# -------------------------------- # configuration for setup firewall # -------------------------------- # Required only if you DO NOT want your gateway to act as a NAT. Give this only if you are running a strictly routed # network, and do not need the gateway to enable NAT for you RouteOnly=1 # If you choose not to run DNS on your internal network, specify the address(es) of one or more domain name server # on the Internet that wireless clients can use to get out. Should be the same DNS that your DHCP server hands out DNSAddr=192.168.210.254 # Specify TCP ports to allow access to when public class users login. All others will be denied #IncludePorts="22 80 443" # Specify TCP ports to denied access to when public class users login. All others will be allowed. Note that you should # use either IncludePorts or ExcludePorts, but not both. If neither is specified, access is granted to all ports to public # class users. You should *always* exclude port 25, unless you want to run an portal for wanton spam sending. Users should # have their own way of sending mail. It sucks, but that is the way it is. # Comment this out *only if* you are using IncludePorts instead #ExcludePorts="23 25 111" # List any domains that you would like to allow web access (TCP port 80 and 443) BEFORE logging in (this is the # pre-skip stage, so be careful about what you allow AllowedWebHosts=159.213.0.0/16 # the interface connected to the Internet. Usually eth0 or eth1 under Linux, or maybe even ppp0 if you are running PPP or PPPoE ExternalDevice=eth0 # Required if and only if your machine has more than two network interfaces. Must be set to the interface connected to your local # network, normally your wireless card InternalDevice="eth0 eth0" # Must be set to the network address and net mask of your internal network. You can use the number of bits in the netmask # (e.g. /16, /24, etc.) or the full x.x.x.x specification LocalNetwork="10.30.1.0/24 10.1.0.1/16" # URL to the login service at the authservice. Must be set to the address of your authentication service # You must use an IP address if DNS resolution is not available at gateway startup AuthServiceAddr="http://www.auth-firenze.com/login http://10.30.1.131" #AuthServiceAddr="http://www.auth-firenze.com/login http://10.30.1.131" # The TCP port to bind the gateway service to. 5280 is de-facto standard for NoCatAuth. Change this only if you absolutely need to GatewayPort=5280 # Give this if you want to disable public access (i.e. unauthenticated 'skip' button access). You'll also want to # point AuthServiceAddr somewhere that doesn't include a skip button (likeat your own Auth server) MembersOnly=1 # --------------------------------