function status() { $sock = new sockets(); $status = base64_decode($sock->getFrameWork("chilli.php?status=yes")); $ini = new Bs_IniHandler(); $ini->loadString($status); $APP_HAARP = DAEMON_STATUS_ROUND("APP_HOTSPOT", $ini, null, 1); $APP_HOTSPOT_DNSMASQ = DAEMON_STATUS_ROUND("APP_HOTSPOT_DNSMASQ", $ini, null, 1); $tpl = new templates(); echo $tpl->_ENGINE_parse_body($APP_HAARP); echo $tpl->_ENGINE_parse_body($APP_HOTSPOT_DNSMASQ); $ChilliConf = unserialize(base64_decode($sock->GET_INFO("ChilliConf"))); $ChilliConf = GetInterfaceArray($ChilliConf); $wan_ip = $ChilliConf["HS_WANIF_IP"]; $lan_ip = $ChilliConf["HS_UAMLISTEN"]; if ($ChilliConf["HS_LANIF"] == null) { $CHILLI_ERROR_SAME_NETS = $tpl->_ENGINE_parse_body("{CHILLI_HS_LANIF_NULL}"); echo "<p class=text-error>{$CHILLI_ERROR_SAME_NETS}</p>"; } if ($ChilliConf["HS_WANIF"] == null) { $CHILLI_ERROR_SAME_NETS = $tpl->_ENGINE_parse_body("{CHILLI_HS_WANIF_NULL}"); echo "<p class=text-error>{$CHILLI_ERROR_SAME_NETS}</p>"; } $PR = explode(".", $lan_ip); $lan = "{$PR[0]}.{$PR[1]}.{$PR[2]}.0"; $PR = explode(".", $wan_ip); $wan = "{$PR[0]}.{$PR[1]}.{$PR[2]}.0"; if ($lan == $wan) { $CHILLI_ERROR_SAME_NETS = $tpl->_ENGINE_parse_body("{CHILLI_ERROR_SAME_NETS}"); $CHILLI_ERROR_SAME_NETS = str_replace("%a", $lan, $CHILLI_ERROR_SAME_NETS); $CHILLI_ERROR_SAME_NETS = str_replace("%b", $wan, $CHILLI_ERROR_SAME_NETS); echo "<p class=text-error>{$CHILLI_ERROR_SAME_NETS}</p>"; } if ($ChilliConf["HS_UAMFREEWEB"] == 0) { $ChilliConf["HS_UAMFREEWEB"] = null; } if (trim($ChilliConf["HS_UAMFREEWEB"]) == null) { $CHILLI_ERROR_NO_FREEWEB = $tpl->_ENGINE_parse_body("{CHILLI_ERROR_NO_FREEWEB}"); echo "<p class=text-error>{$CHILLI_ERROR_NO_FREEWEB}</p>"; } }
function up_sh($ChilliConf = array()) { if (count($ChilliConf) < 5) { $sock = new sockets(); $ChilliConf = unserialize(base64_decode($sock->GET_INFO("ChilliConf"))); $ChilliConf = GetInterfaceArray($ChilliConf); } $squidport = intval($ChilliConf["SQUID_HTTP_PORT"]); $f[] = "#!/bin/sh"; $f[] = ""; $f[] = "TUNTAP=\$(basename \$DEV)"; $f[] = "UNDO_FILE=/var/run/chilli.\$TUNTAP.sh"; $f[] = ""; $f[] = ". /etc/chilli/functions"; $f[] = ""; $f[] = "[ -e \"\$UNDO_FILE\" ] && sh \$UNDO_FILE 2>/dev/null"; $f[] = "rm -f \$UNDO_FILE 2>/dev/null"; $f[] = ""; $f[] = "ipt() {"; $f[] = " opt=\$1; shift"; $f[] = " echo \"iptables -D \$*\" >> \$UNDO_FILE"; $f[] = " iptables \$opt \$*"; $f[] = "}"; $f[] = ""; $f[] = "ipt_in() {"; $f[] = " ipt -I INPUT -i \$TUNTAP \$*"; $f[] = "}"; $f[] = ""; $f[] = "if [ -n \"\$TUNTAP\" ]"; $f[] = "then"; $f[] = " # ifconfig \$TUNTAP mtu \$MTU"; $f[] = " if [ \"\$KNAME\" != \"\" ]"; $f[] = " then"; $f[] = "\tipt -I FORWARD -i \$DHCPIF -m coova --name \$KNAME -j ACCEPT "; $f[] = "\tipt -I FORWARD -o \$DHCPIF -m coova --name \$KNAME --dest -j ACCEPT"; $f[] = "\tipt -I FORWARD -i \$TUNTAP -j ACCEPT"; $f[] = "\tipt -I FORWARD -o \$TUNTAP -j ACCEPT"; $f[] = "\t[ -n \"\$DHCPLISTEN\" ] && ifconfig \$DHCPIF \$DHCPLISTEN"; $f[] = " else"; $f[] = "\tif [ \"\$LAYER3\" != \"1\" ]"; $f[] = "\tthen"; $f[] = "\t [ -n \"\$UAMPORT\" -a \"\$UAMPORT\" != \"0\" ] && \\"; $f[] = "\t\tipt_in -p tcp -m tcp --dport \$UAMPORT --dst \$ADDR -j ACCEPT"; $f[] = "\t "; $f[] = "\t [ -n \"\$UAMUIPORT\" -a \"\$UAMUIPORT\" != \"0\" ] && \\"; $f[] = "\t\tipt_in -p tcp -m tcp --dport \$UAMUIPORT --dst \$ADDR -j ACCEPT"; $f[] = "\t "; $f[] = "\t [ -n \"\$HS_TCP_PORTS\" ] && {"; $f[] = "\t\tfor port in \$HS_TCP_PORTS; do"; $f[] = "\t\t ipt_in -p tcp -m tcp --dport \$port --dst \$ADDR -j ACCEPT"; $f[] = "\t\tdone"; $f[] = "\t }"; $f[] = "\t "; $f[] = "\t ipt_in -p udp -d 255.255.255.255 --destination-port 67:68 -j ACCEPT"; $f[] = "\t ipt_in -p udp -d \$ADDR --destination-port 67:68 -j ACCEPT"; $f[] = "\t ipt_in -p udp --dst \$ADDR --dport 53 -j ACCEPT"; $f[] = "\t ipt_in -p icmp --dst \$ADDR -j ACCEPT"; $f[] = "\t "; $f[] = "\t ipt -A INPUT -i \$TUNTAP --dst \$ADDR -j DROP"; $f[] = "\t "; $f[] = "\t ipt -I INPUT -i \$DHCPIF -j DROP"; $f[] = "\tfi"; $f[] = "\t"; $f[] = "\tipt -I FORWARD -i \$DHCPIF -j DROP"; $f[] = "\tipt -I FORWARD -o \$DHCPIF -j DROP"; $f[] = "\t"; $f[] = "\tipt -I FORWARD -i \$TUNTAP -j ACCEPT"; $f[] = "\tipt -I FORWARD -o \$TUNTAP -j ACCEPT"; $f[] = "\t"; $f[] = " # Help out conntrack to not get confused"; $f[] = " # (stops masquerading from working)"; $f[] = " #ipt -I PREROUTING -t raw -j NOTRACK -i \$DHCPIF"; $f[] = " #ipt -I OUTPUT -t raw -j NOTRACK -o \$DHCPIF"; $f[] = "\t"; $f[] = " # Help out MTU issues with PPPoE or Mesh"; $f[] = "\tipt -I FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu"; $f[] = "\tipt -I FORWARD -t mangle -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu"; $f[] = "\t"; $f[] = "\t[ \"\$HS_LAN_ACCESS\" != \"on\" -a \"\$HS_LAN_ACCESS\" != \"allow\" ] && \\"; $f[] = "\t ipt -I FORWARD -i \$TUNTAP \\! -o \$HS_WANIF -j DROP"; $f[] = "\t"; $f[] = "\t[ \"\$HS_LOCAL_DNS\" = \"on\" ] && \\"; $f[] = "\t ipt -I PREROUTING -t nat -i \$TUNTAP -p udp --dport 53 -j DNAT --to-destination \$ADDR"; $f[] = " fi"; $f[] = "fi"; $f[] = ""; $f[] = "# site specific stuff optional"; $f[] = "[ -e /etc/chilli/ipup.sh ] && . /etc/chilli/ipup.sh"; $f[] = ""; @file_put_contents("/etc/chilli/up.sh", @implode("\n", $f)); @chmod("/etc/chilli/up.sh", 0755); $f = array(); $f[] = "#!/bin/sh"; $f[] = "# Custom rules for Hotspot"; $f[] = "# TRANS PROXY"; $f[] = "# ipt -I PREROUTING -t nat -p tcp -s 10.1.0.0/24 -d 10.1.0.1 --dport {$squidport} -j DROP"; $f[] = "# ipt -I PREROUTING -t nat -i \$IF -p tcp -s 10.1.0.0/24 -d ! 10.1.0.1 --dport 80 -j REDIRECT --to {$squidport}"; $f[] = ""; $f[] = " # Redirect to Squid proxy (drop direct attempts to proxy)"; $f[] = " ipt -I PREROUTING -t mangle -p tcp -s \$NET/\$MASK -d \$ADDR --dport {$squidport} -j DROP"; $f[] = " ipt -I PREROUTING -t nat -i {$ChilliConf["HS_LANIF"]} -p tcp -s \$NET/\$MASK ! -d \$ADDR --dport 80 -j REDIRECT --to {$squidport}"; $f[] = " # Look at using this rule?"; $f[] = " # ipt -I PREROUTING -t nat -i {$ChilliConf["HS_LANIF"]} -p tcp -s \$NET/\$MASK ! -d \$ADDR --dport 80 -j DNAT --to 192.168.8.22:3128"; $f[] = " "; $f[] = " # Redirect DNS to local server # Coova Chilli seems to take care of this"; $f[] = "# ipt -I PREROUTING -t nat -i {$ChilliConf["HS_LANIF"]} -p tcp -s \$NET/\$MASK ! -d \$ADDR --dport 53 -j REDIRECT --to 53"; $f[] = "# ipt -I PREROUTING -t nat -i {$ChilliConf["HS_LANIF"]} -p udp -s \$NET/\$MASK ! -d \$ADDR --dport 53 -j REDIRECT --to 53 "; $f[] = "# MASQUERADE"; $f[] = " ipt -I POSTROUTING -t nat -o {$ChilliConf["HS_LANIF"]} -j MASQUERADE"; $f[] = ""; @file_put_contents("/etc/chilli/ipup.sh", @implode("\n", $f)); @chmod("/etc/chilli/ipup.sh", 0755); }