Re: [Dorset] Setting up a URL Filter and Cascading Routers
On Friday, 15 June 2018 12:44:14 BST Ralph Corderoy wrote: > Right. Terry, I think you have > > Visitors — Pi — ISP-router — Internet That's it exactly. > since you said the Pi has two Ethernet interfaces. nodogsplash is > `listening' on the Pi's left side to decide what to do with incoming > packets from Visitors. It is the `Gateway' from the Visitors' > perspective. > > Its `GatewayInterface' parameter must be set by you and is an interface > name, e.g. one of those output by `ip a'. The `GatewayAddress' > parameter you point out says `Default: Discovered from GatewayInterface' > so there should be no need to explicitly set it. > > I think nodogsplash does all its work with iptables(8), and these can be > listed once nodog' has done its work if you want to understand what it's > done, and to do the same rules yourself so nodog' isn't required. Thanks for that. -- Terry Coles -- Next meeting: Bournemouth, Tuesday, 2018-07-03 20:00 Meets, Mailing list, IRC, LinkedIn, ... http://dorset.lug.org.uk/ New thread: mailto:dorset@mailman.lug.org.uk / CHECK IF YOU'RE REPLYING Reporting bugs well: http://goo.gl/4Xue / TO THE LIST OR THE AUTHOR
Re: [Dorset] Setting up a URL Filter and Cascading Routers
Right. Terry, I think you have Visitors — Pi — ISP-router — Internet since you said the Pi has two Ethernet interfaces. nodogsplash is `listening' on the Pi's left side to decide what to do with incoming packets from Visitors. It is the `Gateway' from the Visitors' perspective. Its `GatewayInterface' parameter must be set by you and is an interface name, e.g. one of those output by `ip a'. The `GatewayAddress' parameter you point out says `Default: Discovered from GatewayInterface' so there should be no need to explicitly set it. I think nodogsplash does all its work with iptables(8), and these can be listed once nodog' has done its work if you want to understand what it's done, and to do the same rules yourself so nodog' isn't required. Cheers, Ralph. Just seen all this and wonder whether IPCop might be a solution, if it is still available. It could separate the visitors from the rest of the network. Who knows, it might even run on a Pi, though I think you are looking at three Ethernet ports with this as a solution. Peter M. -- Next meeting: Bournemouth, Tuesday, 2018-07-03 20:00 Meets, Mailing list, IRC, LinkedIn, ... http://dorset.lug.org.uk/ New thread: mailto:dorset@mailman.lug.org.uk / CHECK IF YOU'RE REPLYING Reporting bugs well: http://goo.gl/4Xue / TO THE LIST OR THE AUTHOR
Re: [Dorset] Setting up a URL Filter and Cascading Routers
Hi Patrick, > > # Set GatewayAddress to the IP address of the router on > > # the GatewayInterface. This is the address that the Nodogsplash > > # server listens on. > > # > > # GatewayAddress 192.168.1.1 > > > > I assumed that this was referring to the IP address of the Internet > > side of the Pi, but see now that they are probably referring to the > > IP Address of the router. > > No. In your case, it refers to the "internal" IP address of the Pi in > its role as a router. That is to say, the IP address of the LAN-side > interface of the Pi. Right. Terry, I think you have Visitors — Pi — ISP-router — Internet since you said the Pi has two Ethernet interfaces. nodogsplash is `listening' on the Pi's left side to decide what to do with incoming packets from Visitors. It is the `Gateway' from the Visitors' perspective. Its `GatewayInterface' parameter must be set by you and is an interface name, e.g. one of those output by `ip a'. The `GatewayAddress' parameter you point out says `Default: Discovered from GatewayInterface' so there should be no need to explicitly set it. I think nodogsplash does all its work with iptables(8), and these can be listed once nodog' has done its work if you want to understand what it's done, and to do the same rules yourself so nodog' isn't required. Cheers, Ralph. -- Next meeting: Bournemouth, Tuesday, 2018-07-03 20:00 Meets, Mailing list, IRC, LinkedIn, ... http://dorset.lug.org.uk/ New thread: mailto:dorset@mailman.lug.org.uk / CHECK IF YOU'RE REPLYING Reporting bugs well: http://goo.gl/4Xue / TO THE LIST OR THE AUTHOR
Re: [Dorset] Setting up a URL Filter and Cascading Routers
On Friday, 15 June 2018 12:16:32 BST Patrick Wigmore wrote: > On Fri, 15 Jun 2018 11:58:42 +0100, Terry Coles wrote: > > I assumed that this was referring to the IP address of the Internet > > side of the Pi, but see now that they are probably referring to the > > IP Address of the router. > > No. In your case, it refers to the "internal" IP address of the Pi in > its role as a router. That is to say, the IP address of the LAN-side > interface of the Pi. I suppose this might be the IP address that you > are serving your local website on. Ah. No problem there then. > It should be the same address that already appears as the gateway > address on DHCP clients of the Pi (people's phones). (Assuming DHCP > has been configured to specify a gateway address.) Yes. It has. DHCP is being provided by the WiFi Antenna. > You also have to specify the interface name (e.g. eth1), so I suppose > the IP address could be autodetected from that, which might be a more > robust configuration in case the address ever needs to be changed. eth0 in this case. eth1 is the interface to the ISP supplied Router. > On an OpenWRT system, the gateway interface would typically be > something like br-lan; a bridge across multiple physical interfaces, > such as ethernet ports and wifi networks. On your Pi, it will likely > be a single physical interface. So the references to OpenWRT is for when the NODogSplash system is being installed on the ISP supplied Router. This was never considered to be an option, hence the idea of putting it on the Pi and turning the Pi into a Router. > On a router running OpenWRT, there might be more than one LAN-side > interface, so you would specify which one. For example, you might run > both a private LAN and a guest LAN on the same router. My problem (as always with these things), is understanding the terminology. -- Terry Coles -- Next meeting: Bournemouth, Tuesday, 2018-07-03 20:00 Meets, Mailing list, IRC, LinkedIn, ... http://dorset.lug.org.uk/ New thread: mailto:dorset@mailman.lug.org.uk / CHECK IF YOU'RE REPLYING Reporting bugs well: http://goo.gl/4Xue / TO THE LIST OR THE AUTHOR
Re: [Dorset] Setting up a URL Filter and Cascading Routers
On Fri, 15 Jun 2018 11:58:42 +0100, Terry Coles wrote: > I think that I may have mis-understood the config file commentary (I > haven't actually done that bit yet), but I found the following at > line 170: > > # This should be autodetected on an OpenWRT system, but if not: > > # Set GatewayAddress to the IP address of the router on > # the GatewayInterface. This is the address that the Nodogsplash > # server listens on. > # > # GatewayAddress 192.168.1.1 > > I assumed that this was referring to the IP address of the Internet > side of the Pi, but see now that they are probably referring to the > IP Address of the router. No. In your case, it refers to the "internal" IP address of the Pi in its role as a router. That is to say, the IP address of the LAN-side interface of the Pi. I suppose this might be the IP address that you are serving your local website on. It should be the same address that already appears as the gateway address on DHCP clients of the Pi (people's phones). (Assuming DHCP has been configured to specify a gateway address.) You also have to specify the interface name (e.g. eth1), so I suppose the IP address could be autodetected from that, which might be a more robust configuration in case the address ever needs to be changed. On an OpenWRT system, the gateway interface would typically be something like br-lan; a bridge across multiple physical interfaces, such as ethernet ports and wifi networks. On your Pi, it will likely be a single physical interface. On a router running OpenWRT, there might be more than one LAN-side interface, so you would specify which one. For example, you might run both a private LAN and a guest LAN on the same router. -- Next meeting: Bournemouth, Tuesday, 2018-07-03 20:00 Meets, Mailing list, IRC, LinkedIn, ... http://dorset.lug.org.uk/ New thread: mailto:dorset@mailman.lug.org.uk / CHECK IF YOU'RE REPLYING Reporting bugs well: http://goo.gl/4Xue / TO THE LIST OR THE AUTHOR
Re: [Dorset] Setting up a URL Filter and Cascading Routers
On Friday, 15 June 2018 11:58:42 BST Terry Coles wrote: > I know that the DHCP range is 192.168.1.xxx, because ipconfig on the Office > computer yielded a number in that range. However, that's all I know. Thinking about it, I should be able to get the Gateway Address from the results of ipconfig. I'll check the next time I'm there. -- Terry Coles -- Next meeting: Bournemouth, Tuesday, 2018-07-03 20:00 Meets, Mailing list, IRC, LinkedIn, ... http://dorset.lug.org.uk/ New thread: mailto:dorset@mailman.lug.org.uk / CHECK IF YOU'RE REPLYING Reporting bugs well: http://goo.gl/4Xue / TO THE LIST OR THE AUTHOR
Re: [Dorset] Setting up a URL Filter and Cascading Routers
On Friday, 15 June 2018 11:37:53 BST Ralph Corderoy wrote: > I don't understand the problem. What parameter is it in > https://github.com/nodogsplash/nodogsplash/blob/master/resources/nodogsplash > .conf that needs a fixed IP address on the external side of the Pi? > GatewayInterface wants an interface name, e.g. `ens35', not an IP > address. Thanks for pointing that out. I think that I may have mis-understood the config file commentary (I haven't actually done that bit yet), but I found the following at line 170: # This should be autodetected on an OpenWRT system, but if not: # Set GatewayAddress to the IP address of the router on # the GatewayInterface. This is the address that the Nodogsplash # server listens on. # # GatewayAddress 192.168.1.1 I assumed that this was referring to the IP address of the Internet side of the Pi, but see now that they are probably referring to the IP Address of the router. Actually that still may be a problem, because the manual for the Router said that the Admin pages could be accessed by typing its IP Address into the browser, eg http://192.168.1.253, but that never worked. However, typing the router name - http://dsldevice.lan produced the correct login dialog. I know that the DHCP range is 192.168.1.xxx, because ipconfig on the Office computer yielded a number in that range. However, that's all I know. I still intend to implement the NoDogSplash software on the Pi Webserver, if only to get the auto Landing Page. If after I've got it to work here, it then works at the WMT, then I'll be quite a happy bunny :-) -- Terry Coles -- Next meeting: Bournemouth, Tuesday, 2018-07-03 20:00 Meets, Mailing list, IRC, LinkedIn, ... http://dorset.lug.org.uk/ New thread: mailto:dorset@mailman.lug.org.uk / CHECK IF YOU'RE REPLYING Reporting bugs well: http://goo.gl/4Xue / TO THE LIST OR THE AUTHOR
Re: [Dorset] Setting up a URL Filter and Cascading Routers
Hi Terry, > Unfortunately that has now failed because it seems that the WMT's ISP > has locked down the supplied Router and do not allow admin logins. > Without that, I cannot use a fixed IP Address on the Internet side of > the RPi (which will have two Ethernet Adaptors) and so I cannot > configure NoDogSplash to point the users at it. I don't understand the problem. What parameter is it in https://github.com/nodogsplash/nodogsplash/blob/master/resources/nodogsplash.conf that needs a fixed IP address on the external side of the Pi? GatewayInterface wants an interface name, e.g. `ens35', not an IP address. Cheers, Ralph. -- Next meeting: Bournemouth, Tuesday, 2018-07-03 20:00 Meets, Mailing list, IRC, LinkedIn, ... http://dorset.lug.org.uk/ New thread: mailto:dorset@mailman.lug.org.uk / CHECK IF YOU'RE REPLYING Reporting bugs well: http://goo.gl/4Xue / TO THE LIST OR THE AUTHOR
