PIROVANO
1 Alix Slackware
1.8 Web-Server
Install the following library-packages from your Slackware-CD: apr, apr-util.
chmod +x /etc/rc.d/rc.httpd
/etc/rc.d/rc.httpd start
Setup dedicated page for surfers accessing your DynDNS-address
mkdir /srv/httpd/htdocs/external
vi /srv/httpd/htdocs/external/index.html
Hello World!
:write :quit
vi /etc/httpd/httpd.conf #Scroll down to the very bottom
##<VirtualHost MYNAME.dyndns.org>
<VirtualHost *>
ServerName MYNAME.dyndns.org
DocumentRoot "/srv/httpd/htdocs/external"
</VirtualHost>
/etc/rc.d/rc.httpd restart
vi /etc/rc.d/rc.firewall
iptables -F
...
iptables -A INPUT -i ppp0 -p tcp --dport 80 -j ACCEPT
...
iptables -A INPUT -i ppp0 -j DROP
/etc/rc.d/rc.firewall
Setup dedicated page for unprivileged WLAN-clients trying to get an internet-site
mkdir /srv/httpd/htdocs/internal
vi /srv/httpd/htdocs/internal/index.html
Your MAC is not registered!
:write :quit
vi /etc/httpd/httpd.conf #Scroll down to the very bottom
<VirtualHost 192.168.10.1> #Replace 192.168.10.1 with your WLAN-AP-IP
ServerName 192.168.10.1
DocumentRoot "/srv/httpd/htdocs/internal"
</VirtualHost>
/etc/rc.d/rc.httpd restart
vi /etc/rc.d/rc.firewall
iptables -t nat -F
iptables -t nat -A POSTROUTING ...
...
iptables -t nat -A PREROUTING -i ath0 -m mac --mac-source 00:00:00:00:00:00 -j ACCEPT #MAC of ALLOWED WLAN-client.
...
iptables -t nat -A PREROUTING -i ath0 -p tcp --dport 80 -j DNAT --to 192.168.10.1:80 #Everyone else coming from WLAN is redirected to your (internal) Web-Server,only if he tries accessing a website.
iptables -F
...
iptables -A INPUT -i ath0 -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -i ath0 -p udp --dport 53 -j ACCEPT
iptables -A INPUT -i ath0 -p tcp --dport 53 -j ACCEPT
iptables -A INPUT -i ath0 -j DROP
/etc/rc.d/rc.firewall
Copyright 2009 pirovano.ch. Last modified 2009-08-03 1420 CEST.
E-Mail: pirovano(at)[this-very-domain]