Serving Chilli for 4 AKA Brighton Chilli Setup Guide v1.1 To get things rolling along you will need to do a couple things first Assign a IP address to your external interface Assing a SSID to your wifi interface (if you're using a wifi interface) Edit the firewall config file (/etc/pf.conf) & specify your external & interface Edit the chilli config file & specify some DNS servers & the interface its going to be running on Edit the captive portal page & add the user authentication secret Start chillispot Reload firewall config Wonder why it's not working! ;) Ok, lets see how you do the steps above: 1) Login as root, there is no password 2) Assign root a password by issuing passwd root 3) Find out what interfaces FreeBSD has detected by running ifconfig -a You should get something similar to this: ral0: flags=8802 mtu 1500 ether 00:11:09:2a:5a:fe media: IEEE 802.11 Wireless Ethernet autoselect status: no carrier ssid "" channel 1 authmode OPEN privacy OFF txpowmax 100 protmode CTS fxp0: flags=8802 mtu 1500 options=b ether 00:02:b3:ea:39:15 media: Ethernet autoselect (none) status: no carrier pfsync0: flags=0<> mtu 2020 pflog0: flags=141 mtu 33208 lo0: flags=8049 mtu 16384 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 inet 127.0.0.1 netmask 0xff000000 In this example ral0 is the wifi interface & fxp0 is the ethernet interface. You can either assign a IP address to fxp0 by hand or via DHCP, to grab a IP address by DHCP issue: dhclient fxp0 to issue a IP address manually use ifconfig ifconfig if#0 IP.ADD.RE.SS netmask sub.net.mask eg ifconfig fxp0 60.70.70.51 netmask 255.255.255.0 then add your default gateway using the following convention: route add default ip.add.res.s eg: route add default 60.70.70.50 4) You now need to assign a SSID to your wireless interface, specify that you're running it in hostap mode & mark it as up ifconfig if#0 ssid mynetworkname mediaopt hostap up eg: ifconfig ral0 ssid brightonchilli mediaopt hostap up runing ifconfig if# will show that your wifi card is now working as a access point: ifconfig ral0 ral0: flags=8843 mtu 1500 inet6 fe80::211:9ff:fe2a:5afe%ral0 prefixlen 64 scopeid 0x1 ether 00:11:09:2a:5a:fe media: IEEE 802.11 Wireless Ethernet autoselect (autoselect ) status: associated ssid brightonchilli channel 1 bssid 00:11:09:2a:5a:fe authmode OPEN privacy OFF txpowmax 100 protmode CTS dtimperiod 1 bintval 100 Note, if you're planning on using a seperate access point & don't have a wifi card install in the pc you're booting the live CD on, you just need mark the interface connected to your access point as up. ifconfig if#1 up eg: ifconfig fxp1 up 5) Now edit the firewall config file & specify which interface is your external interface & which is either your wifi interface or the interface connected to a access point. vi or ee /etc/pf.conf & change the ext_if & int_if variables If you're using a public IP address uncomment the priv_nets variable & the 2 block drop filter rules further down in the config file. save & quit 6) Then edit the chillispot config file & specify the IP address for DNS servers your clients will use & the interface chillispot will be running on (the wifi interface or the interface connected to a access point) vi or ee /usr/local/etc/chilli.conf & edit the dhcpif & uamsecret variables You may need to edit the dns1 & dns2 variables & specify some dns servers if you have resolution problems e.g when you're using dhcp to configure your external interface but you haven't specified any dns servers in your lease information. 7) You now need to edit the captive portal & add the uamsecret you specified in your chilli.conf vi or ee /var/www/data/cgi-bin/hotspotlogin.cgi & change $uamsecret 8) Start Chillispot /usr/local/etc/rc.d/chillispot start 9) Reload your firewall rules pfctl -f /etc/pf.conf 10) There are 4 sample radius users which you can use to login to chillispot with: fry, bender, leela, amy the password on all of them is testing edit /usr/local/etc/raddb/users & change the passwords!!! If you need to add aditional users copy & tweak the details from one of the users above then issue /usr/local/etc/rc.d/radiusd restart 11) Enjoy! :)