It's just that you didn't state in your original post what kind of device do you have, and therefore some seem to have misunderstood what you were trying to do.
1 Like
Apologies. In my original post I was just interested in the config changes from default to create a NAT scenario.
I didn't think which kind of device I had would matter that much when it came to configuring OpenWRT's firewall rules, forwarding, routing and what-not.
I didn't want it to take too long so didn't go into detail, thinking if I keep it to the point it should be a simple case of a couple of posts and I could bumble-on with my project lol
Best regards.
1 Like
No worries; I was just trying to explain why the misunderstanding - - it's because OpenWrt will do what you are trying to do or if the box on a "typical router" with 4+1 (or 1+1) Ethernet ports. So not knowing your device has only 1 port, people presumed you are trying to do something different.
2 Likes
UPDATE: Everything is working, now. I have even customised the splash page and finished user authentication.
Thank you all for your help. A big thank you to @mk24
This was done on a Raspberry Pi 2B v1.1 (But Should be doable on most Pis.)
I used a Ralink RT3070 USB adapter for the WLAN and the Ethernet port for the WAN.
Here are the installed packages and versions: (long)
opkg list-installed
base-files - 204.2-r11063-85e04e9f46
brcm2708-gpu-fw - 2018-11-29-b428bdd819df8d0ad3009b64492a4b3d1f9453e4
brcmfmac-board-rpi2 - 2018-03-12-86e88fbf0345da49555d0ec34c80b4fbae7d0cd3
brcmfmac-board-rpi3 - 2018-03-12-86e88fbf0345da49555d0ec34c80b4fbae7d0cd3
brcmfmac-firmware-43430-sdio - 20190416-1
brcmfmac-firmware-43455-sdio - 20190416-1
brcmfmac-firmware-usb - 20190416-1
busybox - 1.30.1-5
cgi-io - 19
dnsmasq - 2.80-16.1
dropbear - 2019.78-2
e2fsprogs - 1.44.5-2
firewall - 2019-11-22-8174814a-1
fstools - 2020-05-12-84269037-1
fwtool - 2
getrandom - 2019-06-16-4df34a4d-3
hostapd-common - 2019-08-08-ca8c2bd2-3
ip6tables - 1.8.3-1
iptables - 1.8.3-1
iptables-mod-conntrack-extra - 1.8.3-1
iptables-mod-ipopt - 1.8.3-1
iw - 5.0.1-1
iwinfo - 2019-10-16-07315b6f-1
jshn - 2020-02-27-7da66430-1
jsonfilter - 2018-02-04-c7e938d6-1
kernel - 4.14.180-1-2911c85b0fe34f5899879f41e832a894
kmod-brcmfmac - 4.14.180+4.19.120-1-1
kmod-brcmutil - 4.14.180+4.19.120-1-1
kmod-cfg80211 - 4.14.180+4.19.120-1-1
kmod-fs-vfat - 4.14.180-1
kmod-hid - 4.14.180-1
kmod-hid-generic - 4.14.180-1
kmod-ifb - 4.14.180-1
kmod-input-core - 4.14.180-1
kmod-input-evdev - 4.14.180-1
kmod-ip6tables - 4.14.180-1
kmod-ipt-conntrack - 4.14.180-1
kmod-ipt-conntrack-extra - 4.14.180-1
kmod-ipt-core - 4.14.180-1
kmod-ipt-ipopt - 4.14.180-1
kmod-ipt-nat - 4.14.180-1
kmod-ipt-offload - 4.14.180-1
kmod-ipt-raw - 4.14.180-1
kmod-lib-crc-ccitt - 4.14.180-1
kmod-mac80211 - 4.14.180+4.19.120-1-1
kmod-mmc - 4.14.180-1
kmod-nf-conntrack - 4.14.180-1
kmod-nf-conntrack6 - 4.14.180-1
kmod-nf-flow - 4.14.180-1
kmod-nf-ipt - 4.14.180-1
kmod-nf-ipt6 - 4.14.180-1
kmod-nf-nat - 4.14.180-1
kmod-nf-reject - 4.14.180-1
kmod-nf-reject6 - 4.14.180-1
kmod-nls-base - 4.14.180-1
kmod-nls-cp437 - 4.14.180-1
kmod-nls-iso8859-1 - 4.14.180-1
kmod-nls-utf8 - 4.14.180-1
kmod-ppp - 4.14.180-1
kmod-pppoe - 4.14.180-1
kmod-pppox - 4.14.180-1
kmod-rt2800-lib - 4.14.180+4.19.120-1-1
kmod-rt2800-usb - 4.14.180+4.19.120-1-1
kmod-rt2x00-lib - 4.14.180+4.19.120-1-1
kmod-rt2x00-usb - 4.14.180+4.19.120-1-1
kmod-sched-cake - 4.14.180+2019-03-12-057c7388-1
kmod-sched-core - 4.14.180-1
kmod-slhc - 4.14.180-1
kmod-sound-arm-bcm2835 - 4.14.180-1
kmod-sound-core - 4.14.180-1
kmod-usb-core - 4.14.180-1
kmod-usb-hid - 4.14.180-1
libblkid1 - 2.34-1
libblobmsg-json - 2020-02-27-7da66430-1
libc - 1.1.24-2
libcap - 2.27-1
libcomerr0 - 1.44.5-2
libelf1 - 0.177-1
libext2fs2 - 1.44.5-2
libf2fs6 - 1.12.0-3
libgcc1 - 7.5.0-2
libip4tc2 - 1.8.3-1
libip6tc2 - 1.8.3-1
libiwinfo-lua - 2019-10-16-07315b6f-1
libiwinfo20181126 - 2019-10-16-07315b6f-1
libjson-c2 - 0.12.1-3.1
libjson-script - 2020-02-27-7da66430-1
liblua5.1.5 - 5.1.5-3
liblucihttp-lua - 2019-07-05-a34a17d5-1
liblucihttp0 - 2019-07-05-a34a17d5-1
libmicrohttpd-no-ssl - 0.9.62-3
libmnl0 - 1.0.4-2
libncurses6 - 6.1-5
libnl-tiny - 0.1-5
libopenssl1.1 - 1.1.1g-1
libpthread - 1.1.24-2
librt - 1.1.24-2
libsmartcols1 - 2.34-1
libss2 - 1.44.5-2
libubox20191228 - 2020-02-27-7da66430-1
libubus-lua - 2019-12-27-041c9d1c-1
libubus20191227 - 2019-12-27-041c9d1c-1
libuci20130104 - 2019-09-01-415f9e48-3
libuclient20160123 - 2019-05-30-3b3e368d-1
libuuid1 - 2.34-1
libxtables12 - 1.8.3-1
logd - 2019-06-16-4df34a4d-3
lua - 5.1.5-3
luci - git-20.136.49537-fb2f363-1
luci-app-firewall - git-20.136.49537-fb2f363-1
luci-app-opkg - git-20.136.49537-fb2f363-1
luci-app-sqm - 1.4.0-2
luci-base - git-20.136.49537-fb2f363-1
luci-compat - git-20.216.62629-4d5c88b-1
luci-lib-ip - git-20.136.49537-fb2f363-1
luci-lib-jsonc - git-20.136.49537-fb2f363-1
luci-lib-nixio - git-20.136.49537-fb2f363-1
luci-mod-admin-full - git-20.136.49537-fb2f363-1
luci-mod-network - git-20.136.49537-fb2f363-1
luci-mod-status - git-20.136.49537-fb2f363-1
luci-mod-system - git-20.136.49537-fb2f363-1
luci-proto-ipv6 - git-20.136.49537-fb2f363-1
luci-proto-ppp - git-20.136.49537-fb2f363-1
luci-theme-bootstrap - git-20.136.49537-fb2f363-1
mkf2fs - 1.12.0-3
mtd - 24
nano - 4.9.3-1
netifd - 2019-08-05-5e02f944-1
nodogsplash - 4.0.3-1
odhcp6c - 2019-01-11-e199804b-16
odhcpd-ipv6only - 2020-05-03-49e4949c-3
openssh-sftp-server - 8.0p1-1
openwrt-keyring - 2019-07-25-8080ef34-1
opkg - 2020-05-07-f2166a89-1
partx-utils - 2.34-1
ppp - 2.4.7.git-2019-05-25-3
ppp-mod-pppoe - 2.4.7.git-2019-05-25-3
procd - 2020-03-07-09b9bd82-1
rpcd - 2019-12-10-aaa08366-2
rpcd-mod-file - 2019-12-10-aaa08366-2
rpcd-mod-iwinfo - 2019-12-10-aaa08366-2
rpcd-mod-luci - 20191114
rpcd-mod-rrdns - 20170710
rt2800-usb-firmware - 20190416-1
sqm-scripts - 1.4.0-2
tc - 5.0.0-2.1
terminfo - 6.1-5
ubox - 2019-06-16-4df34a4d-3
ubus - 2019-12-27-041c9d1c-1
ubusd - 2019-12-27-041c9d1c-1
uci - 2019-09-01-415f9e48-3
uclient-fetch - 2019-05-30-3b3e368d-1
uhttpd - 2020-03-13-975dce23-1
urandom-seed - 1.0-1
urngd - 2020-01-21-c7f7b6b6-1
usign - 2019-08-06-5a52b379-1
wireless-regdb - 2019.06.03-1
wpad-basic - 2019-08-08-ca8c2bd2-3
zlib - 1.2.11-3
Here is the OpenWRT configuration:
dhcp.@dnsmasq[0]=dnsmasq
dhcp.@dnsmasq[0].domainneeded='1'
dhcp.@dnsmasq[0].localise_queries='1'
dhcp.@dnsmasq[0].rebind_protection='1'
dhcp.@dnsmasq[0].rebind_localhost='1'
dhcp.@dnsmasq[0].expandhosts='1'
dhcp.@dnsmasq[0].authoritative='1'
dhcp.@dnsmasq[0].readethers='1'
dhcp.@dnsmasq[0].leasefile='/tmp/dhcp.leases'
dhcp.@dnsmasq[0].resolvfile='/tmp/resolv.conf.auto'
dhcp.@dnsmasq[0].localservice='1'
dhcp.@dnsmasq[0].domain='**********.wlan'
dhcp.@dnsmasq[0].local='/**********.wlan/'
dhcp.@dnsmasq[0].filterwin2k='1'
dhcp.@dnsmasq[0].server='1.0.0.2'
dhcp.lan=dhcp
dhcp.lan.interface='lan'
dhcp.lan.dhcpv6='server'
dhcp.lan.ra='server'
dhcp.lan.ra_management='1'
dhcp.lan.start='100'
dhcp.lan.leasetime='12h'
dhcp.lan.limit='150'
dhcp.lan.force='1'
dhcp.wan=dhcp
dhcp.wan.interface='wan'
dhcp.wan.ignore='1'
dhcp.odhcpd=odhcpd
dhcp.odhcpd.maindhcp='0'
dhcp.odhcpd.leasefile='/tmp/hosts/odhcpd'
dhcp.odhcpd.leasetrigger='/usr/sbin/odhcpd-update'
dhcp.odhcpd.loglevel='4'
dropbear.@dropbear[0]=dropbear
dropbear.@dropbear[0].PasswordAuth='on'
dropbear.@dropbear[0].Port='<ssh port #>'
firewall.@defaults[0]=defaults
firewall.@defaults[0].syn_flood='1'
firewall.@defaults[0].input='ACCEPT'
firewall.@defaults[0].output='ACCEPT'
firewall.@defaults[0].forward='REJECT'
firewall.@zone[0]=zone
firewall.@zone[0].name='lan'
firewall.@zone[0].input='ACCEPT'
firewall.@zone[0].output='ACCEPT'
firewall.@zone[0].forward='ACCEPT'
firewall.@zone[0].network='lan'
firewall.@zone[1]=zone
firewall.@zone[1].name='wan'
firewall.@zone[1].input='REJECT'
firewall.@zone[1].output='ACCEPT'
firewall.@zone[1].forward='REJECT'
firewall.@zone[1].masq='1'
firewall.@zone[1].mtu_fix='1'
firewall.@zone[1].network='wan wan6'
firewall.@forwarding[0]=forwarding
firewall.@forwarding[0].src='lan'
firewall.@forwarding[0].dest='wan'
firewall.@rule[0]=rule
firewall.@rule[0].name='Allow-DHCP-Renew'
firewall.@rule[0].src='wan'
firewall.@rule[0].proto='udp'
firewall.@rule[0].dest_port='68'
firewall.@rule[0].target='ACCEPT'
firewall.@rule[0].family='ipv4'
firewall.@rule[1]=rule
firewall.@rule[1].name='Allow-Ping'
firewall.@rule[1].src='wan'
firewall.@rule[1].proto='icmp'
firewall.@rule[1].icmp_type='echo-request'
firewall.@rule[1].family='ipv4'
firewall.@rule[1].target='ACCEPT'
firewall.@rule[2]=rule
firewall.@rule[2].name='Allow-IGMP'
firewall.@rule[2].src='wan'
firewall.@rule[2].proto='igmp'
firewall.@rule[2].family='ipv4'
firewall.@rule[2].target='ACCEPT'
firewall.@rule[3]=rule
firewall.@rule[3].name='Allow-DHCPv6'
firewall.@rule[3].src='wan'
firewall.@rule[3].proto='udp'
firewall.@rule[3].src_ip='fc00::/6'
firewall.@rule[3].dest_ip='fc00::/6'
firewall.@rule[3].dest_port='546'
firewall.@rule[3].family='ipv6'
firewall.@rule[3].target='ACCEPT'
firewall.@rule[4]=rule
firewall.@rule[4].name='Allow-MLD'
firewall.@rule[4].src='wan'
firewall.@rule[4].proto='icmp'
firewall.@rule[4].src_ip='fe80::/10'
firewall.@rule[4].icmp_type='130/0' '131/0' '132/0' '143/0'
firewall.@rule[4].family='ipv6'
firewall.@rule[4].target='ACCEPT'
firewall.@rule[5]=rule
firewall.@rule[5].name='Allow-ICMPv6-Input'
firewall.@rule[5].src='wan'
firewall.@rule[5].proto='icmp'
firewall.@rule[5].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type' 'router-solicitation' 'neighbour-solicitation' 'router-advertisement' 'neighbour-advertisement'
firewall.@rule[5].limit='1000/sec'
firewall.@rule[5].family='ipv6'
firewall.@rule[5].target='ACCEPT'
firewall.@rule[6]=rule
firewall.@rule[6].name='Allow-ICMPv6-Forward'
firewall.@rule[6].src='wan'
firewall.@rule[6].dest='*'
firewall.@rule[6].proto='icmp'
firewall.@rule[6].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type'
firewall.@rule[6].limit='1000/sec'
firewall.@rule[6].family='ipv6'
firewall.@rule[6].target='ACCEPT'
firewall.@rule[7]=rule
firewall.@rule[7].name='Allow-IPSec-ESP'
firewall.@rule[7].src='wan'
firewall.@rule[7].dest='lan'
firewall.@rule[7].proto='esp'
firewall.@rule[7].target='ACCEPT'
firewall.@rule[8]=rule
firewall.@rule[8].name='Allow-ISAKMP'
firewall.@rule[8].src='wan'
firewall.@rule[8].dest='lan'
firewall.@rule[8].dest_port='500'
firewall.@rule[8].proto='udp'
firewall.@rule[8].target='ACCEPT'
firewall.@include[0]=include
firewall.@include[0].path='/etc/firewall.user'
firewall.@rule[9]=rule
firewall.@rule[9].dest_port='<web port #>'
firewall.@rule[9].target='ACCEPT'
firewall.@rule[9].proto='tcp'
firewall.@rule[9].name='Allow WAN to SELF HTTP'
firewall.@rule[9].src='wan'
firewall.@rule[10]=rule
firewall.@rule[10].dest_port='53'
firewall.@rule[10].src='*'
firewall.@rule[10].name='Allow ANY to SELF DNS'
firewall.@rule[10].target='ACCEPT'
firewall.@rule[10].proto='udp'
firewall.@rule[11]=rule
firewall.@rule[11].dest_port='67-68'
firewall.@rule[11].name='Allow LAN to SELF DHCP'
firewall.@rule[11].target='ACCEPT'
firewall.@rule[11].proto='udp'
firewall.@rule[11].src='*'
firewall.@rule[12]=rule
firewall.@rule[12].dest_port='<ssh port #>'
firewall.@rule[12].src='wan'
firewall.@rule[12].name='Allow ALL to SELF SSH'
firewall.@rule[12].target='ACCEPT'
firewall.nodogsplash=include
firewall.nodogsplash.type='script'
firewall.nodogsplash.path='/usr/lib/nodogsplash/restart.sh'
luci.main=core
luci.main.lang='auto'
luci.main.mediaurlbase='/luci-static/bootstrap'
luci.main.resourcebase='/luci-static/resources'
luci.main.ubuspath='/ubus/'
luci.flash_keep=extern
luci.flash_keep.uci='/etc/config/'
luci.flash_keep.dropbear='/etc/dropbear/'
luci.flash_keep.openvpn='/etc/openvpn/'
luci.flash_keep.passwd='/etc/passwd'
luci.flash_keep.opkg='/etc/opkg.conf'
luci.flash_keep.firewall='/etc/firewall.user'
luci.flash_keep.uploads='/lib/uci/upload/'
luci.languages=internal
luci.sauth=internal
luci.sauth.sessionpath='/tmp/luci-sessions'
luci.sauth.sessiontime='3600'
luci.ccache=internal
luci.ccache.enable='1'
luci.themes=internal
luci.themes.Bootstrap='/luci-static/bootstrap'
luci.apply=internal
luci.apply.rollback='90'
luci.apply.holdoff='4'
luci.apply.timeout='5'
luci.apply.display='1.5'
luci.diag=internal
luci.diag.dns='openwrt.org'
luci.diag.ping='openwrt.org'
luci.diag.route='openwrt.org'
network.loopback=interface
network.loopback.ifname='lo'
network.loopback.proto='static'
network.loopback.ipaddr='127.0.0.1'
network.loopback.netmask='255.0.0.0'
network.globals=globals
network.globals.ula_prefix='<ula prefix ip6>'
network.lan=interface
network.lan.proto='static'
network.lan.ipaddr='192.168.27.1/24'
network.lan.type='bridge'
network.wan=interface
network.wan.ifname='eth0'
network.wan.proto='dhcp'
nodogsplash.@nodogsplash[0]=nodogsplash
nodogsplash.@nodogsplash[0].enabled='1'
nodogsplash.@nodogsplash[0].fwhook_enabled='1'
nodogsplash.@nodogsplash[0].maxclients='250'
nodogsplash.@nodogsplash[0].preauthidletimeout='30'
nodogsplash.@nodogsplash[0].authidletimeout='120'
nodogsplash.@nodogsplash[0].sessiontimeout='1200'
nodogsplash.@nodogsplash[0].checkinterval='600'
nodogsplash.@nodogsplash[0].binauth='/root/nds_auth.sh'
nodogsplash.@nodogsplash[0].authenticated_users='allow all'
nodogsplash.@nodogsplash[0].users_to_router='allow tcp port <ssh port #>' 'allow tcp port 53' 'allow udp port 53' 'allow udp port 67' 'allow tcp port 80' 'allow tcp port 443'
nodogsplash.@nodogsplash[0].gatewayname='<Gateway Name>'
nodogsplash.@nodogsplash[0].gatewayinterface='br-lan'
rpcd.@rpcd[0]=rpcd
rpcd.@rpcd[0].socket='/var/run/ubus.sock'
rpcd.@rpcd[0].timeout='30'
rpcd.@login[0]=login
rpcd.@login[0].username='root'
rpcd.@login[0].password='$p$root'
rpcd.@login[0].read='*'
rpcd.@login[0].write='*'
sqm.eth1=queue
sqm.eth1.qdisc='fq_codel'
sqm.eth1.script='simple.qos'
sqm.eth1.qdisc_advanced='0'
sqm.eth1.linklayer='none'
sqm.eth1.interface='eth0'
sqm.eth1.upload='5000'
sqm.eth1.debug_logging='0'
sqm.eth1.verbosity='5'
sqm.eth1.enabled='1'
sqm.eth1.download='20000'
system.@system[0]=system
system.@system[0].ttylogin='0'
system.@system[0].log_size='64'
system.@system[0].urandom_seed='0'
system.@system[0].hostname='<host name>'
system.@system[0].zonename='Europe/London'
system.@system[0].log_ip='<log server ip>'
system.@system[0].log_proto='udp'
system.@system[0].conloglevel='8'
system.@system[0].cronloglevel='5'
system.@system[0].timezone='GMT0BST,M3.5.0/1,M10.5.0'
system.ntp=timeserver
system.ntp.server='0.openwrt.pool.ntp.org' '1.openwrt.pool.ntp.org' '2.openwrt.pool.ntp.org' '3.openwrt.pool.ntp.org'
ucitrack.@network[0]=network
ucitrack.@network[0].init='network'
ucitrack.@network[0].affects='dhcp' 'radvd'
ucitrack.@wireless[0]=wireless
ucitrack.@wireless[0].affects='network'
ucitrack.@firewall[0]=firewall
ucitrack.@firewall[0].init='firewall'
ucitrack.@firewall[0].affects='luci-splash' 'qos' 'miniupnpd' 'sqm'
ucitrack.@olsr[0]=olsr
ucitrack.@olsr[0].init='olsrd'
ucitrack.@dhcp[0]=dhcp
ucitrack.@dhcp[0].init='dnsmasq'
ucitrack.@dhcp[0].affects='odhcpd'
ucitrack.@odhcpd[0]=odhcpd
ucitrack.@odhcpd[0].init='odhcpd'
ucitrack.@dropbear[0]=dropbear
ucitrack.@dropbear[0].init='dropbear'
ucitrack.@httpd[0]=httpd
ucitrack.@httpd[0].init='httpd'
ucitrack.@fstab[0]=fstab
ucitrack.@fstab[0].exec='/sbin/block mount'
ucitrack.@qos[0]=qos
ucitrack.@qos[0].init='qos'
ucitrack.@system[0]=system
ucitrack.@system[0].init='led'
ucitrack.@system[0].exec='/etc/init.d/log reload'
ucitrack.@system[0].affects='luci_statistics' 'dhcp'
ucitrack.@luci_splash[0]=luci_splash
ucitrack.@luci_splash[0].init='luci_splash'
ucitrack.@upnpd[0]=upnpd
ucitrack.@upnpd[0].init='miniupnpd'
ucitrack.@ntpclient[0]=ntpclient
ucitrack.@ntpclient[0].init='ntpclient'
ucitrack.@samba[0]=samba
ucitrack.@samba[0].init='samba'
ucitrack.@tinyproxy[0]=tinyproxy
ucitrack.@tinyproxy[0].init='tinyproxy'
ucitrack.@sqm[0]=sqm
ucitrack.@sqm[0].init='sqm'
uhttpd.main=uhttpd
uhttpd.main.listen_http='0.0.0.0:80' '[::]:80'
uhttpd.main.listen_https='0.0.0.0:443' '[::]:443'
uhttpd.main.redirect_https='1'
uhttpd.main.home='/www'
uhttpd.main.rfc1918_filter='1'
uhttpd.main.max_requests='3'
uhttpd.main.max_connections='100'
uhttpd.main.cert='/etc/uhttpd.crt'
uhttpd.main.key='/etc/uhttpd.key'
uhttpd.main.cgi_prefix='/cgi-bin'
uhttpd.main.lua_prefix='/cgi-bin/luci=/usr/lib/lua/luci/sgi/uhttpd.lua'
uhttpd.main.script_timeout='60'
uhttpd.main.network_timeout='30'
uhttpd.main.http_keepalive='20'
uhttpd.main.tcp_keepalive='1'
uhttpd.defaults=cert
uhttpd.defaults.days='730'
uhttpd.defaults.key_type='rsa'
uhttpd.defaults.bits='2048'
uhttpd.defaults.ec_curve='P-256'
uhttpd.defaults.country='ZZ'
uhttpd.defaults.state='Somewhere'
uhttpd.defaults.location='Unknown'
uhttpd.defaults.commonname='OpenWrt'
wireless.radio0=wifi-device
wireless.radio0.type='mac80211'
wireless.radio0.hwmode='11g'
wireless.radio0.path='platform/soc/3f980000.usb/usb1/1-1/1-1.3/1-1.3:1.0'
wireless.radio0.htmode='HT20'
wireless.radio0.channel='auto'
wireless.radio0.distance='500'
wireless.radio0.country='<country>'
wireless.default_radio0=wifi-iface
wireless.default_radio0.device='radio0'
wireless.default_radio0.network='lan'
wireless.default_radio0.mode='ap'
wireless.default_radio0.key='<network key>'
wireless.default_radio0.macfilter='deny'
wireless.default_radio0.ssid='<SSID>'
wireless.default_radio0.encryption='psk-mixed'
Here is my authentication script, a slight alternation of the example given at https://nodogsplashdocs.readthedocs.io/en/stable/binauth.html, to process user auths from a text file (consider it pre-alpha):
#!/bin/sh
METHOD="$1"
MAC="$2"
case "$METHOD" in
auth_client)
USERNAME="$(echo $3 | tr -cd 'A-Za-z0-9._-!$%*+=,#~@: ')"
PASSWORD="$(echo $4 | tr -cd 'A-Za-z0-9._-!$%*+=,#~@: ')"
AUTHMATCH=$USERNAME":"$PASSWORD
echo $(date) : $MAC said $AUTHMATCH >> /tmp/nds_auth.log
echo $(date) : Found in userlist : $(grep "^$AUTHMATCH$" /root/user_list.txt) >> /tmp/nds_auth.log
if [ "$(grep "^$AUTHMATCH$" /root/user_list.txt)" = "$AUTHMATCH" ]; then
# AUTHENTICATION OK: Allow this client to access the Internet for two hours (7200 seconds) with upload and download limits in bytes (0 for no limit.)
echo $(date) : Access granted to $MAC >> /tmp/nds_auth.log
echo 7200 0 0
exit 0
else
# AUTHENTICATION FAILED: Deny client access to the Internet...
echo $(date) : Access denied to $MAC >> /tmp/nds_auth.log
#echo $AUTHMATCH is incorrect.
exit 1
fi
;;
client_auth|client_deauth|idle_deauth|timeout_deauth|ndsctl_auth|ndsctl_deauth|shutdown_deauth)
INGOING_BYTES="$3"
OUTGOING_BYTES="$4"
SESSION_START="$5"
SESSION_END="$6"
# client_auth: Client authenticated via this script.
# client_deauth: Client deauthenticated by the client via splash page.
# idle_deauth: Client was deauthenticated because of inactivity.
# timeout_deauth: Client was deauthenticated because the session timed out.
# ndsctl_auth: Client was authenticated by the ndsctl tool.
# ndsctl_deauth: Client was deauthenticated by the ndsctl tool.
# shutdown_deauth: Client was deauthenticated by Nodogsplash terminating.
;;
esac
If anyone reading this spots an error or conflict, please reply.
I hope this makes it easier for someone else 
Best regards and thanks again.
1 Like