Topic: Squid drop Radius Upload rules
After configured squid redirect on port 80 request, ChilliSpot-Bandwidth-Max-Up rule does not work anymore (just ChilliSpot-Bandwidth-Max-Down still work).
Did you know any solution?
Pages 1
You are not logged in. Please login or register.
Cloud-based Hosted Chillispot Solution
Important note: If you are looking for a cloud based chillispot provider you can check out this Hotspot Software by HotspotSystem.
Squid drop Radius Upload rules
Posts: 4
Re: Squid drop Radius Upload rules
use contribs.org sme server, its very nice. i am in progress of adding chilli to its inbuilt MySQL/ Ldap/ FreeRadius config.
Re: Squid drop Radius Upload rules
I too am having problems with getting the upload bandwidth under control using squid transparent proxy. I have already upgraded to Chillispot 1.1 and still can not seem to get it. I suspect the answer is in the iptables but haven't had any success.
I am running chillispot 1.1.0 on Ubuntu 8.04 with Squid Version 2.6.STABLE18 and here is a copy of my IPTABLES FILE:
IPTABLES="/sbin/iptables"
EXTIF="eth0"
INTIF="eth1"
$IPTABLES -P INPUT DROP
$IPTABLES -F FORWARD
$IPTABLES -A FORWARD -o tun0 -j ACCEPT
$IPTABLES -A FORWARD -i tun0 -j ACCEPT
$IPTABLES -P OUTPUT ACCEPT
#Allow related and established on all interfaces (input)
$IPTABLES -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
#Allow releated, established and ssh on $EXTIF. Reject everything else.
$IPTABLES -A INPUT -i $EXTIF -p tcp -m tcp --dport 22 --syn -j ACCEPT
$IPTABLES -A INPUT -i $EXTIF -j REJECT
#Allow related and established from $INTIF. Drop everything else.
$IPTABLES -A INPUT -i $INTIF -j DROP
#Allow http and https on other interfaces (input).
#This is only needed if authentication server is on same server as chilli
$IPTABLES -A INPUT -p tcp -m tcp --dport 80 --syn -j ACCEPT
$IPTABLES -A INPUT -p tcp -m tcp --dport 443 --syn -j ACCEPT
#Allow 3990 on other interfaces (input).
$IPTABLES -A INPUT -p tcp -m tcp --dport 3990 --syn -j ACCEPT
#Allow everything on loopback interface.
$IPTABLES -A INPUT -i lo -j ACCEPT
# Drop everything to and from $INTIF (forward)
# This means that access points can only be managed from ChilliSpot
$IPTABLES -A FORWARD -i $INTIF -j DROP
$IPTABLES -A FORWARD -o $INTIF -j DROP
#Enable NAT on output device
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
##Allow transparent proxy (wiboon 1/2)
$IPTABLES -A INPUT -p tcp -m tcp --dport 3128 --syn -j ACCEPT
##Allow transparent proxy (wiboon 2/2)
$IPTABLES -t nat -A PREROUTING -i tun0 -p tcp -m tcp --dport 3128 --syn -j DROP
$IPTABLES -t nat -A PREROUTING -i tun0 -p tcp -m tcp -d 10.50.0.0/16 --dport 80 -j RETURN
#$IPTABLES -t nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 443 --syn -j DROP
$IPTABLES -t nat -A PREROUTING -i tun0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128I do appreciate all help and suggestions! Please help me finally get outside and enjoy the winter weather instead of getting stuck over and over week after week! 
Thanks!
Re: Squid drop Radius Upload rules
It 's not squid to drop radius upload attribute it ' s bug on chillispot.
I use coova-chilli and set iptables for squid below
##Allow transparent proxy (wiboon 1/2)
$IPTABLES -A INPUT -p tcp -m tcp --dport 3128 --syn -j ACCEPT
##Allow transparent proxy (wiboon 2/2)
$IPTABLES -t nat -A PREROUTING -i tun0 -p tcp -m tcp --dport 3128 --syn -j DROP
#$IPTABLES -t nat -A PREROUTING -i tun0 -p tcp -m tcp -d 10.50.0.0/16 --dport 80 -j RETURN
#$IPTABLES -t nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 443 --syn -j DROP
#$IPTABLES -t nat -A PREROUTING -i tun0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 312
it 's work pretty good man..
It 's very niceeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee...
Posts: 4
Powered by PunBB 1.4.4, supported by Informer Technologies, Inc.