Mon la'Blog'atoire

RPM for pyctd and pyctd-php are now availables in my repository for :

• Fedora 7 & Fedora 8
• RHEL 5/CentOS 5

As pyctd needs kernel 2.6.14+ (libnetfiler_conntrack), it can't be used on previous RHEL/CentOS (although you could install pyctd-php for remote monitoring. This is the reason there is no RPM dependency between pyctd and pyctd-php).

Others packages were added in repository for dependencies :

• pynetfilter_conntrack

On RHEL/CentOS, you should also need packages from others repositories :

• libnetfilter_conntrack from RPMForge
• python-ctypes from EPEL
• python-IPy from EPEL

After install, pyctd daemon is registered as a service, but not started. It can be start with :

service pyctd start

(see /etc/sysconfig/pyctd for options)

pyctd-php is then available from this URL from localhost only :

http://localhost/conntrack/

(see /etc/pyctd-php/config.php and /etc/httpd/conf.d/pyctd-php.conf)

Note : If you use SElinux, you should set this boolean, as pyctd-php attempt to connect to remote tcp port

setsebool -P httpd_can_network_connect=1

to prevent this error :

XML-RPC Fault login() #5: Connect error: Permission denied (13)

You can alternativly permit apache to connect to 1910/tcp :

edit /etc/selinux/targeted/modules/active/ports.local and add this line

 portcon tcp 1910 system_u:object_r:http_port_t:s0

or use system-config-selinux

Thanks to authors from INL

Instructions to add my repository are here

Here is my new YUM repository for Fedora/Redhat/Centos with some software i use

This repository is a little one, but should increase with time

For now, packages availables are :

• kissdx : kissdx is a PC-Link clone for KiSS media players
• perdition : a POP3/IMAP4 proxy

This repository can be easily installed with one of these RPM :

Fedora 7

http://repo.licour.com/fc7/i386/RPM/llicour-release-0-1.fc7.noarch.rpm

Fedora 8

http://repo.licour.com/fc8/i386/RPM/llicour-release-0-1.fc8.noarch.rpm

CentOS 3 / RehHat 3

http://repo.licour.com/centos3/i386/RPM/llicour-release-0-1.centos3.noarch.rpm

CentOS 4 / RehHat 4

http://repo.licour.com/centos4/i386/RPM/llicour-release-0-1.centos4.noarch.rpm

CentOS 5 / RehHat 5

http://repo.licour.com/centos5/i386/RPM/llicour-release-0-1.centos5.noarch.rpm

Otherwise, YUM configuration should be the following

Fedora

[llicour]
name=Les RPM de llicour pour Fedora $releasever - $basearch
baseurl=http://repo.licour.com/fc$releasever/$basearch/RPM/
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-llicour

CentOS / RehHat

[llicour]
name=Les RPM de llicour pour CentOS / RedHat $releasever - $basearch
baseurl=http://repo.licour.com/centos$releasever/$basearch/RPM/
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-llicour

Note : RPMs are signed with my GPG key. Fingerprint is :

9388 8882 C496 EA41 B2BF  9EE0 D741 3186 F047 B8FF

Note 2: Packages are build using mock

Note 3: This repository is disabled by default

Note 4: This repository is compatible with EPEL and DAG

(version française)

I succeded to connect a Nintendo DS through a FON Wifi connection, based on creating a MAC based's authorisation mecanism. Adding MAC address in a local MAC database let any equipement (DS, PC, PDA...) to connect through FON connection without the portal based's standard authentication mecanism. If the MAC is not in the database, standard authentication (portal based) will be there.

Please note that these modifications create a hole in the router, that can be exploit by spoofing... (however, FON use *un*encrypted communications...)

My FON router is a WRT54g with firmware FON Beta 0.6.6 and this howto is based on this hardware. Test have not been made on La Fonera , but it could work (based on firmware openWRT)

CAUTION : I discourage you to follow this Howto if you don't know what openWRT is and if you have any idea how to repair your rpouter if something goes wrong...

First, material for this operation is available here : http://www.licour.com/blogfiles/fon_mac.tgz.

You'll have to install freeradius on your router, as well as modify chillispot configuration. Here are the operations :

• set write mode on /etc/ipkg.conf

cp -f /rom/etc/ipkg.conf /etc/ipkg.conf

• Add the following ipkg source (openwrt one) :

/etc/ipkg.conf
...
src openwrt http://downloads.openwrt.org/whiterussian/packages/
...

• Install freeradius packages :

# ipkg update
# ipkg install freeradius
Installing freeradius (1.0.5-1) to root...
Downloading http://downloads.openwrt.org/whiterussian/packages//freeradius_1.0.5-1_mipsel.ipk
Installing libltdl (1.5.14-1) to root...
Downloading http://downloads.openwrt.org/whiterussian/packages//libltdl_1.5.14-1_mipsel.ipk
Installing libopenssl (0.9.8d-1) to root...
Downloading http://downloads.openwrt.org/whiterussian/packages//libopenssl_0.9.8d-1_mipsel.ipk
Installing libpthread (0.9.27-1) to root...
Downloading http://downloads.openwrt.org/whiterussian/packages//libpthread_0.9.27-1_mipsel.ipk
Configuring freeradius
Configuring libltdl
Configuring libopenssl
Configuring libpthread
Successfully terminated.

# ipkg install freeradius-mod-files
Installing freeradius-mod-files (1.0.5-1) to root...
Downloading http://downloads.openwrt.org/whiterussian/packages//freeradius-mod-files_1.0.5-1_mipsel.ipk
Configuring freeradius-mod-files
Successfully terminated.

# ipkg install freeradius-mod-realm
Installing freeradius-mod-realm (1.0.5-1) to root...
Downloading http://downloads.openwrt.org/whiterussian/packages//freeradius-mod-realm_1.0.5-1_mipsel.ipk
Configuring freeradius-mod-realm
Successfully terminated.

Other packages will be install during these operations. Here are the packages that were installed on my router

- libpthread_0.9.27-1_mipsel.ipk
- libltdl_1.5.14-1_mipsel.ipk
- libopenssl_0.9.8d-1_mipsel.ipk
- freeradius_1.0.5-1_mipsel.ipk
- freeradius-mod-files_1.0.5-1_mipsel.ipk
- freeradius-mod-realm_1.0.5-1_mipsel.ipk

Caution : Adding these packages consume large storage space (~ 800Ko), and perhaps you'll have to free some space if you have already installed other packages.

• install materials

To simplify, i created an archive with all configurations files : http://www.licour.com/blogfiles/fon_mac.tgz.

# cd /tmp
# wget http://www.licour.com/blogfiles/fon_mac.tgz
# tar xzf fon_mac.tgz
# cd fon_mac
# cp -a MAC /jffs

There is now a script and confi files inside the directory /jffs/MAC

• Freeradius configuration

# cp freeradius/* /etc/freeradius/
# ln -s /etc/init.d/radiusd /etc/init.d/S60freeradius

This install freeradius config files. Freeradius will now be start on boot

• Chillispot configuration

This will modify chillispot's startup script to use specific options

# rm /etc/init.d/chillispot
# cp chillispot /etc/init.d/chillispot

• Manage allowed MAC address :

You'll have to complete this file with your MAC addresses :

/jffs/MAC/fon_allowed_mac.lst
# This file store all MAC address that must be trusted by FON router
# Format : one MAC address per line, no space before, no space after
#  MAC address format : XX-XX-XX-XX-XX-XX
#
# Don't forget to execute this script after each change in this file :
#  /jffs/MAC/fon_update_mac.sh

# This is a test's MAC address. Please uncomment and change it
#00-01-02-03-04-05

After each modification, this script have to be launch :

# /jffs/MAC/fon_update_mac.sh
Process MAC : XX-XX-XX-XX-XX-XX
updated /etc/freeradius/users
updated /jffs/MAC/fon_chillispot.sed
restarting chillispot
A reboot could help you...

• Reboot the router

# reboot

enjoy...