NoCatSplash

From DD-WRT Wiki

Jump to: navigation, search

Contents

[edit] Introduction

NoCatSplash is a special type of web server. It redirects clients connecting to a DD-WRT box to a specific web page. Usually used for disclaimers and advertising, it can be a very useful tool when you have unknown people connecting wirelessly. After a configurable period of time, the client's internet access is cut off, unless the Client has agreed again to the Terms. If the client has a Web Browser open & configured with a Direct Internet Connection, and loads a website, their browser is redirected again, to the NoCatSplash page.

In order for NoCatSplash to display the splash page, the DD-WRT enabled device must have both of the following:

  • An active internet connection
  • A WAN address

For example, a client trying to ping an Internet address (e.g., www.google.com) must be able to resolve the name to an IP address. However, the Ping packets will not actually go through until the Client clicks the I Agree button on the splash page.


[edit] Caveat Concerning the Operation of Nocatsplash

Nocatsplash will not function at all if your router is set to Wireless Access Point settings or if your router is running as a switch. Specifically, once you disable DHCP under "WAN Connection Type" (as detailed in the linked wiki article), nocatsplash will no longer make any attempt to intercept clients that connect to the access point or switch. Instead, they are gleefully treated to the internet without any prompting. This issue also occurs when the device is set to not act as a DHCP server. More than likely, there are other settings that will ruin the function of nocatsplash as well. These are simply two very glaring settings that break nocatsplash for no given reason.

This issue has been brought to the attention of the developers, but as of 10:28, 21 June 2009 (CEST), there is no response or solution.


[edit] Terms

NoCatSplash 
Herein referred to as NoCat or splashd (the technical name).
Client 
referrers to the roaming laptop user with a browser configured for direct internet connections. LAN clients are normally included, so anyone wired into the LAN ports on the DD-WRT box is also a Client. LAN Servers, for instance, can be excluded from being involved in the NoCat system within the configuration of NoCat.
Terms 
referrers to the Terms of Use, or Agreement, which protects the DD-WRT owner from legal liability for the use of the open internet connection. For more information on how an Agreement contract can effectively block a legal conviction for state-blocked internet use, please consult legal advice in your own jurisdiction. This Wiki article only describes how to make the agreement appear, and under what circumstances it might not appear (Limitations). In any case, failure of NoCat to force Clients to see an agreement page, or the failure of the Splash page content to protect the DD-WRT box operator from legal attacks, does not make the authors of NoCat, or this Wiki, or DD-WRT, liable.
CLI 
Command Line Interface. Either SSH (more secure, recommended) or Telnet (less or not secure). Windows users use Putty, a free download, as your SSH Client.
NoKaid 
A build of DD-WRT with no specific XBOX support. Leaves room for a tiny read/write folder, storing custom nocat scripts and web pages. (Newer nokaid build don't seem to leave enough room for this)
Gateway Name 
The name of the gateway. Whatever you want to call it. "Joe's Pizza Shop and free DSL Cafe" for example. Use the variable $GatewayName in your splash.html page to display this.
AllowedWebHosts 
Space separated list of websites [hostnames] accessible without requiring I Agree to be clicked (without requiring NoCat Login).
List any webservers, that you would like connecting clients to be able to access, before clicking on I Agree on the NoCatSplash screen. I.E. the webserver hosting your EULA or Welcome Page, if it isn't the router itself.
Document Root 
Web pages for Splashd are stored here. Default configuration is /www.
Splash URL 
Optional URL to fetch dynamic remote splash page from.
Leave empty if using a page stored on the router.
ExcludePorts 
Space-separated list of ports clients cannot use (i.e. port 25, commonly blocked by ISP's).
Users blocked by NoCat cannot send through the ports specified, period.
You should *always* exclude port 25 (SMTP), unless you want to run a portal for wanton spam sending. Normal user web-mail and users using TLS or SSL (both use non-25 port designations) for their Thunderbird or other Mail Programs are not affected by this. Only users using unencrypted, unauthenticated outgoing mail are blocked. Obviously, such activity is a good idea to discourage anyway.
MAC White List 
Add a space separated list of MAC-addresses that should have unlimited Internet Access. The MAC addresses listed in this field will not be redirected to the Splash-page but have internet-access straight away.
Login Timeout
How much time, in seconds, elapses before the client has to see the splash screen again, and click on 'I Agree'. How often a client is shown the EULA or other designated splash page.
  • For Open Mode portals, you probably want to set LoginTimeout to something large (like 86400, for one notification per day). Open Mode, is the only mode supported at this time.
Verbosity 
Log verbosity (to syslogd)
  • 0 is (almost) no logging.
  • 10 is log everything.
  • 5 is probably a safe middle road.
Route only 
Required only if you DO NOT want your gateway to act as a NAT.
  • Enable this only if you're running a strictly routed network, and don't need the gateway to enable NAT for you.
  • You would not normally use this option. So if you don't understand it, leave it to No/Off.


[edit] Getting Started

Instructions here are for v24 and later. For historical information, view older versions of this wiki page.

  • Make sure you are using dd-wrt STANDARD or a version that supports NoCatSplash, see Version Features
  • From the web interface, view Services, Hotspot
  • Set the variables:
    • NoCatSplash -> Enable
    • Gateway IP Addr...
    • Gateway Name
    • Interface
    • Home Page -- the page people will be redirected to, after seeing the splash page, when RedirectionEnable is enabled
    • Homepage RedirectionEnable Disable
    • Allowed Web Hosts -- Hosts the client can access without "agreeing"
      (NoCat automatically includes the Splash URL domain, and the routers IP). Only put the domain name in, this means, do not prefix the name with "http://". (NoCat actually does a DNS lookup of the domain and enables that IP, so other sites with the same IP are also accessible).
    • Document Root /www
      dd-wrt firmware comes complete with sample splash and status pages in this location
    • Splash URL
      Splash URL must be filled in with a website, otherwise Splashd does not work! When using Document Root, Splash URL is ignored. (newer versions don't require Splash URL. When set however, NoCat downloads the page every 6 hours, and uses this page instead of the splash.html file in the Document Root)
    • Exclude Ports
    • MAC White List (Example (without quotes)): "00:1B:B1:1A:FA:9A, 00:1D:E0:2F:D0:AB"
    • Login Timeout
    • Verbosity
    • Route Only -- you very likely want disable here

DD-WRT STANDARD firmware comes complete with sample splash and status pages. Setting up basic NoCat through the Web Interface is easy. More complex options are possible by editing the nocat.conf file directly. NoCat can use a Splash URL hosted outside of the DD-WRT box, such as on NAS. Or NoCat can use the JFFS2 filesystem services on the router. A straight-forward setup is modifying the sample splash page (highly suggested) and storing it directly on the DD-WRT Device.

[edit] Splash Page Variables

Nocatsplash has predefined variables, prefixed with a dollar sign, that show dynamic information as it relates to the application. The file "status.html" (found in the "/www" directory) purports to support the following variables. As of 10:28, 21 June 2009 (CEST), using build v24-sp2 (10/10/09) mega (SVN revision 13064), the variables noted in red do NOT produce ANY output in splash.html OR status.html (however, this has not been confirmed in newer revisions -- any would-be wiki editors need to provide specific build information!!):

$GatewayName
The gateway name as defined in the "Basic Setup" tab under the heading "Optional Settings"
$LocalTime 
The local time. time of the router.
$GatewayStartTime 
The time that the gateway was started. Unknown what this time is based off of.
$TotalConnections 
This could likely be the number of connections that the DD-WRT device is currently serving.
$Version 
Outputs information similar to "0.93pre2-ewrt0.4".
$GatewayMode 
Known to output the phrase "Open". This value is defined in "nocat.conf". Unknown if this value is dynamic.
$LoginTimeout 
The login timeout as defined in the nocatsplash section of the respective "Hotspot" tab.
$IdleTimeout
Outputs the timeout as defined in the "nocat.conf" file. Unknown what this affects.
$HomePage
Outputs the home page defined in the "nocat.conf" file. Variable contains this information regardless of enablement of "homepage redirection:.
$AllowedWebHosts 
Self explanatory. Based on "nocat.conf" file configuration. By default, and at a minimum, this contains the IP of the nocatsplash device.
$LastConnectionTime 
A very useful variable that outputs the last time a user authenticated through nocatsplash. Ironically, this useful variable does not work.
$ConnectionCount
The default "splash.html" page within the "/www" directory indicates that this variable shows the number of users connected to nocat. This would be a VERY useful piece of information to display.
$UserTable 
Some type of table (html, perhaps?) that contains a listing of users connected to the device. It is impossible to tell what identifying information this would contain for obvious reasons.
$redirect 
URL the user entered before being redirected to NoCat. Note that querystrings are removed.
$action 
put this in the action attribute of a form. Outputs something similar to "http:/ /192.168.1.1:5280/"
$SplashURL 
Outputs the splash url as defined in the "nocat.conf" file.
Other variables defined in the nocat.conf file seem to also be available in as splash page variable 
These include: $RouteOnly, $Verbosity, $GatewayAddr, $InternalDevice, $GatewayPort, $GatewayMAC, $DocumentRoot, $SplashURLTimeout (default 21600), $LeaseFile, $FirewallPath, $ExcludePorts, $IncludePorts, $AllowedWebHosts, $MACWhiteList, $DNSAddr, $HomePage, $ForcedRedirect, $MaxMissedARP, $LoginTimeout, $RenewTimeout


[edit] Work-Around

No work-arounds are needed as of build 12188 (05/21/09). View older versions of this wiki page for historical information.


[edit] Customize the Splash Website

Overview: Copy the default splash pages from the read-only area /www to a writeable area on the DD-WRT Device. Then the basic Splash pages can be improved to add your logo or other necessary disclaimers, agreement terms, and customizations.

Steps:

  1. See the Wiki Article Enabling JFFS2 or Adding additional Flash memory to DD-WRT to create the space on the router which is writable.
  2. Using the CLI, create a folder named nocat
    mkdir /jffs/nocat
  3. Check if the folder exists
    cd /jffs/nocat
  4. Copy the default content from /www to /jffs/nocat
    cp -R /www/* /jffs/nocat/
  5. Next edit the /jffs/nocat/splash.html web page.
    See WinSCP and Mirroring
  6. Change the NoCatSplash configuration using the DD-WRT Web Interface from /www to /jffs/nocat. Apply. Restart DD-WRT Device if necessary.

If your DD-WRT version does not support JFFS you have two options:

  1. it is relatively easy to get CIFS working (as long as it points to a shared folder on a computer that is always on)
  2. host your splash page on a webserver on the internet.

[edit] Configuration Screen Photos

v23 NoCatSplash Configuration Web Interface

Image:V23-hotspot-nocatsplash-conf.png


[edit] Advanced Notes

  • If splash.html calls another page, such as when using HTML Frames, the final page's form for the 'I Accept' button must have action="http://the DD-WRT enabled box's IP:5280/" instead of action="$action", and any other variables filled out with the values in the Web Interface/nocat.conf. The variables present in the original splash.html sample do not pass to sub-pages.
  • Your Splash page won't show anything linked outside of the html file if the Splash URL isn't hosted on the router or through a Samba mount. For example .css and images won't load, but style tags in the HEAD of your html page will.
  • The settings for NoCat are stored in /tmp/etc/nocat.conf . See this page for details. You can edit them using vi, but you'll also have to save the corresponding setting to nvram in order for settings to remain in effect after a reboot. For example, you could change the Verbosity to 3 in the configuration file. Then you'd also have to type "nvram set NC_Verbosity=3" and "nvram commit"

Exclude Ports: You must always exclude port 25, otherwise your router can be used as a source of spam. You cannot use both "Exclude Ports" and "Include Ports".

LocalNetwork : Please note that this setting is only used if NoCat can't figure out your network subnet. It does not set NoCat to only be visible for a certain subnet. A better method is to change the Interface option on the NoCat settings page from LAN to br1 (where br1 is the bridge set up to your BSSID or VLAN).

Daemon

/usr/sbin/splashd

Default Configuration file

cat /tmp/etc/nocat.conf

RouteOnly       0
Verbosity       0
GatewayName     DDWRT
DocumentRoot    /jffs/nocat
ExcludePorts    25
AllowedWebHosts 192.168.1.1 mydomain.com
HomePage        http://www.mydomain.com/
SplashURL        http://www.mydomain.com/
LoginTimeout    86400
...
nvram entries

nvram show | grep NC

NC_Verbosity=0
NC_SplashURL=http://www.mydomain.com/
NC_DocumentRoot=/jffs/nocat
NC_RouteOnly=0
NC_HomePage=http://www.mydomain.com/
NC_GatewayName=DDWRT
NC_ExcludePorts=25
NC_LoginTimeout=86400
NC_AllowedWebHosts=mydomain.com
...

[edit] History

While Authentication was originally envisioned for NoCat (NoCatAuth), support has been removed to make this as streamlined as possible.


[edit] References

[edit] Remarks

Please:

  • The place for Questions and Conjecture is on the Article Discussion page (which may be worth reading), or post your Questions in the DD-WRT Forum.
  • PolskiKrol Comments: It would appear that that nokaid version of DD-WRT v24 RC7 no longer leaves any space for JFFS2 on 4MB Firmware. This issue was seen on the WRT150N. The last working firmware [for me, with enough space,] is DD-WRT v24 RC6.2.
  • I am currently using a USB flash drive with the ext2 filesystem in WRT v24 sp2 beta. I have the drive mounting as "/jffs" and nocatsplash is working properly on the device. I mention this to note that not only do i NOT have the "jffs2 support" option set to disabled, but also when i do enable this option (using the correct configurations), things work as expected initially. Once the router is rebooted, however, the device forgets that the JFFS mount is the USB drive, and instead tries to use the space within the flash. This obviously isn't what i expected or wanted, and it results in unintended operation of nocatsplash. ScreamingAnger 10:28, 21 June 2009 (CEST)