NoCatSplash is a Open Public Network Gateway Daemon. It performs as a [captive/open/active] portal. When run on a gateway/router on a network, all web requests are redirected until the client either logs in or clicks "I Accept" to an AUP. The gateway daemon then changes the firewall rules on the gateway to pass traffic for that client (based on IP address and MAC address). NoCatSplash is the successor to NoCatAuth, which was written in Perl. NoCatSplash is written in multi-threaded ANSI C in order to be smaller and work better on embedded style devices. *** Quickstart ./configure make make install vi /usr/local/etc/nocat.conf /usr/local/sbin/splashd & *** Requirements - Current - Linux * glib 1.2 * iptables * netfilter kernel modules for NAT, redirection, etc. *** Requirements - Future Version - FreeBSD * ipfw - no MAC address filtering * ipfwv2 - includes MAC address filtering * gmake - OpenBSD * pfctl - NetBSD - Mac OS X *** Building NoCatSplash for normal operation To build and configure the NoCatSplash gateway, run: $ cd NoCatSplash-nightly $ ./configure $ make Then, as root: # make install # vi /usr/local/etc/nocat.conf [or use your editor of choice] In addition to the usual GNU ./configure options, NoCatSplash also supports: --prefix = defaults to /usr/local --with-firewall=looback Compiles with "loopback" firewall scripts for testing --with-ghttpd Also compiles ghttpd for local web server testing *** Running the NoCatSplash gateway To run the NoCatSplash gateway, you must be root. Run: # export PATH=$PATH:/sbin # ./splashd & In particular, you need to make sure that iptables can be found via the PATH environment variable before executing splashd. *** Building NoCatSplash for testing purposes You can build NoCatSplash with the "loopback" firewall scripts in order to test it on a machine without any network connection: $ cd splash $ ./configure --prefix=/tmp/nocat --with-firewall=loopback \ --with-ghttpd $ make $ make install $ vi /tmp/nocat/etc/nocat.conf Set "LoginTimeout" to a low value, say, 120 seconds. As root, run: # /tmp/nocat/sbin/ghttpd & # /tmp/nocat/sbin/splashd If you're not currently running a web server, this will start ghttpd, a lightweight web server, running on port 80, serving data out of the DocumentRoot specified in nocat.conf. Then run /tmp/nocat/sbin/splashd. Open a browser, and go to http://localhost/test.html or some other page on your local web server. You should be captured and allowed to log in, at which point you should be directed to the web page you attempted to visit. You should be able to browse your local web server until your login expires. *** Getting NoCatSplash from CVS From a shell, run: $ cvs -d:pserver:anonymous@cvs.nocat.net:/cvsroot login (Hit "Enter" when prompted for a password.) $ cvs -d:pserver:anonymous@cvs.nocat.net:/cvsroot co splash *** Notes NoCatSplash only runs on Linux at present. We will very shortly address the portability issues, most of which will crop up in and around autodetecting network interfaces and reading the kernel ARP table. People who have been paying attention will note that I've temporarily thrown out my original design for NoCatSplash, and concentrated on building a simplified rendition of the NoCatAuth Open mode in C. This is deliberate. The original design was nice, but too baroque for getting this project off the ground. Anyway, this code is going to change very rapidly. It might not be fancy, but it should work. Comments and questions welcome. SDE