HOWTO_Nocat

This article is part of the HOWTO series.

Installation • Kernel & Hardware • Networks • Portage • Software • System • X Server • Gaming • Non-x86 • Emulators • Misc

1 What's that?
2 How does it works
- 2.1 Auth Server
- 2.2 Gateway Server
3 Pre-Requisites
4 Topology
5 Installation
6 Configuration
7 Note

What's that?

NoCat's goal is to bring you Infinite Bandwidth Everywhere for Free.

Albert Einstein, when asked to describe radio, replied: "You see, wire telegraph is a kind of a very, very long cat. You pull his tail in New York and his head is meowing in Los Angeles. Do you understand this? And radio operates exactly the same way: you send signals here, they receive them there. The only difference is that there is no cat."

This wiki will help you in provide access to the web (or to an intranet) through user authorization. A firewall that implements NAT provides access to the internet for all users behind it. This anonymous access is not considered correct, because everyone with access to the internet must be indentifiable. This implementation is useful when you want to provide internet access only to users who have been authorized. For example you can have an intranet with LDAP and via its log you can know at every moment who has access to a site or to a service. But when you provide internet access to a notebook, connected via wireless or cable, without a centralized server, you cannot provide information about their identity.

Some useful links:

http://nocat.net

http://www.wi-fiplanet.com

http://lists.nocat.net

How does it works

There are two different parts of the tool:

Auth Server

Gateway Server

This two services can also run on different servers.

Auth Server

Auth Server simply authenticates users to access to gateway server. When you connect your workstation, and you try access internet you've been redirected to web server page of Authentication Server where you had to authenticate yourself.

Gateway Server

If your credentials are correct Auth Server passes your MAC address and your IP address to the Gateway, that modify IPtables ruleset to allow you to access internet.

Pre-Requisites

Net-Mask Perl Module

Web Server

Topology

Installation

Download the package and install it in /usr/local/nocat.

Be care that there are two different nocat.conf configuration file, one for the authentication server and one for the gateway server.

Configuration

Install on the firewall machine a DHCP SERVER, that releases IP addresses.

Edit /usr/local/nocat/etc/gw/nocat.conf:

File: /usr/local/nocat/etc/gw/nocat.conf

 ###### gateway.conf -- NoCatAuth Gateway Configuration.
 #
 # Format of this file is: <Directive> <Value>, one per
 #   line. Trailing and leading whitespace is ignored. Any
 #   line beginning with a punctuation character is assumed to
 #   be a comment. 
 Verbosity       10
 GatewayName	the MARS NoCat Network
 GatewayMode	Passive
 GatewayLog	/var/log/nocat.log
 LoginTimeout	3600
 HomePage	http://192.168.140.254/
 DocumentRoot	/usr/local/nocat/gw/htdocs
 SplashForm	splash.html 
 StatusForm	status.html
 TrustedGroups Any
 AuthServiceAddr	192.168.140.254
 LogoutURL	https://$AuthServiceAddr/logout.html
 ExternalDevice	eth2
 InternalDevice	eth1
 LocalNetwork	192.168.140.0/24
 DNSAddr 137.204.58.1
 LogFacility	syslog
 SyslogSocket unix
 SyslogOptions cons,pid
 SyslogFacility user
 SyslogIdent NoCat

Edit /usr/local/nocat/etc/authserv/nocat.conf:

File: /usr/local/nocat/etc/authserv/nocat.conf

###### authserv.conf -- NoCatAuth Authentication Service Configuration.
#
# Format of this file is: <Directive> <Value>, one per
# line. Trailing and leading whitespace is ignored. Any
# line beginning with a punctuation character is assumed to
# be a comment.
Verbosity 10
HomePage http://nocat.net/
DocumentRoot /usr/local/nocat/authserv/htdocs
DataSource Passwd
UserFile /usr/local/nocat/authserv/etc/passwd
GroupUserFile /usr/local/nocat/authserv/etc/group
GroupAdminFile /usr/local/nocat/authserv/etc/groupadm
MinPasswdLength 6
LocalGateway 192.168.140.254
LoginForm login.html
LoginOKForm login_ok.html
FatalForm fatal.html
ExpiredForm expired.html
RenewForm renew.html
PassiveRenewForm renew_pasv.html
RegisterForm register.html
RegisterOKForm register_ok.html
RegisterFields name url description
UpdateForm update.html
UpdateFields url description
LoginGreeting Greetings! Welcome to the MARS NoCat Network.
LoginMissing Please fill in all fields!
LoginBadUser That e-mail address is unknown. Please try again.
LoginBadPass That e-mail and password do not match. Please try again.
LoginBadStatus Sorry, you are not a registered co-op member.
RegisterGreeting Welcome! Please enter the following information to register.
RegisterMissing Name, E-mail, and password fields must be filled in.
RegisterUserExists Sorry, that e-mail address is already taken. Are you already registered?
RegisterBadUser The e-mail address provided appears to be invalid. Did you spell it correctly?
RegisterInvalidPass All passwords must be at least six characters long.
RegisterPassNoMatch The passwords you provided do not match. Please try again.
RegisterSuccess Congratulations, you have successfully registered.
UpdateGreeting Enter your E-mail and password to update your info.
UpdateBadUser That e-mail address is unknown. Please try again.
UpdateBadPass That e-mail and password do not match. Please try again.
UpdateInvalidPass New passwords must be at least six characters long.
UpdatePassNoMatch The new passwords you provided do not match. Please try again.
UpdateSuccess Congratulations, you have successfully updated your account.

Edit /usr/local/nocat/authserv/etc/httpd.conf:

File: /usr/local/nocat/authserv/etc/httpd.conf

 # Apache 2.x sample configuration for NoCat Auth Service.
 #
 # This sample config assumes you installed NoCatAuth to /usr/local/nocat/authserv.
 # If you installed it elsewhere, you may need to change paths to suit.
 #
 # This file can be folded into your httpd configuration by adding
 # the following line to your httpd.conf:
 #
 #     Include /usr/local/nocat/authserv/etc/authserv.conf
 
 # Put this in a virtual host entry, if needed, and don't forget
 # the trailing slash.
 
 ScriptAlias /cgi-bin-nocat/ /usr/local/nocat/authserv/cgi-bin/
 
 <Directory /usr/local/nocat/authserv/cgi-bin>
    ##
    # $PERL5LIB tells Perl where to find the NoCat libraries.
    ##
    SetEnv PERL5LIB /usr/local/nocat/authserv/lib
    ##
    # $NOCAT tells NoCat where to find its configuration file.
    ##
    SetEnv NOCAT    /usr/local/nocat/authserv/nocat.conf
    AllowOverride All
    Options ExecCGI
    SSLOptions +StdEnvVars
    <IfModule mod_access.c>
      Order allow,deny
      Allow from all
    </IfModule>
 </Directory>
 
 Alias /images/ /usr/local/nocat/authserv/htdocs/images/
 Alias /nocat/  /usr/local/nocat/authserv/htdocs/ 
 
 <Directory /usr/local/nocat/authserv/htdocs/>
	Options -Indexes FollowSymLinks MultiViews
	AllowOverride All
	SSLOptions +StdEnvVars
	<IfModule mod_access.c>
		Order allow,deny
		Allow from all
	</IfModule>
 </Directory>

Edit /etc/init.d/nocat:

File: /etc/init.d/nocat

 #!/sbin/runscript
 depend() {
        need net apache2 firewall
 }
 start() {
        ebegin "Starting NoCat NET"
        start-stop-daemon --start -b --exec /usr/local/nocat/gw/bin/gateway --pidfile /var/run/nocat.pid 2>/dev/null
        #/usr/local/nocat/gw/bin/gateway
        #/etc/init.d/nocat.sh start
        eend $?
        sleep 1
        pgrep gateway > /var/run/nocat.pid
 }
 stop() {
        ebegin "Stopping NoCat NET"
        start-stop-daemon --stop --pidfile /var/run/nocat.pid
        #/etc/init.d/nocat.sh stop
        #kill -9 `pgrep gateway`
        eend $?
 }

Note

Pay atention to the pgp key in authserv/pgp, they must be owned by the user who run the web server.

Retrieved from "http://www.gentoo-wiki.info/HOWTO_Nocat"

Category: Wireless

Last modified: Sat, 06 Sep 2008 08:58:00 +1000 Hits: 10,382

Created by NickStallman.net, Luxury Homes Australia
Real estate agents should be using interactive floor plans.
New! Real Estate SMS for properties.

Gentoo Wiki