17:34 Compiling MAC Filtration -- Phase 2...
Feb 18 14:17:34 Applying Policies...
Feb 18 14:17:34    Policy ACCEPT from fw to net using chain fw2net
Feb 18 14:17:34    Policy ACCEPT from fw to hot using chain fw2hot
Feb 18 14:17:34    Policy ACCEPT from fw to loc using chain fw2loc
Feb 18 14:17:34    Policy ACCEPT from net to fw using chain net2fw
Feb 18 14:17:34    Policy DROP from net to hot using chain net2hot
Feb 18 14:17:34    Policy DROP from net to loc using chain net2loc
Feb 18 14:17:34    Policy ACCEPT from hot to fw using chain hot2fw
Feb 18 14:17:34    Policy ACCEPT from hot to net using chain hot2net
Feb 18 14:17:34    Policy REJECT from hot to loc using chain hot2loc
Feb 18 14:17:34    Policy ACCEPT from loc to fw using chain loc2fw
Feb 18 14:17:34    Policy ACCEPT from loc to net using chain loc2net
Feb 18 14:17:34    Policy REJECT from loc to hot using chain loc2hot
Feb 18 14:17:34 Generating Rule Matrix...
Feb 18 14:17:34    Chain eth0_out deleted
Feb 18 14:17:34    Chain eth0_in deleted
Feb 18 14:17:34    Chain eth0_fwd deleted
Feb 18 14:17:34    Chain tun0_out deleted
Feb 18 14:17:34    Chain tun0_in deleted
Feb 18 14:17:34    Chain eth1_out deleted
Feb 18 14:17:34    Chain eth2_out deleted
Feb 18 14:17:34 Creating iptables-restore input...
Feb 18 14:17:34 Compiling iptables-restore input for chain mangle:...
Feb 18 14:17:34 Compiling /etc/shorewall/routestopped...
Feb 18 14:17:34 Shorewall configuration compiled to /var/lib/shorewall/.restart
    Masq record "eth0 tun0" Compiled
    Masq record "eth0 eth1" Compiled
Compiling MAC Filtration -- Phase 1...
Compiling /etc/shorewall/rules...
..Expanding Macro /usr/share/shorewall/macro.DNS...
    Rule "PARAM - - udp 53" Compiled
    Rule "PARAM - - tcp 53" Compiled
..End Macro /usr/share/shorewall/macro.DNS
    Rule "DNS/ACCEPT fw net" Compiled
..Expanding Macro /usr/share/shorewall/macro.SSH...
    Rule "PARAM - - tcp 22" Compiled
..End Macro /usr/share/shorewall/macro.SSH
    Rule "SSH/ACCEPT loc fw" Compiled
..Expanding Macro /usr/share/shorewall/macro.Ping...
    Rule "PARAM - - icmp 8" Compiled
..End Macro /usr/share/shorewall/macro.Ping
    Rule "Ping/ACCEPT loc fw" Compiled
..Expanding Macro /usr/share/shorewall/macro.Ping...
    Rule "PARAM - - icmp 8" Compiled
..End Macro /usr/share/shorewall/macro.Ping
    Rule "Ping/DROP net fw" Compiled
    Rule "ACCEPT fw loc icmp" Compiled
    Rule "ACCEPT fw net icmp" Compiled
Generating Transitive Closure of Used-action List...
Processing /usr/share/shorewall/action.Reject for chain Reject...
Compiling ...
..Expanding Macro /usr/share/shorewall/macro.Auth...
..End Macro
..Expanding Macro /usr/share/shorewall/macro.AllowICMPs...
..End Macro
..Expanding Macro /usr/share/shorewall/macro.SMB...
..End Macro
..Expanding Macro /usr/share/shorewall/macro.DropUPnP...
..End Macro
..Expanding Macro /usr/share/shorewall/macro.DropDNSrep...
..End Macro
Processing /usr/share/shorewall/action.Drop for chain Drop...
..Expanding Macro /usr/share/shorewall/macro.Auth...
..End Macro
..Expanding Macro /usr/share/shorewall/macro.AllowICMPs...
..End Macro
..Expanding Macro /usr/share/shorewall/macro.SMB...
..End Macro
..Expanding Macro /usr/share/shorewall/macro.DropUPnP...
..End Macro
..Expanding Macro /usr/share/shorewall/macro.DropDNSrep...
..End Macro
Compiling MAC Filtration -- Phase 2...
Applying Policies...
  Policy ACCEPT from fw to net using chain fw2net
  Policy ACCEPT from fw to hot using chain fw2hot
  Policy ACCEPT from fw to loc using chain fw2loc
  Policy ACCEPT from net to fw using chain net2fw
  Policy DROP from net to hot using chain net2hot
  Policy DROP from net to loc using chain net2loc
  Policy ACCEPT from hot to fw using chain hot2fw
  Policy ACCEPT from hot to net using chain hot2net
  Policy REJECT from hot to loc using chain hot2loc
  Policy ACCEPT from loc to fw using chain loc2fw
  Policy ACCEPT from loc to net using chain loc2net
  Policy REJECT from loc to hot using chain loc2hot
Generating Rule Matrix...
  Chain eth0_out deleted
  Chain eth0_in deleted
  Chain eth0_fwd deleted
  Chain tun0_out deleted
  Chain tun0_in deleted
  Chain eth1_out deleted
  Chain eth2_out deleted
Creating iptables-restore input...
Compiling iptables-restore input for chain mangle:...
Compiling /etc/shorewall/routestopped...
Shorewall configuration compiled to /var/lib/shorewall/.restart
  Shorewall is not running
Starting Shorewall....
feb 18 14:17:34 Starting Shorewall....
  ERROR: Unable to determine the routes through interface "eth1": Firewall state not changed
feb 18 14:17:35  ERROR: Unable to determine the routes through interface "eth1"
feb 18 14:17:35  ERROR:Shorewall start failed:Firewall state not changed
Terminated

Non è che sbaglio a definire l'interfaccia per caso?

Non so come ringraziarti per il supporto che mi stai dando, per me è importantissimo! GRAZIE!

Ciao
Zazza

[Iron Bishop]

Il file /etc/shorewall/masq è sbagliato, oppure l'interfaccia di rete eth2 non è attiva quando fai partire il friewall. Posta /etc/shorewall/masq e il risultato dei comandi `ifconfig` e `route -n`.

PS: lo staff ti ha invitato a usare [ code ] al posto di [ quote ] nei tuoi messaggi.

[zazzazenigata]

masq

Codice: Seleziona tutto

###############################################################################
#INTERFACE              SOURCE          ADDRESS         PROTO   PORT(S) IPSEC   MARK
eth0                    tun0
eth0                    eth1
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE

ifconfig:

Codice: Seleziona tutto

root@CoovaServer:~# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:08:a1:86:cf:68  
          indirizzo inet:192.168.1.2  Bcast:192.168.1.255  Maschera:255.255.255.0
          indirizzo inet6: fe80::208:a1ff:fe86:cf68/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:17290 errors:0 dropped:0 overruns:0 frame:0
          TX packets:14914 errors:0 dropped:0 overruns:0 carrier:0
          collisioni:0 txqueuelen:1000 
          Byte RX:12297545 (12.2 MB)  Byte TX:2576644 (2.5 MB)
          Interrupt:18 Indirizzo base:0x9400 

eth1      Link encap:Ethernet  HWaddr 00:90:27:cc:cc:5e  
          indirizzo inet:192.168.0.1  Bcast:192.168.0.255  Maschera:255.255.255.0
          indirizzo inet6: fe80::290:27ff:fecc:cc5e/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:4329 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4618 errors:0 dropped:0 overruns:0 carrier:0
          collisioni:0 txqueuelen:1000 
          Byte RX:836527 (836.5 KB)  Byte TX:4617282 (4.6 MB)

eth2      Link encap:Ethernet  HWaddr 00:50:8d:54:8e:8c  
          indirizzo inet6: fe80::250:8dff:fe54:8e8c/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:3688 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3463 errors:0 dropped:0 overruns:0 carrier:0
          collisioni:0 txqueuelen:1000 
          Byte RX:417368 (417.3 KB)  Byte TX:969179 (969.1 KB)
          Interrupt:23 Indirizzo base:0x8000 

lo        Link encap:Loopback locale  
          indirizzo inet:127.0.0.1  Maschera:255.0.0.0
          indirizzo inet6: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:2007 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2007 errors:0 dropped:0 overruns:0 carrier:0
          collisioni:0 txqueuelen:0 
          Byte RX:435634 (435.6 KB)  Byte TX:435634 (435.6 KB)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          indirizzo inet:192.168.182.1  P-t-P:192.168.182.1  Maschera:255.255.255.0
          UP POINTOPOINT RUNNING  MTU:1500  Metric:1
          RX packets:2948 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2977 errors:0 dropped:0 overruns:0 carrier:0
          collisioni:0 txqueuelen:100 
          Byte RX:312221 (312.2 KB)  Byte TX:894070 (894.0 KB)

Route -n

Codice: Seleziona tutto

root@CoovaServer:~# route -n
Tabella di routing IP del kernel
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.182.0   0.0.0.0         255.255.255.0   U     0      0        0 tun0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
169.254.0.0     0.0.0.0         255.255.0.0     U     1000   0        0 eth0
0.0.0.0         192.168.1.1     0.0.0.0         UG    100    0        0 eth0
root@CoovaServer:~# 

adeso ho cambiato la riga che avevo aggiunto da "loc" a "hot" e sharewall restarta senza dare errori.
Ho provato a collegare il portatile al posto dell'access point, mi rilascia questa configurazione ip:
Ip  192.168.182.2
Sub 255.255.255.0
gw 192.168.182.1
dns 192.168.182.1

faccio per navigare e mi appare la schermata del cptive portal dove mi chiede password e utente, glieli metto e mi dice che il login è fallito. Analizzando la cosa con fiddler (http traffic analizer) vedo che il gateway va in timeout... Non riesco a capire dove sbaglio o meglio perchè non risponde il server e fa andare in timeout il client...
Secondo me c'è qualcosa che non va tra phpmyprepaid e il freeradius...
C'è un modo per controllare se il freeradius sta funzionando correttamente?

P.s.: ora utilizzerò il tag code :-)

Grazie
Zazza

[Iron Bishop]

È attivo l'IP forwarding?

Codice: Seleziona tutto

cat /proc/sys/net/ipv4/ip_forward