hai everyone....
i'm using FC8,squid26, latest chillispot, freeradius117, all at the same machine..
all configuration is work well.. but after few... month... when i check my log messages, there was unknown MAC that can browsing without authentication...
i have load firewall.iptables but he's still can browsing without login...
here is my firewall.iptables :
====begin======
IPTABLES="/sbin/iptables"
EXTIF="eth0"
INTIF="eth1"
#Flush all rules
$IPTABLES -F
$IPTABLES -F -t nat
$IPTABLES -F -t mangle
#Set default behaviour
$IPTABLES -P INPUT DROP
$IPTABLES -P FORWARD ACCEPT
$IPTABLES -P OUTPUT ACCEPT
#Allow related and established on all interfaces (input)
$IPTABLES -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
#Allow releated, established and ssh on $EXTIF. Reject everything else.
$IPTABLES -A INPUT -i $EXTIF -p tcp -m tcp --dport 22 --syn -j ACCEPT
$IPTABLES -A INPUT -i $EXTIF -j REJECT
#Allow related and established from $INTIF. Drop everything else.
$IPTABLES -A INPUT -i $INTIF -j DROP
#Allow http and https on other interfaces (input).
#This is only needed if authentication server is on same server as chilli
$IPTABLES -A INPUT -p tcp -m tcp --dport 8080 --syn -j ACCEPT
$IPTABLES -A INPUT -p tcp -m tcp --dport 443 --syn -j ACCEPT
$IPTABLES -t nat -A PREROUTING -i tun0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080
$IPTABLES -t nat -A PREROUTING -i tun0 -p tcp -m tcp --dport 8080 --syn -j DROP
#$IPTABLES -t nat -A PREROUTING -i tun0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080
#Allow 3990 on other interfaces (input).
$IPTABLES -A INPUT -p tcp -m tcp --dport 3990 --syn -j ACCEPT
#Allow ICMP echo on other interfaces (input).
$IPTABLES -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
#Allow everything on loopback interface.
$IPTABLES -A INPUT -i lo -j ACCEPT
# Drop everything to and from $INTIF (forward)
# This means that access points can only be managed from ChilliSpot
$IPTABLES -A FORWARD -i $INTIF -j DROP
$IPTABLES -A FORWARD -o $INTIF -j DROP
#Enable NAT on output device
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
===end===
my chilli.conf :
====begin=====
pidfile /var/run/chilli.pid
net 192.168.180.0/24
dns1 208.67.222.222
domain key.chillispot.info
radiusserver1 127.0.0.1
radiusserver2 127.0.0.1
radiusauthport 1812
radiusacctport 1813
radiussecret ******
dhcpif eth1
uamserver https://192.168.180.1/uam/hotspotlogin.php
uamsecret ******
======end======
pls help.. me...!!! how to fix it....