diff --git a/roles/network/defaults/main.yml b/roles/network/defaults/main.yml index 2fb7bc256..55c2ffff1 100644 --- a/roles/network/defaults/main.yml +++ b/roles/network/defaults/main.yml @@ -75,6 +75,6 @@ captive_portal_enabled: False # for simple python captive portal py_captive_portal_install: True py_captive_portal_enabled: True -captive_portal_port: "9090" -captive_portal_username: "Admin" -captive_portal_password: "g0adm1n" +py_captive_portal_port: "9090" +py_captive_portal_username: "Admin" +py_captive_portal_password: "changeme" diff --git a/roles/network/templates/captive_portal/captive_portal.py.j2 b/roles/network/templates/captive_portal/captive_portal.py.j2 index 8e0736b07..22ad1f009 100755 --- a/roles/network/templates/captive_portal/captive_portal.py.j2 +++ b/roles/network/templates/captive_portal/captive_portal.py.j2 @@ -7,7 +7,7 @@ import BaseHTTPServer import cgi # These variables are used as settings -PORT = int("{{ captive_portal_port }}") # the port in which the captive portal web server listens +PORT = int("{{ py_captive_portal_port }}") # the port in which the captive portal web server listens IFACE = "{{ iiab_lan_iface }}" # the interface that captive portal protects IP_ADDRESS = "{{ lan_ip }}" # the ip address of the captive portal (it can be the IP of IFACE) @@ -70,7 +70,7 @@ class CaptivePortal(BaseHTTPServer.BaseHTTPRequestHandler): username = form.getvalue("username") password = form.getvalue("password") #dummy security check - if username == '{{ captive_portal_username }}' and password == '{{ captive_portal_password }}': + if username == '{{ py_captive_portal_username }}' and password == '{{ py_captive_portal_password }}': #authorized user remote_IP = self.client_address[0] print 'New authorization from '+ remote_IP diff --git a/roles/network/templates/gateway/iiab-gen-iptables b/roles/network/templates/gateway/iiab-gen-iptables index f88cdae1b..0e456dab1 100755 --- a/roles/network/templates/gateway/iiab-gen-iptables +++ b/roles/network/templates/gateway/iiab-gen-iptables @@ -102,7 +102,7 @@ $IPTABLES -A FORWARD -i $wan -o $lan -m state --state ESTABLISHED,RELATED -j ACC #Block https traffic except if directed at server if [ "$gw_block_https" == "True" ]; then - $IPTABLES -A FORWARD -p tcp ! -d 172.18.96.1 --dport 443 -j DROP + $IPTABLES -A FORWARD -p tcp ! -d {{ lan_ip }} --dport 443 -j DROP fi # Allow outgoing connections from the LAN side. @@ -125,7 +125,7 @@ if [ "$captive_portal_enabled" == "True" ];then $IPTABLES -t nat -A PREROUTING -i {{ iiab_lan_iface }} -p tcp -m mark --mark 99 -m tcp --dport 80 -j DNAT --to-destination {{ lan_ip }} elif [ "py_$captive_portal_enabled" == "True" ];then - $IPTABLES -t nat -A PREROUTING -i $lan -p tcp --dport 80 ! -d {{ lan_ip }} -j DNAT --to {{ lan_ip }}:9090 + $IPTABLES -t nat -A PREROUTING -i $lan -p tcp --dport 80 ! -d {{ lan_ip }} -j DNAT --to {{ lan_ip }}:{{ py_captive_portal_port }} elif [ "$HTTPCACHE_ON" == "True" ]; then $IPTABLES -t nat -A PREROUTING -i $lan -p tcp --dport 80 ! -d {{ lan_ip }} -j DNAT --to {{ lan_ip }}:3128