3 replies to this topic

[FlipperHotspot]

Hi all,

I want to set aside a few static IP addresses in the low range, if possible, for machines on my office LAN.  I'm thinking all I need to do is edit the /etc/chilli/defaults file with the following, but I could be (and have often been) wrong:

HS_DYNIP=192.168.182.25  # Start the dynamic range here

HS_STATIP=192.168.182.2/24  # Set aside 23 static IP addresses from 2 to 24

Will this hammer my hotspot?

[cybermaus]

You will also need to manually assign the local machines their IP address, as they will not get it from DHCP. And you will have to authorize them, for example with the localmac option we discussed earlier. And if you want them to also pass the firewall, you need to remove two lines from the firewall rules that are automatically added.

I have moved the settings needed for this to the local.conf file, as I found these "non-hotspot settings" better contained there than the default file. The firewall modification can be done by the ipup.sh script. Here are the ones I am using:
(PS: this is on OpenWRT+Chilli, not sure if other platforms would respond the same)

# LOCAL static IP range from 96 to 111
statip 192.168.20.96/255.255.255.240

lease 900		# default dhcp lease 900 seconds
leaseplus 300		# 5 minutes extra just in case
defsessiontimeout 90000 # 24 hour sessions for internal equipment (users are set by radius)
defidletimeout 3600	# 1 hour for internal equipment (users are set by radius)

# LOCAL MAC addresses
macallowlocal
macallowed XXXXXXXXXXXX #local device 1
macallowed YYYYYYYYYYY #local device 2

#!/bin/sh
#
# remove chilli build in added lines to allow native traffic again.
iptables -D INPUT -i br-lan -j DROP	# this rule should be deleted
#iptables -D FORWARD -i br-lan -j DROP # leave this as # otherwise duplicate traffic
iptables -D FORWARD -o br-lan -j DROP  # this rule should be deleted

Edited by cybermaus, 26 July 2012 - 04:29 PM.

[FlipperHotspot]

Yes, sorry, I thought editing the /etc/networking/interfaces file on the office machines part went without saying
However, I notice that you put your static IPs on the LAN subnet.  Are you saying that it will not work to place them on the hotspot subnet, i.e., the 182.X ?

cybermaus, on 01 February 2012 - 09:39 PM, said:

[code]# LOCAL static IP range from 96 to 111
statip 192.168.20.96/255.255.255.240

[cybermaus]

My mistake: If you want them in the 182 subnet, you do not need to do anything other then to pre-authorize them with macallowed.
Chilli will discover them, or at least when I tried that they did show up in the chilli_query listippool command as allocated IP addresses. No need to do any firewall stuff. Equally no need to set the STATIP range.

I though you wanted a separate subnet. I wanted that myself, just to make it a little harder for the casual hotspot user to find my infrastructure devices.

Edited by cybermaus, 02 February 2012 - 07:22 AM.