Bypass Chilli using alternate IPs?

Tuc at T-B-O-H.NET ml at t-b-o-h.net
Thu May 1 19:13:59 UTC 2008


Hi,

	I'll start out saying this is a Chillispot problem on DD-WRT. 
Unfortunately, support on the DD-WRT forum is generally lacking, so I
come to you hoping that since this is a branch you'll be able to understand
and suggest a change for me. If not, I certaininly understand.

	On a sample DD-WRT router, I have the chilli.conf to be :

radiusserver1 EXAMPLE.IP.ADDRESS.HERE
radiusserver2 EXAMPLE.IP.ADDRESS.HERE
radiussecret TMCQgnAW3f9g31
dhcpif br0
uamserver http://www.example.com/cgi-bin/UAM/uam.cgi
dns1 EXAMPLE.IP.ADDRESS.HERE
uamsecret aERP68Fi3d9gkh0
uamallowed www.paypal.com,www.paypalobjects.com,www.seabreezeconnections.com
radiusnasid SBC-2064
radiuslisten 192.168.50.13

	and :

# ifconfig br0
br0       Link encap:Ethernet  HWaddr 00:16:01:D1:90:3A  
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:6981 errors:0 dropped:0 overruns:0 frame:0
          TX packets:7444 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:690194 (674.0 KiB)  TX bytes:5253782 (5.0 MiB)

 # ifconfig tun0
tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:192.168.182.1  P-t-P:192.168.182.1  Mask:255.255.255.0
          UP POINTOPOINT RUNNING  MTU:1500  Metric:1
          RX packets:5706 errors:0 dropped:0 overruns:0 frame:0
          TX packets:7222 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:10 
          RX bytes:555035 (542.0 KiB)  TX bytes:5097966 (4.8 MiB)

# ifconfig vlan1
vlan1     Link encap:Ethernet  HWaddr 00:16:01:D1:90:3B  
          inet addr:192.168.50.13  Bcast:192.168.50.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:263049 errors:0 dropped:0 overruns:0 frame:0
          TX packets:128066 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:31820918 (30.3 MiB)  TX bytes:11358988 (10.8 MiB)


	We've found out that if you MANUALLY set your IP to be in the 192.168.1.X
range, set 192.168.1.1 as the gateway, and set your own DNS servers.... You can
surf w/o authenticating... Which is a VERY bad thing...

	Is there a way to stop this? (Additional information provided if
necessary.)

			Thanks, Tuc



More information about the Chilli mailing list