Search:  
Gentoo Wiki

HOWTO_Nocat


This article is part of the HOWTO series.
Installation Kernel & Hardware Networks Portage Software System X Server Gaming Non-x86 Emulators Misc

Contents

What's that?

NoCat's goal is to bring you Infinite Bandwidth Everywhere for Free.

Albert Einstein, when asked to describe radio, replied: "You see, wire telegraph is a kind of a very, very long cat. You pull his tail in New York and his head is meowing in Los Angeles. Do you understand this? And radio operates exactly the same way: you send signals here, they receive them there. The only difference is that there is no cat."

This wiki will help you in provide access to the web (or to an intranet) through user authorization. A firewall that implements NAT provides access to the internet for all users behind it. This anonymous access is not considered correct, because everyone with access to the internet must be indentifiable. This implementation is useful when you want to provide internet access only to users who have been authorized. For example you can have an intranet with LDAP and via its log you can know at every moment who has access to a site or to a service. But when you provide internet access to a notebook, connected via wireless or cable, without a centralized server, you cannot provide information about their identity.

Some useful links:

http://nocat.net

http://www.wi-fiplanet.com

http://www.wi-fiplanet.com

http://lists.nocat.net

How does it works

There are two different parts of the tool:

This two services can also run on different servers.

Auth Server

Auth Server simply authenticates users to access to gateway server. When you connect your workstation, and you try access internet you've been redirected to web server page of Authentication Server where you had to authenticate yourself.

Gateway Server

If your credentials are correct Auth Server passes your MAC address and your IP address to the Gateway, that modify IPtables ruleset to allow you to access internet.

Pre-Requisites

Topology

Image:nocatnet.png


Installation

Download the package and install it in /usr/local/nocat.

Be care that there are two different nocat.conf configuration file, one for the authentication server and one for the gateway server.

Configuration

Install on the firewall machine a DHCP SERVER, that releases IP addresses.

Edit /usr/local/nocat/etc/gw/nocat.conf:

File: /usr/local/nocat/etc/gw/nocat.conf
 ###### gateway.conf -- NoCatAuth Gateway Configuration.
 #
 # Format of this file is: <Directive> <Value>, one per
 #   line. Trailing and leading whitespace is ignored. Any
 #   line beginning with a punctuation character is assumed to
 #   be a comment. 
 Verbosity       10
 GatewayName	the MARS NoCat Network
 GatewayMode	Passive
 GatewayLog	/var/log/nocat.log
 LoginTimeout	3600
 HomePage	http://192.168.140.254/
 DocumentRoot	/usr/local/nocat/gw/htdocs
 SplashForm	splash.html 
 StatusForm	status.html
 TrustedGroups Any
 AuthServiceAddr	192.168.140.254
 LogoutURL	https://$AuthServiceAddr/logout.html
 ExternalDevice	eth2
 InternalDevice	eth1
 LocalNetwork	192.168.140.0/24
 DNSAddr 137.204.58.1
 LogFacility	syslog
 SyslogSocket unix
 SyslogOptions cons,pid
 SyslogFacility user
 SyslogIdent NoCat

Edit /usr/local/nocat/etc/authserv/nocat.conf:

File: /usr/local/nocat/etc/authserv/nocat.conf
 ###### authserv.conf -- NoCatAuth Authentication Service Configuration.
 #
 # Format of this file is: <Directive> <Value>, one per
 #   line. Trailing and leading whitespace is ignored. Any
 #   line beginning with a punctuation character is assumed to
 #   be a comment.
 Verbosity       10
 HomePage	http://nocat.net/
 DocumentRoot	/usr/local/nocat/authserv/htdocs
 DataSource	Passwd
 UserFile	    /usr/local/nocat/authserv/etc/passwd
 GroupUserFile	    /usr/local/nocat/authserv/etc/group
 GroupAdminFile    /usr/local/nocat/authserv/etc/groupadm
 MinPasswdLength	6
 LocalGateway    192.168.140.254
 LoginForm	login.html
 LoginOKForm	login_ok.html
 FatalForm	fatal.html
 ExpiredForm	expired.html
 RenewForm	renew.html
 PassiveRenewForm renew_pasv.html
 RegisterForm	register.html
 RegisterOKForm	register_ok.html
 RegisterFields	name url description
 UpdateForm	update.html
 UpdateFields	url description
 LoginGreeting   Greetings! Welcome to the MARS NoCat Network.
 LoginMissing    Please fill in all fields!
 LoginBadUser    That e-mail address is unknown. Please try again.
 LoginBadPass	That e-mail and password do not match. Please try again.
 LoginBadStatus  Sorry, you are not a registered co-op member.
 RegisterGreeting    Welcome! Please enter the following information to register.
 RegisterMissing	    Name, E-mail, and password fields must be filled in.
 RegisterUserExists  Sorry, that e-mail address is already taken. Are you already registered?
 RegisterBadUser	    The e-mail address provided appears to be invalid. Did you spell it correctly?
 RegisterInvalidPass All passwords must be at least six characters long.
 RegisterPassNoMatch The passwords you provided do not match. Please try again.
 RegisterSuccess	    Congratulations, you have successfully registered.
 UpdateGreeting	    Enter your E-mail and password to update your info.
 UpdateBadUser	    That e-mail address is unknown. Please try again.
 UpdateBadPass	    That e-mail and password do not match. Please try again.
 UpdateInvalidPass   New passwords must be at least six characters long.
 UpdatePassNoMatch   The new passwords you provided do not match. Please try again.
 UpdateSuccess	    Congratulations, you have successfully updated your account.

Edit /usr/local/nocat/authserv/etc/httpd.conf:

File: /usr/local/nocat/authserv/etc/httpd.conf
 # Apache 2.x sample configuration for NoCat Auth Service.
 #
 # This sample config assumes you installed NoCatAuth to /usr/local/nocat/authserv.
 # If you installed it elsewhere, you may need to change paths to suit.
 #
 # This file can be folded into your httpd configuration by adding
 # the following line to your httpd.conf:
 #
 #     Include /usr/local/nocat/authserv/etc/authserv.conf
 
 # Put this in a virtual host entry, if needed, and don't forget
 # the trailing slash.
 
 ScriptAlias /cgi-bin-nocat/ /usr/local/nocat/authserv/cgi-bin/
 
 <Directory /usr/local/nocat/authserv/cgi-bin>
    ##
    # $PERL5LIB tells Perl where to find the NoCat libraries.
    ##
    SetEnv PERL5LIB /usr/local/nocat/authserv/lib
    ##
    # $NOCAT tells NoCat where to find its configuration file.
    ##
    SetEnv NOCAT    /usr/local/nocat/authserv/nocat.conf
    AllowOverride All
    Options ExecCGI
    SSLOptions +StdEnvVars
    <IfModule mod_access.c>
      Order allow,deny
      Allow from all
    </IfModule>
 </Directory>
 
 Alias /images/ /usr/local/nocat/authserv/htdocs/images/
 Alias /nocat/  /usr/local/nocat/authserv/htdocs/ 
 
 <Directory /usr/local/nocat/authserv/htdocs/>
	Options -Indexes FollowSymLinks MultiViews
	AllowOverride All
	SSLOptions +StdEnvVars
	<IfModule mod_access.c>
		Order allow,deny
		Allow from all
	</IfModule>
 </Directory>


Edit /etc/init.d/nocat:

File: /etc/init.d/nocat
 #!/sbin/runscript
 depend() {
        need net apache2 firewall
 }
 start() {
        ebegin "Starting NoCat NET"
        start-stop-daemon --start -b --exec /usr/local/nocat/gw/bin/gateway --pidfile /var/run/nocat.pid 2>/dev/null
        #/usr/local/nocat/gw/bin/gateway
        #/etc/init.d/nocat.sh start
        eend $?
        sleep 1
        pgrep gateway > /var/run/nocat.pid
 }
 stop() {
        ebegin "Stopping NoCat NET"
        start-stop-daemon --stop --pidfile /var/run/nocat.pid
        #/etc/init.d/nocat.sh stop
        #kill -9 `pgrep gateway`
        eend $?
 }

Note

Pay atention to the pgp key in authserv/pgp, they must be owned by the user who run the web server.

Retrieved from "http://www.gentoo-wiki.info/HOWTO_Nocat"

Last modified: Fri, 05 Sep 2008 22:58:00 +0000 Hits: 9,565