README This file
conf/ Configuration files
- rc.firewall.sample Script of sample IPv4 firewall configuration
- rc.firewall6.sample Script of initail IPv6 firewall configuration
+ rc.firewall.sample Script of sample firewall configuration
ipfwctl.pl.sample Perl script executed by opengate(not use in default)
opengatesrv.conf.sample Sample file for Opengate configuration
errcheck.html Error checking list(not up to date)
javahtml/ Client Java Applet and HTML files
- Opengate.class Java Applet main executable file
- Opengate.jar Java Applet archive file
- Opengate.java Java Applet source file
- OpengateClient.class Java Applet sub executable file
index.html.var Document selector placed in DocumentRoot
httpkeep.js JavaScript code for http keep-alive
md5.js JavaScript code for MD5 hash
favicon.ico favorite icon
en/ & ja/ HTML files for each language
- accept-java.html Accept message page for java mode
accept-http.html Accept message page for http mode
accept-time.html Accept message page for timeout mode
accept2.html Second accept message page(for start browsing)
### (In default this script is disabled. See opengatesrv.conf.)
### (Consider setting by ipfw rule or opengatesrv.conf before use this)
-($ipfwpath,$rulenumber,$clientaddr,$userid,$macaddr,$userproperty)=@ARGV;
+($ipfwpath,$rulenumber,$clientaddr,$userid,$macaddr,$userproperty,$ipfwtagnumber)=@ARGV;
close STDOUT; close STDERR; close STDIN;
## add ipfw rules
system "$ipfwpath","-q","add","$rulenumber",
- "allow","ip","from","$clientaddr","to","any";
+ "count","tag","$ipfwtagnumber","ip","from","$clientaddr","to","any";
system "$ipfwpath","-q","add","$rulenumber",
- "allow","ip","from","any","to","$clientaddr";
+ "count","tag","$ipfwtagnumber","ip","from","any","to","$clientaddr";
## remove process attached to the same user on different ip address.
## if you allow multi-login, comment out next line.
removeSameUserProc
- ($ipfwpath,$rulenumber,$clientaddr,$userid,$macaddr,$userproperty);
+ ($ipfwpath,$rulenumber,$clientaddr,$userid,$macaddr,$userproperty,$ipfwtagnumber);
exit 0;
=====================================================
#!/usr/bin/perl
-# get parameters
-($ipfwpath,$rulenumber,$clientaddr,$userid,$macaddr)=@ARGV;
-
-# close web server I/O
+($ipfwpath,$rulenumber,$clientaddr,$userid,$macaddr,$userproperty,$ipfwtagnumber)=@ARGV;
close STDOUT; close STDERR; close STDIN;
-# allow all packets incomming to the client.
+
+## add ipfw rules
system "$ipfwpath","-q","add","$rulenumber",
- "allow","ip","from","any","to","$clientaddr";
+ "count","tag","$ipfwtagnumber","ip","from","$clientaddr","to","any";
-# allow all packets outgoing from the client.
system "$ipfwpath","-q","add","$rulenumber",
- "allow","ip","from","$clientaddr","to","any";
+ "count","tag","$ipfwtagnumber","ip","from","any","to","$clientaddr";
+
+## remove process attached to the same user on different ip address.
+## if you allow multi-login, comment out next line.
+removeSameUserProc
+ ($ipfwpath,$rulenumber,$clientaddr,$userid,$macaddr,$userproperty,$ipfwtagnumber);
exit 0;
-__END__
======================================================
<?xml version="1.0"?>
-<Opengate ConfigVersion="1.4.23">
+<Opengate ConfigVersion="1.5.0">
<!-- #################################################
####### NEED TO MODIFY FOLLOWING PARAMETERS ##### -->
<AuthServer>
<Protocol>pop3s</Protocol>
<Address>192.168.0.2</Address>
- <Timeout>10</Timeout>
</AuthServer>
<!-- ##########################################################
<!-- Set 2 to write many information to syslog -->
<Debug>1</Debug>
- <!-- client usage watch mode in default('Java', 'Http', or 'Time') -->
+ <!-- client usage watch mode in default('Http', or 'Time') -->
<WatchMode>Http</WatchMode>
<!-- Syslog (local0, local1, .., local7)-->
<Facility>local1</Facility>
</Syslog>
+ <!-- SQLite database file -->
+ <SqliteDb>/tmp/opengate.db</SqliteDb>
+
<!-- Allowable duration for users to use network(seconds) -->
- <!-- If no connection with java/http, network is closed after this. -->
+ <!-- If no connection with http, network is closed after this. -->
<Duration>
<Default>300</Default>
<Max>3600</Max>
</Duration>
<!-- Client Live Check (seconds) -->
- <!-- In JAVA connection, send HELLO and get reply. -->
<!-- In HTTP connection, existance of HELLO request. -->
<!-- In no connection, check mac address mismatch and no packet. -->
<ActiveCheckInterval>50</ActiveCheckInterval>
<SkipAgentPattern>^$</SkipAgentPattern>
</HttpWatch>
- <!-- Watch client with Java Applet -->
- <JavaWatch>
- <!-- HTTP_USER_AGENT ignoring java watch mode -->
- <!-- defined by "POSIX Extended Regular Expression" -->
- <SkipAgentPattern>^$</SkipAgentPattern>
- </JavaWatch>
-
- <!-- IPFW rule number range used by opengate -->
+ <!-- IPFW rule number range and tag number used by opengate -->
<IpfwRule>
<Min>10000</Min>
<Max>40000</Max>
<Interval>2</Interval>
</IpfwRule>
- <!-- IP6FW rule number range used by opengate -->
- <Ip6fwRule>
- <Min>10000</Min>
- <Max>40000</Max>
- <Interval>2</Interval>
- </Ip6fwRule>
-
+ <!-- IPFW Tag number used in rc.firewall -->
+ <IpfwTagNumber>123</IpfwTagNumber>
+
<!-- Port number range used by opengate -->
<ListenPort>
<Min>30000</Min>
<!-- communication reply timeout(second) -->
<CommWaitTimeout>10</CommWaitTimeout>
- <!-- Java connection timeout(second) -->
- <JavaWaitTimeout>600</JavaWaitTimeout>
-
<!-- http reconnect timeout(second) -->
<ReconnectTimeout>180</ReconnectTimeout>
<HtmlLangs>en ja</HtmlLangs>
<!-- Path to Apache Contents -->
- <DocumentRoot>/usr/local/www/data</DocumentRoot>
+ <DocumentRoot>/usr/local/www/apache22/data</DocumentRoot>
<CgiDir>/cgi-bin</CgiDir>
<OpengateDir>/opengate</OpengateDir>
<DenyDoc>deny.html</DenyDoc>
<DenyDocSsl>deny-ssl.html</DenyDocSsl>
<AcceptDocHttp>accept-http.html</AcceptDocHttp>
- <AcceptDocJava>accept-java.html</AcceptDocJava>
<AcceptDocTime>accept-time.html</AcceptDocTime>
<AcceptDoc2>accept2.html</AcceptDoc2>
<AuthDoc>index.html</AuthDoc>
<FwdDoc>topindex.html</FwdDoc>
<RetryDoc>retry.html</RetryDoc>
<HttpKeepDoc>httpkeep.html</HttpKeepDoc>
+ <SkipAuthDoc>skip-auth.html</SkipAuthDoc>
<!-- CGI programs -->
<AuthCgi>opengateauth.cgi</AuthCgi>
<FwdCgi>opengatefwd.cgi</FwdCgi>
<MainCgi>opengatesrv.cgi</MainCgi>
- <!-- Java Script (in opengate dir) -->
+ <!-- JavaScript (in opengate dir) -->
<HttpKeepJS>httpkeep.js</HttpKeepJS>
<Md5JS>md5.js</Md5JS>
<ExternalUrl>http://www.google.com/</ExternalUrl>
<!-- Url to start browsing after authentication -->
- <!-- if type=0, use acceptdoc2. if type=1, use below url -->
+ <!-- type:0=acceptdoc2.html,1=below Url,2=redirected(requested) Url -->
<StartPage>
<Type>0</Type>
<Url>http://www.yahoo.com/</Url>
<ArpPath>/usr/sbin/arp</ArpPath>
<NdpPath>/usr/sbin/ndp</NdpPath>
<IpfwPath>/sbin/ipfw</IpfwPath>
- <Ip6fwPath>/sbin/ipfw</Ip6fwPath>
<PsPath>/bin/ps</PsPath>
<!-- Ipfw is opened via perl script(1) or direct from C(0) -->
<Path>/etc/opengate/ipfwctrl.pl</Path>
</IpfwScript>
- <!-- Ip6fw is opened via perl script(1) or direct from C(0) -->
- <Ip6fwScript>
- <Enable>0</Enable>
- <Path>/etc/opengate/ipfwctrl.pl</Path>
- </Ip6fwScript>
-
<!-- Lock file for exclusive exec to prevent overlapped rule number -->
<LockFile>/tmp/opengate.lock</LockFile>
<Address>192.168.0.1</Address>
<Protocol>ftp</Protocol>
</AuthServer>
+ <IpfwTagNumber>999</IpfwTagNumber>
+
</ExtraSet>
## End of sample 1 ## -->
<Facility>local2</Facility>
</Syslog>
</ExtraSet>
+ ## Caution: if no userid is entered, set as userid="?" ##
## End of sample 3 ## -->
</Opengate>
$fwcmd add pass udp from fe80::/10 521 to ff02::9 521
$fwcmd add pass udp from fe80::/10 521 to fe80::/10 521
+############Taggged rules############################
+## Opengate add following rules after authentication
+## count tag <TagNo> ip from any to <ClientAddr>
+## count tag <TagNo> ip from <ClientAddr> to any
+## <TagNo> : IpfwTagNumber in opengatesrv.conf
+## <ClientAddr> :IP address of authenticated client
+
+$fwcmd add 60000 allow ip from any to any tagged 123
+
+################################################
+
### Forwarding IPv4 http connection from unauth client
-$fwcmd add 60000 fwd localhost tcp from ${inet}:${imask} to any 80
-$fwcmd add 60000 fwd localhost tcp from ${inet}:${imask} to any 443
+$fwcmd add 60100 fwd localhost tcp from ${inet}:${imask} to any 80
+$fwcmd add 60100 fwd localhost tcp from ${inet}:${imask} to any 443
### Allow http reply for forwarded request
### (it is sent out from localhost but has original source address)
-$fwcmd add 60100 pass tcp from any 80 to any out
-$fwcmd add 60100 pass tcp from any 443 to any out
+$fwcmd add 60110 pass tcp from any 80 to any out
+$fwcmd add 60120 pass tcp from any 443 to any out
# TCP reset notice message for IPv6 http connection
-$fwcmd add 60200 reset tcp from any to any 80
-$fwcmd add 60300 reset tcp from any to any 443
+$fwcmd add 60130 reset tcp from any to any 80
+$fwcmd add 60140 reset tcp from any to any 443
+++ /dev/null
-### set these to your outside interface network and netmask and ip
-oif="fxp1"
-onet="192.168.0.0"
-omask="255.255.255.0"
-oip="192.168.0.124"
-
-### set these to your inside interface network and netmask and ip
-iif="fxp0"
-inet="192.168.1.0"
-imask="255.255.255.0"
-iip="192.168.1.1"
-
-fwcmd="/sbin/ipfw"
-
-### divert packet to NATD
-$fwcmd add 1 divert natd ip from any to any via ${oif}
-
-### Stop spoofing
-$fwcmd add deny all from ${inet}:${imask} to any in via ${oif}
-$fwcmd add deny all from ${onet}:${omask} to any in via ${iif}
-
-### Allow from / to myself
-$fwcmd add pass all from ${iip} to any via ${iif}
-$fwcmd add pass all from ${oip} to any via ${oif}
-$fwcmd add pass all from any to ${iip} via ${iif}
-$fwcmd add pass all from any to ${oip} via ${oif}
-
-### Allow DNS queries out in the world
-### (if DNS is on localhost, delete passDNS)
-$fwcmd add pass udp from any 53 to any
-$fwcmd add pass udp from any to any 53
-$fwcmd add pass tcp from any to any 53
-$fwcmd add pass tcp from any 53 to any
-
-### Forwarding http connection from unauth client
-$fwcmd add 60000 fwd localhost tcp from ${inet}:${imask} to any 80
-$fwcmd add 60000 fwd localhost tcp from ${inet}:${imask} to any 443
-
-### Allow http reply for forwarded request
-### (it is sent out from localhost but has original source address)
-$fwcmd add 60100 pass tcp from any 80 to any out
-$fwcmd add 60100 pass tcp from any 443 to any out
+++ /dev/null
-### set these to your outside interface network and prefixlen and ip
-oif="fxp1"
-onet="fe80::"
-oprefixlen="64"
-oip="fe80::202:b3ff:fe0a:c30e"
-
-### set these to your inside interface network and prefixlen and ip
-iif="fxp0"
-inet="2001:2f8:22:802::"
-iprefixlen="64"
-iip="2001:2f8:22:802::1"
-
-### path to command "ip6fw"
-fw6cmd="/sbin/ip6fw"
-
-${fw6cmd} add pass all from ${iip} to any
-${fw6cmd} add pass all from any to ${iip}
-${fw6cmd} add pass all from ${oip} to any
-${fw6cmd} add pass all from any to ${oip}
-
-### Allow RA RS NS NA Redirect...
-${fw6cmd} add pass ipv6-icmp from any to any
-
-# Allow IP fragments to pass through
-${fw6cmd} add pass all from any to any frag
-
-# Allow RIPng
-${fw6cmd} add pass udp from fe80::/10 521 to ff02::9 521
-${fw6cmd} add pass udp from fe80::/10 521 to fe80::/10 521
-
-# TCP reset notice message
-${fw6cmd} add 60200 reset tcp from any to any 80
-${fw6cmd} add 60300 reset tcp from any to any 443
Changed value of ActiveCheckInterval. Modified install.html.
</DD><DT>
Ver.1.4.37 at 2009.8.18
- </DT><DD>
+ </DT><DD STYLE="margin-bottom: 0.2in">
Fixed Radius error.
</DD><DT>
- Ver.1.4.38 at 2009.9.1
+ Ver.1.4.38 at 2009.8.28
</DT><DD>
Modified english document.(No modification to source)
+ </DD><DT>
+ Ver.1.5.0 at 2009.9.11
+ </DT><DD>
+ Removed JavaApplet mode. Removed ip6fw command.
+ Added firewall tag rule. Added Sqlite3 database.
+ Added cookie authentication.
+ Added function to return to requested url.
+ Use carefully, as this is a preliminary release.
</DD>
</DL>
<P>
<br>\r
/usr/local/www/data/index.html.var<br>\r
/usr/local/www/cgi-bin/opengate/(opengatesrv.cgi, opengatefwd.cgi, opengateauth.cgi)<br>\r
- /usr/local/www/data/opengate/(Opengate.jar, Opengate.class, OpengateOlient.class)<br>\r
/usr/local/www/data/opengate/(ja, en)/(topindex.html, index.html, index-ssl.html, accept.html, accept2.hmtl, deny.html, deny-ssl.html, retry.html)<br>\r
/etc/opengate/(opengatesrv.conf, rc.firewall, rc.irewall6, ipfwctrl.pl): Copy from *.sample<br>\r
/var/log/opengate.log<br>\r
<LI>Apache server sends back EndWebAndRetry Page.</LI>\r
<UL>\r
<LI>Opengate denys the overlapped request from the client already opened. </LI>\r
-<LI>For no-java client, opengate cannot close the network immediately at browser closing. The network for the client is opened for a while.</LI>\r
+<LI>For no-javascript client, opengate cannot close the network immediately at browser closing. The network for the client is opened for a while.</LI>\r
</UL>\r
\r
<LI>Apache sends back Internal error or FileNotFound error.</LI>\r
<UL>\r
<LI>Yellow bar is not displayed.</LI>\r
<UL>\r
-<LI>Java Applet does not run. Set up Java VM.</LI>\r
-<LI>If ClassNotFound message is displayed, check the directory of Java-class/jar files and applet description in the page.</LI>\r
-<LI>In no-Java mode, the network is opened for a while. the closing occurs when (a)specified duration is passed, (b)terminate link is clicked, (c)correspondence between IP address and MAC address is changed, (d)no packet is passed during a specific time length.</LI>\r
-<LI>If you want to be compatible with Microsoft VM, the applet should be compiled as "javac -target 1.1 Opengate.java". In some environment, additional option "-source 1.2" or "-source 1.3" might be needed.</LI>\r
+<LI>In no-Javascript mode, the network is opened for a while. the closing occurs when (a)specified duration is passed, (b)terminate link is clicked, (c)correspondence between IP address and MAC address is changed, (d)no packet is passed during a specific time length.</LI>\r
</UL>\r
</UL>\r
<P></P>\r
<UL>\r
<LI>If JavaScript is disabled, the window is not popped up.</LI>\r
<LI>If the browser does not permit popup, the window is not popped up.</LI>\r
-<LI>To cope with these client, the start page link is prepared. Another window is prepared to save the window that runs Java Applet.</LI>\r
+<LI>To cope with these client, the start page link is prepared. Another window is prepared to save the window that runs JavaScript.</LI>\r
</UL>\r
</UL>\r
<P></P>\r
\r
<LI>The communication is permitted for a while, but is not after some duration.</LI>\r
<UL>\r
-<LI>For no-Java mode, see above description.</LI>\r
-<LI>When Java runs, the network is closed in the following conditions, (a)Java Applet is terminated (includes browser or OS termination), (b)Java Applet returns no reply to hello, (c)no packet is passed during a specific time length.</LI>\r
+<LI>For no-JavaScript mode, see above description.</LI>\r
+<LI>When JavaScript runs, the network is closed in the following conditions, (a)JavaScript is terminated (includes browser or OS termination), (b)JavaScript returns no reply to hello.</LI>\r
</UL>\r
\r
</UL>\r
\r
<!-- ******************** -->\r
\r
-<LI>The message in yellow bar is changed every 10 minutes.</LI>\r
+<LI>The message in yellow bar is changed every few minutes.</LI>\r
\r
<UL>\r
<LI>The message is not changed.</LI>\r
<UL>\r
<LI>The authetication is not requested and accessed external page is displayed.</LI>\r
<UL>\r
-<LI>When JavaApplet is not active, closing the network is delayed for a while. </LI>\r
+<LI>When JavaScript is not active, closing the network is delayed for a while. </LI>\r
<LI>The deletion of allow rule in ipfw might be skipped when the opengate process is terminated abnormally. A script is prepared in tools directory to cope with the mistake.</LI>\r
<LI>In some OS, the close button might mean resident behind the display.</LI>\r
</UL>\r
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
-<HTML>
-<HEAD>
- <META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=utf-8">
- <TITLE>Opengate Install</TITLE>
-
-</HEAD>
-<BODY LANG="en-US" BGCOLOR="#fafff0" DIR="ltr">
-<H2><A href="#top" name=top><FONT SIZE=4>Opengate Installation
-Procedure</FONT></A></H2>
-
-<!-- Start:content table -->
-<UL>
- <LI><A href="#outline0">Outline</A>
-
- <UL>
- <LI><A href="#outline1">System Configuration</A> </LI>
- <LI><A href="#outline2">Installation Procedure</A> </LI>
- <LI><A href="#outline3">Support Page</A></LI>
- </UL>
- <LI><A href="#freebsd0">FreeBSD Installation</A> </LI>
- <UL>
- <LI><A href="#freebsd1">Basic Installation</A> </LI>
- <LI><A href="#freebsd2">Adding NAT and Firewall</A> </LI>
- <LI><A href="#freebsd3">Setting up IPv6</A></LI>
- </UL>
- <LI><A href="#bind0">BIND9 Installation (Optional)</A> </LI>
- <UL>
- <LI><A href="#bind1">Ports Installation</A> </LI>
- <LI><A href="#bind2">Making RNDC Key</A> </LI>
- <LI><A href="#bind3">Setting up named.conf</A> </LI>
- <LI><A href="#bind4">Creating a Zone file</A> </LI>
- <LI><A href="#bind5">Checking Behavior</A></LI>
- </UL>
- <LI><A href="#dhcp0">isc-dhcp3 Installation (Optional)</A>
- <UL>
- <LI><A href="#dhcp1">Ports Installation</A> </LI>
- <LI><A href="#dhcp2">Setting up DHCP</A></LI>
- </UL>
- <LI><A href="#apache0">Apache2 Installation</A> </LI>
- <UL>
- <LI><A href="#apache1">Ports Installation</A> </LI>
- <LI><A href="#apache2">Making Certificates</A> </LI>
- <LI><A href="#apache3">Setting up VirtualHost</A> </LI>
- <LI><A href="#apache4">Other Settings and Checking the Installation</A></LI>
- </UL>
- <LI><A href="#opengate0">Opengate Installation</A> </LI>
- <UL>
- <LI><A href="#opengate1">Opengate Package</A> </LI>
- <LI><A href="#opengate2">Installation</A> </LI>
- <LI><A href="#opengate3">Setting up Config File</A> </LI>
- <LI><A href="#opengate4">Setting up IPFW</A> </LI>
- <LI><A href="#opengate5">Setting up Syslog</A> </LI>
- <LI><A href="#opengate6">Checking Behavior</A> </LI>
- <LI><A href="#opengate7">Modifying Pages</A> </LI>
- </UL>
- <LI><A href="#mrtg0">MRTG Install(Optional)</A> </LI>
- <UL>
- <LI><A href="#mrtg1">Ports Installation</A> </LI>
- <LI><A href="#mrtg2">Setting up MRTG</A> </LI>
- <LI><A href="#mrtg3">Confirming MRTG Startup Operation</A> </LI>
- <LI><A href="#mrtg4">Registering to Crontab</A> </LI>
- </UL>
- <LI><A href="#rulechk">rulechk Installation (Optional)</A> </LI>
-</UL>
-
-<BR><BR>
-<P></P><!-- End:content table --><!-- Start:Outline -->
-
-
-<H3><A href="#outline0" name=outline0>A Outline</A></H3>
-<UL>
- <LI><A href="#outline1">System Configuration</A> </LI>
-
- <LI><A href="#outline2">Installation Procedure</A> </LI>
-</UL>
-
-<H4><!-- ************1************* -->
-<A href="#outline1" name=outline1>A.1 System
-Configuration</A></H4>
-<UL>
- <LI>Gateway Machine </LI>
- <UL>
- <LI>FreeBSD Ver 4.x, 5.x, 6.x or 7.x </LI>
- <LI>Having two or more NICs </LI>
- </UL></LI>
-</UL>
-<P>In this document, we use the system configuration as follows. The
-network connecting terminals is called "lower-side network" and
-the network having servers is called "upper-side network".</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
- <TR>
- <TD>
- <PRE>upper-side network:192.168.0.0/24, 2001:1:2:3/64
-Gateway to upper-side network:fxp1, 192.168.0.124, 2001:1:2:3::4
-Gateway to lower-side network:fxp0, 192.168.1.1, 2001:5:6:7::1
-lower-side network:192.168.1.0/24, 2001:5:6:7/64</PRE>
- </TD>
- </TR>
-</TABLE>
-<P>Opengate recognizes both IPv4 and IPv6 addresses, and controls
-both firewalls. It can be used for IPv4 control only if the FreeBSD
-environment is not set up for IPv6.</P>
-
-
-<H4><!-- ***********2************** -->
-<A href="#outline2" name=outline2>A.2 Installation
-Procedure</A></H4>
-<P>The following steps are necessary to complete the installation of
-Opengate. <BR>Items marked with '*' are mandatory.</P>
-<UL>
- <LI>FreeBSD Installation * </LI>
-
- <LI>Adding the Firewall * </LI>
-
- <LI>BIND9 Installation and Setup </LI>
-
- <LI>DHCP Installation and Setup </LI>
-
- <LI>Apache2 Installation and Setup *</LI>
-
- <LI>Opengate Installation and Setup *</LI>
-</UL>
-
-
-<H4><!-- ***********3************** -->
-<A href="#outline3" name=outline3>A.2 Support Page</A></H4>
-<P STYLE="MARGIN-BOTTOM: 0in">The Opengate support page can be
-consulted at:
-</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
- <TR>
- <TD>
- <PRE> http://www.cc.saga-u.ac.jp/opengate/index-e.html</PRE>
- </TD>
- </TR>
-</TABLE>
-<P ALIGN=right STYLE="MARGIN-BOTTOM: 0in"><A href="#outline0">back</A> <A href="#top">top</A></P>
-<HR>
-
-
-<!-- Start:FreeBSD Install-->
-<H3><A href="#freebsd0" name=freebsd0>B FreeBSD Installation</A></H3>
-<UL>
- <LI><A href="#freebsd1">Basic Installation</A> </LI>
- <LI><A href="#freebsd2">Adding NAT and Firewall</A> </LI>
- <LI><A href="#freebsd3">Setting up IPv6</A> </LI>
-</UL>
-
-
-<H4><!-- ************1************* -->
-<A href="#freebsd1" name=freebsd1>B.1 Basic Installation</A></H4>
-
-<P>Use FreeBSD4.x or later. FreeBSD6.1 or later is preferred. <BR>Choose
-distribution "Developer (Full sources, binaries and doc)" or
-"all" because we have to compile a custom kernel.</P>
-<P>Add the following line to "/etc/rc.conf", to enable the
-gateway function:</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
- <TR>
- <TD>
- <P><CODE>gateway_enable="YES"</CODE></P>
- </TD>
- </TR>
-</TABLE>
-<P ALIGN=right><A href="#freebsd0">back</A> <A href="#top">top</A></P>
-
-
-<H4><!-- ************ 2 ************** --><A href="#freebsd2" name=freebsd2>B.2 Adding
-NAT and Firewall</A></H4>
-<P>Preparing the kernel to include IPFW and IP6FW functionality.</P>
-<P>Copy the kernel configuration file:</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
- <TR>
- <TD>
- <PRE># cd /usr/src/sys/i386/conf
-# cp GENERIC MYKERNEL</PRE>
- </TD>
- </TR>
-</TABLE>
-<P>Add the following lines to the kernel configuration file:</P>
-<P>A. FreeBSD6.0 or earlier</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
- <TR>
- <TD>
- <PRE>options IPDIVERT
-
-options IPFIREWALL
-options IPFIREWALL_FORWARD
-options IPFIREWALL_VERBOSE
-options IPFIREWALL_VERBOSE_LIMIT=100
-
-options IPV6FIREWALL
-options IPV6FIREWALL_VERBOSE
-options IPV6FIREWALL_VERBOSE_LIMIT=100
-
-options IPSEC
-options IPSEC_ESP
-options TCP_DROP_SYNFIN</PRE>
- </TD>
- </TR>
-</TABLE>
-<P>B. FreeBSD6.1 or later</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
- <TR>
- <TD>
- <PRE>options IPDIVERT
-
-options IPFIREWALL
-options IPFIREWALL_FORWARD
-options IPFIREWALL_VERBOSE
-options IPFIREWALL_VERBOSE_LIMIT=100
-
-options IPSEC
-device crypto</PRE>
- </TD>
- </TR>
-</TABLE>
-<P>compile and install the new kernel (incl. added support for IPFW
-and IP6FW).</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
-<TR><TD>
-<PRE>#cd /usr/src
-#make buildkernel KERNCONF=MYKERNEL
-#make installkernel KERNCONF=MYKERNEL
-</PRE>
-</TD></TR>
-</TABLE>
-<P>It might be failed in old FreeBSD. In the case, execute the following.</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
-<TR><TD>
-<PRE># config MYKERNEL
-# cd ../compile/MYKERNEL
-# make depend
-# make
-# make install</PRE>
-</TD></TR>
-</TABLE>
-<P>"make clean" might be requested before "make
-depend".
-</P>
-<P>Add the following lines to "/etc/rc.conf":</P>
-<P>a. FreeBSD6.0 or earlier</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
- <TR>
- <TD>
- <PRE>firewall_enable="YES"
-firewall_script="/etc/rc.firewall"
-firewall_type="open"
-
-ipv6_firewall_enable="YES"
-ipv6_firewall_script="/etc/rc.firewall6"
-ipv6_firewall_type="open"
-
-natd_enable="YES"
-natd_interface="fxp1"</PRE>
- </TD>
- </TR>
-</TABLE>
-<P>b. FreeBSD6.1 or later</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
- <TR>
- <TD>
- <PRE>firewall_enable="YES"
-firewall_script="/etc/rc.firewall"
-firewall_type="open"
-
-natd_enable="YES"
-natd_interface="fxp1"</PRE>
- </TD>
- </TR>
-</TABLE>
-<P>When enabling IPFW (and IP6FW), make sure
-to also set the firewall_type to 'OPEN', to prevent unpredictable
-system behavior during installation. <BR>To enable NAT, set
-natd_enable to 'YES' and define the natd interface (Upper-side
-interface).</P>
-<P>Connect a client pc to the lower-side
-network and check the IPv4 behavior.<BR>Since DHCP is not yet set up,
-the client's network settings must be configured manually.</P>
-<P ALIGN=right><A href="#freebsd0">back</A> <A href="#top">top</A></P>
-
-
-<H4><!-- ************ 3 ************** -->
-<A href="#freebsd3" name=freebsd3>B.3 Setting up IPv6</A></H4>
-<P>If you need IPv4 only, this section can
-be skipped. <BR>Though explanation is omitted, many parameters, like
-the ones used in the following sample, can be set in /etc/rc.conf.
-<BR>It is advised to read up on IPv6 and carefully set up its
-parameters.
-</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
- <TR>
- <TD>
- <PRE>##ENABLE IPv6
-ipv6_enable="YES"
-ipv6_network_interfaces="gif0 fxp0"
-
-##TUNNELLING INTERFACE
-gif_interfaces="gif0"
-gifconfig_gif0="192.168.0.124 192.168.0.126"
-
-##IPv6 ADDRESS
-ipv6_prefix_fxp0="2001:5:6:7"
-ipv6_ifconfig_fxp0="2001:5:6:7::1 prefixlen 64"
-
-##ADVERTISE
-rtadvd_enable="YES"
-rtadvd_interfaces="fxp0"
-
-##DEFAULT GATEWAY
-ipv6_default_interface="gif0"
-ipv6_defaultrouter="fe80::a:b:c:d%gif0"
-
-##ROUTING(RIPv6)
-ipv6_gateway_enable="YES"
-ipv6_router_enable="YES"
-ipv6_router="/usr/sbin/route6d"
-ipv6_router_flags="-O 2001:5:6:7::/64,gif0"</PRE>
- </TD>
- </TR>
-</TABLE>
-<P>Connect a client pc to the lower-side
-network and check the behavior of IPv6.<BR>On a Windows pc, the
-command "ipv6 install" might be needed to activate IPv6.</P>
-<P ALIGN=right STYLE="MARGIN-BOTTOM: 0in"><A href="#ipfw0">back</A> <A href="#top">top</A></P>
-<HR>
-
-
-<H3><!-- Start:BIND9 Install --><A href="#bind0" name=bind0>C BIND9
-Install(Optional)</A></H3>
-<UL>
- <LI><A href="#bind1">Ports Install</A></LI>
- <LI><A href="#bind2">Making RNDC Key</A></LI>
- <LI><A href="#bind3">Setting up named.conf</A></LI>
- <LI><A href="#bind4">Creating up a Zone file</A> </LI>
- <LI><A href="#bind5">Checking Behavior</A> </LI>
-</UL>
-
-
-<H4><!-- ********** 1 *********** -->
-<A href="#bind1" name=bind1>C.1 Ports Install</A></H4>
-
-<P> You can ignore DNS
-settings, if you control with IP address base
-or use existing DNS servers.</P>
-<P> Installing BIND9 from
-ports:<BR>
-Note: The "sysinstall" command can also be used.</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
- <TR>
- <TD>
- <PRE># cd /usr/ports/dns/bind9/
-# make clean
-# make install clean ; rehash</PRE>
- </TD>
- </TR>
-</TABLE>
-<P>During installation the directory "/etc/namedb
-(/var/named/etc/namedb)" is created.</P>
-<P ALIGN=right><A href="#bind0">back</A> <A href="#top">top</A></P>
-
-
-<H4><!-- ********** 2 ********** -->
-<A href="#bind2" name=bind2>C.2 Making RNDC key</A></H4>
-<P>Use the "rndc" command to further secure BIND9.</P>
-<P>Create the rndc key as follows:</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
- <TR>
- <TD>
- <PRE># cd /etc/namebd/
-# rndc-confgen -b 512 > rndc.conf</PRE>
- </TD>
- </TR>
-</TABLE>
-<P>This will generate the "rndc.conf" file.</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
- <TR>
- <TD>
- <PRE># Start of rndc.conf
-key "rndc-key" {
- algorithm hmac-md5;
- secret "wMpASEmnRVnD602MtEb+RqtMee5+n0RVgpaUrlAHvPpgH3SoK7f2nRZBUH7a0urvmyBuAg0dwtk/Otg9Ker3gA==";
-};
-
-options {
- default-key "rndc-key";
- default-server 127.0.0.1;
- default-port 953;
-};
-# End of rndc.conf
-
-# Use with the following in named.conf, adjusting the allow list as needed:
-# key "rndc-key" {
-# algorithm hmac-md5;
-# secret "wMpASEmnRVnD602MtEb+RqtMee5+n0RVgpaUrlAHvPpgH3SoK7f2nRZBUH7a0urvmyBuAg0dwtk/Otg9Ker3gA==";
-# };
-#
-# controls {
-# inet 127.0.0.1 port 953
-# allow { 127.0.0.1; } keys { "rndc-key"; };
-# };
-# End of named.conf</PRE>
- </TD>
- </TR>
-</TABLE>
-<P ALIGN=right><A href="#bind0">back</A> <A href="#top">top</A></P>
-
-
-<H4><!-- ********* 3 ********* -->
-<A href="#bind3" name=bind3>C.3 Setting up named.conf</A></H4>
-<P>After installation, look for the
-"/etc/namedb/named.conf" file and copy the last half of the
-"rndc.conf" file to it, making sure to remove comments, and
-add IPv6 configuration where/if required.</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
- <TR>
- <TD>
- <PRE># Use with the following in named.conf, adjusting the allow list as needed:
-key "rndc-key" {
- algorithm hmac-md5;
- secret "wMpASEmnRVnD602MtEb+RqtMee5+n0RVgpaUrlAHvPpgH3SoK7f2nRZBUH7a0urvmyBuAg0dwtk/Otg9Ker3gA==";
-};
-
-controls {
- inet ::1 port 953 allow { ::1; } keys { "rndc-key"; };
- inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; };
-};
-# End of named.conf</PRE>
- </TD>
- </TR>
-</TABLE>
-<P>For security reasons, it is better to write the "key"
-directive in the other file.</P>
-<P>Edit the "options" directive in "named.conf":</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
- <TR>
- <TD>
- <PRE>options {
- directory "/etc/namedb";
- pid-file "/var/run/named/pid";
- auth-nxdomain yes;
- listen-on-v6 { any; };
-};</PRE>
- </TD>
- </TR>
-</TABLE>
-<P>Create the corresponding "pid" directory.</P>
-<P ALIGN=right><A href="#bind0">back</A> <A href="#top">top</A></P>
-
-
-<H4><!-- ******** 4 ********* -->
-<A href="#bind4" name=bind4>C.4 Creating a Zone file</A></H4>
-<P>Edit the "view" and "zone" directives in "named.conf".</P>
-<P>The "view" directive is implemented in BIND9. Replying
-to the inquiries from matched-clients, BIND9 sends the information as
-described in the corresponding "view"</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
- <TR>
- <TD>
- <PRE>view "og" {
- match-clients
- {
- 192.168.1.0/24;
- };
-
- recursion yes;
-
- zone "." {
- type hint;
- file "named.root";
- };
-
- zone "og.saga-u.ac.jp" {
- type master;
- file "og.saga-u.ac.jp";
- };
-
- zone "0.0.127.IN-ADDR.ARPA" {
- type master;
- file "master/localhost.rev";
- };
-
- // RFC 3152
- zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.\
- 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA" {
- type master;
- file "master/localhost-v6.rev";
- };
-
- // RFC 1886 -- deprecated
- zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.\
- 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.INT" {
- type master;
- file "master/localhost-v6.rev";
- };
-};</PRE>
- </TD>
- </TR>
-</TABLE>
-<P><BR>Make a "zone" file for the domain "og.saga-u.ac.jp".
-<BR>The domain name and IPv4/6 addresses should be modified properly.
-If you don't need IPv6, remove the line containing "AAAA ....".</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
- <TR>
- <TD>
- <PRE>$TTL 3600
-$ORIGIN og.saga-u.ac.jp.
-
-@ IN SOA ns.og.saga-u.ac.jp. postmaster (
- 2005051702 ;
- 3600
- 1200
- 2419200
- 86400 )
- IN NS ns.og.saga-u.ac.jp.
- IN A 192.168.1.1
- IN MX 10 opengate.og.saga-u.ac.jp.
-
-ns IN A 192.168.1.1
-
-opengate IN A 192.168.1.1
- AAAA 2001:5:6:7::1</PRE>
- </TD>
- </TR>
-</TABLE>
-<P ALIGN=right><A href="#bind0">back</A> <A href="#top">top</A></P>
-
-
-<H4><!-- ********* 5 ********* -->
-<A href="#bind5" name=bind5>C.5 Checking Behavior</A></H4>
-<P>Confirm starting of "named" after completings its
-configuration.</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
- <TR>
- <TD>
- <PRE># /usr/local/sbin/named -u bind -c /etc/namedb/named.conf</PRE>
- </TD>
- </TR>
-</TABLE>
-<P>If "named" starts without problems, add the following
-lines to "/etc/rc.conf" to allow it to automatically start
-on boot up.</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
- <TR>
- <TD>
- <PRE>named_enable="YES"
-named_program="/usr/local/sbin/named"
-named_flags="-u bind -c /etc/namedb/named.conf"</PRE>
- </TD>
- </TR>
-</TABLE>
-<P>Because the management of a DNS server
-can be complicated, it is strongly advised to carefully read the
-BIND9 manual, and/or consult other documentation.</P>
-<P ALIGN=right STYLE="MARGIN-BOTTOM: 0in"><A href="#bind0">back</A> <A href="#top">top</A></P>
-
-
-<HR>
-<H3><!-- Start:isc-dhcp3 Install -->
-<A href="#dhcp0" name=dhcp0>D isc-dhcp3 Installation (Optional)</A></H3>
-<UL>
- <LI><A href="#dhcp1">Ports Installation</A>
- <LI><A href="#dhcp2">Setting up DHCP</A> </LI>
-</UL>
-
-
-<H4><!-- *********** 1 ************* -->
-<A href="#dhcp1" name=dhcp1>D.1 Ports Install</A></H4>
-<P>If many client PCs are going to be
-connected, using the DHCP service might be a desirable solution for
-assigning IP addresses to these clients.</P>
-<P>Installing isc-dhcp3 from ports:<BR>Note:
-the "sysinstall" command can also be used.</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
- <TR>
- <TD>
- <PRE># cd /usr/ports/net/isc-dhcp3-server
-# make clean
-# make install clean ; rehash</PRE>
- </TD>
- </TR>
-</TABLE>
-<P ALIGN=right><A href="#dhcp0">back</A> <A href="#top">top</A></P>
-
-
-<H4><!-- ************ 2 ************** -->
-<A href="#dhcp2" name=dhcp2>D.2 Setting up DHCP</A></H4>
-<P>The"/usr/local/etc/dhcpd.conf.sample"
- configuration file is created during installation. <BR>Copy
-"dhcpd.conf.sample" to "dhcpd.conf" and edit the
-file. <BR><BR>The following is an example setup: <BR>The lease time
-must be greater than the maximum usage duration (Duration/Max in
-opengatesrv.conf).<BR>The domain name and IP addresses should be
-modified.
-</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
- <TR>
- <TD>
- <PRE>option domain-name "og.saga-u.ac.jp";
-option domain-name-servers 192.168.1.1;
-option subnet-mask 255.255.255.0;
-option broadcast-address 192.168.1.255;
-option routers 192.168.1.1;
-
-default-lease-time 86400;
-max-lease-time 604800;
-ddns-update-style none;
-log-facility local7;
-
-subnet 192.168.55.0 netmask 255.255.255.0 {
- range 192.168.1.10 192.168.1.250;
-}</PRE>
- </TD>
- </TR>
-</TABLE>
-<P>Add the following lines to "/etc/rc.conf" to allow it to
-automatically start on boot up.</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
- <TR>
- <TD>
- <PRE>dhcpd_enable="YES"
-dhcpd_ifaces="fxp0"
-dhcpd_conf="/usr/local/etc/dhcpd.conf"</PRE>
- </TD>
- </TR>
-</TABLE>
-<P>In this example, the value of
-"dhcpd_ifaces" is the interface providing the DHCP service
-<BR>(to the lower-side network).</P>
-<P ALIGN=right STYLE="MARGIN-BOTTOM: 0in"><A href="#dhcp0">back</A> <A href="#top">top</A></P>
-<HR>
-
-
-<H3><!-- Start:Apache2 Install--><A href="#apache0" name=apache0>E Apache2
-Installation</A></H3>
-<UL>
- <LI><A href="#apache1">Ports Installation</A> </LI>
- <LI><A href="#apache2">Making Certificates</A> </LI>
- <LI><A href="#apache3">Setting up SSL</A></LI>
- <LI><A href="#apache4">Other Settings and Checking the installation</A> </LI>
-</UL>
-
-
-<H4><!-- ************ 1 ************** --><A href="#apache1" name=apache1>E.1 Ports
-Install</A></H4>
-<P>When using IPv6, Opengate needs Apache2
-to support IPv6. <BR>By default, Apache2 supports SSL which is
-preferred for secure authentication.</P>
-<P>Installing Apache2 from ports:<BR>Note:
-The "sysinstall" command can also be used.</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
- <TR>
- <TD>
- <PRE># cd /usr/ports/www/apache22
-# make clean
-# make install clean ; rehash</PRE>
- </TD>
- </TR>
-</TABLE>
-<P ALIGN=right><A href="#apache0">back</A> <A href="#top">top</A></P>
-
-
-<H4><!-- ************ 2 ************** --><A href="#apache2" name=apache2>E.2 Making
-Certificates</A></H4>
-<P>It is better to obtain a formal key from
-some CA. But we will show you how to create a self-signed private key
-and certificate.
-</P>
-<P>Creating a private key:</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
- <TR>
- <TD>
- <PRE># cd /usr/local/etc/apache22
-# mkdir ssl.key ssl.crt
-# chmod 700 ssl.key ssl.crt
-
-# /usr/bin/openssl genrsa -out /usr/local/etc/apache22/server.key 1024</PRE>
- </TD>
- </TR>
-</TABLE>
-<P><BR>Making a certificate from the created key:</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
- <TR>
- <TD>
- <PRE># /usr/bin/openssl req -new -x509 -days 365 \
- -key /usr/local/etc/apache22/server.key \
- -out /usr/local/etc/apache22/server.crt
-
-You are about to be asked to enter information that will be incorporated
-into your certificate request.
-What you are about to enter is what is called a Distinguished Name or a DN.
-There are quite a few fields but you can leave some blank
-For some fields there will be a default value,
-If you enter '.', the field will be left blank.
------
-Country Name (2 letter code) [AU]:JP
-State or Province Name (full name) [Some-State]:Saga
-Locality Name (eg, city) []:Saga-city
-Organization Name (eg, company) [Internet Widgits Pty Ltd]:Saga-university
-Organizational Unit Name (eg, subsection) []:Opengate Management
-Common Name (eg, YOUR name) []:opengate.og.saga-u.ac.jp
-Email Address []:administrator@opengate.og.saga-u.ac.jp
-
-Please enter the following 'extra' attributes
-to be sent with your certificate request
-A challenge password []:
-An optional company name []:</PRE>
- </TD>
- </TR>
-</TABLE>
-<P ALIGN=right><A href="#apache0">back</A> <A href="#top">top</A></P>
-
-
-<H4><!-- ************ 3 ************** --><A href="#apache3" name=apache3>E.3
-Setting up SSL</A></H4>
-<P>Edit "/usr/local/etc/apache22/extra/httpd-ssl.conf" as
-shown in the following example:</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
- <TR>
- <TD>
- <P>ssl.conf
- </P>
- </TD>
- </TR>
- <TR>
- <TD>
- <PRE><VirtualHost _default_:443>
- DocumentRoot "/usr/local/www/apache22/data"
- ServerName opengate.og.saga-u.ac.jp:443
- ServerAdmin administrator@opengate.og.saga-u.ac.jp
- ErrorLog "|/usr/bin/logger -p local6.info"
- CustomLog "|/usr/bin/logger -p local5.info" combined
-
- SSLEngine on
- SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
- SSLCertificateFile /usr/local/etc/apache22/server.crt
- SSLCertificateKeyFile /usr/local/etc/apache22/server.key
-</VirtualHost></PRE>
- </TD>
- </TR>
-</TABLE>
-<P>Since Apache2 has many settings,
-familiarize yourself with the Apache2 configuration options for
-adequate control.</P>
-<P ALIGN=right><A href="#apache0">back</A> <A href="#top">top</A></P>
-
-
-<H4><!-- ************ 4 ************** --><A href="#apache4" name=apache4>E.4 Other
-Settings and Checking the Installation</A></H4>
-<P>Edit "/usr/local/etc/apache22/httpd.conf" as follows:</P>
-<P>Opengate should send back the
-authentication page in response to any kind of HTTP request. <BR>To
-do so, add the following line to httpd.conf: <BR> (the top page will
-be sent back on an HTTP_ERROR 404 [file not found] error).</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
- <TR>
- <TD>
- <PRE>ErrorDocument 404 /</PRE>
- </TD>
- </TR>
-</TABLE>
-<P><BR>Add "ExecCGI" to allow executing CGI programs in the
-cgi-bin directory.</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
- <TR>
- <TD>
- <PRE><Directory "/usr/local/www/cgi-bin">
- ...
- Options ExecCGI
- ...
-</Directory></PRE>
- </TD>
- </TR>
-</TABLE>
-<P>Remove the comment mark ("#") to
-enable the following setting:
-</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
- <TR>
- <TD>
- <PRE>AddHandler cgi-script .cgi
-AddHandler type-map .var</PRE>
- </TD>
- </TR>
-</TABLE>
-<P>Add "index.html.var" to
-DirectoryIndex:
-</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
- <TR>
- <TD>
- <PRE>DirectoryIndex index.html.var index.html</PRE>
- </TD>
- </TR>
-</TABLE>
-<P>Include ssl conf file:</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
- <TR>
- <TD>
- <PRE>Include etc/apache22/extra/httpd-ssl.conf</PRE>
- </TD>
- </TR>
-</TABLE>
-<P>Set ServerName:
-</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
- <TR>
- <TD>
- <PRE>ServerName opengate.og.saga-u.ac.jp</PRE>
- </TD>
- </TR>
-</TABLE>
-<P>Start Apache2 with "apachectl start"
-and check for errors. <BR>If no errors are displayed, add the
-following lines to "/etc/rc.conf" to allow Apache to start
-on boot up:</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
- <TR>
- <TD>
- <PRE>apache22_enable="YES"
-apache22ssl_enable="YES"</PRE>
- </TD>
- </TR>
-</TABLE>
-<P>If the system shows "Failed to
-enable the 'httpready' Accept Filter", add the following to
-/boot/loader.conf :</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
- <TR>
- <TD>
- <PRE>accf_http_load="YES"</PRE>
- </TD>
- </TR>
-</TABLE>
-<P>Should the certificate require a PASSPHRASE, Apache will ask for it during
-boot up.<BR> If you do not enter the passphrase (reboot due to
-power outage, remote reboot, ,...), this will prevent <BR> the server from starting Apache normally,
-i.e. leaving you with a possible "crippled" server.</P>
-<BLOCKQUOTE>
-<P>
-Easy fix:<BR>
-1. create a simple script containing the following:<BR>
-#!/bin/sh<BR>
-echo "<passphrase goes here>"<BR>
-<BR>2. add the following to httpd.conf:<BR>
-SSLPassPhraseDialog exec:/path/to/above/script
-</P></BLOCKQUOTE>
-
-<P ALIGN=right STYLE="MARGIN-BOTTOM: 0in"><A href="#apache0">back</A> <A href="#top">top</A></P>
-
-
-<HR>
-<H3><!-- Start:Opengate Install -->
-<A href="#opengate0" name=opengate0>F Opengate Installation</A></H3>
-<UL>
- <LI><A href="#opengate1">Opengate Package</A>
- <LI><A href="#opengate2">Installation</A> </LI>
- <LI><A href="#opengate3">Setting up Config File</A> </LI>
- <LI><A href="#opengate4">Setting up IPFW</A> </LI>
- <LI><A href="#opengate5">Setting up syslog</A> </LI>
- <LI><A href="#opengate6">Checking Behavior</A> </LI>
- <LI><A href="#opengate7">Modifying Pages</A> </LI>
-</UL>
-
-
-<H4><!-- ************1************* -->
-<A href="#opengate1" name=opengate1>F.1 Opengate
-Package</A></H4>
-<P>Unpack the Opengate compressed file:
-</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
- <TR>
- <TD>
- <PRE># tar xzvf opengatexxxx.tar.gz</PRE>
- </TD>
- </TR>
-</TABLE>
-<P>It contains the following directories:</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
- <TR>
- <TD>
- <PRE>doc: Documentation
-conf: Configuration files and firewall control Perl script sample
-javahtml: Client Java Programs and HTML files
-opengatesrv: Server CGI programs
-tools: Some related tools
-ezxml: XML parser (Copyright Aaron Voisine)</PRE>
- </TD>
- </TR>
-</TABLE>
-<P ALIGN=right><A href="#opengate0">back</A> <A href="#top">top</A></P>
-
-
-<H4><!-- ************2************* -->
-<A href="#opengate2" name=opengate2>F.2 Installation</A></H4>
-<P>Check the settings in "opengatesrv/Makefile" and modify
-if needed:</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
- <TR>
- <TD>
- <PRE>HTMLTOP = /usr/local/www/apache22
-DOCDIR = /data
-CGIDIR = /cgi-bin
-OPENGATEDIR = /opengate
-CONFIGPATH = /etc/opengate</PRE>
- </TD>
- </TR>
-</TABLE>
-<P>Compile and Install:</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
- <TR>
- <TD>
- <PRE># make clean
-# make install</PRE>
- </TD>
- </TR>
-</TABLE>
-<P ALIGN=right><A href="#opengate0">back</A> <A href="#top">top</A></P>
-
-
-<H4><!-- ************ 3 ************** -->
-<A href="#opengate3" name=opengate3>F.3 Setting up Config File</A></H4>
-
-<P>Copy the sample configuration file
-"/etc/opengate/opengatesrv.conf.sample" to
-"/etc/opengate/opengatesrv.conf" and modify. <BR>The
-following settings must be changed:</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
- <TR>
- <TD>
- <PRE> <OpengateServerName>opengate.og.saga-u.ac.jp</OpengateServerName>
-
- <AuthServer>
- <Protocol>pop3s</Protocol>
- <Address>192.168.0.2</Address>
- </AuthServer></PRE>
- </TD>
- </TR>
-</TABLE>
-<P>In <OpengateServerName>, set the
-HOSTNAME(FQDN) or IP address of the opengate gateway server. If you
-want to use IPv6, you need to set the FQDN corresponding to both IPv4
-and IPv6 addresses.</P>
-<P>In <AuthServer>, set the
-information for the authentication server. Opengate supports various
-authentication protocols. See the config file for details. <BR>To
-differentiate between erorrs caused by authentication server or those
-caused by the opengate server, try the following setting first. This
-means that any userid and password combination is accepted.</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
- <TR>
- <TD>
- <PRE> ****Do not use this setting in real service****
- <AuthServer>
- <Protocol>accept</Protocol>
- <AuthServer></PRE>
- </TD>
- </TR>
-</TABLE>
-<P>The config file is XML. "#" marks in
-the file do not represent the start of a comment. <BR>Use
-XML-formatted comments like <!-- Comment String --> to disable
-a description.</P>
-<P>Opengate can pass authentication settings
-in the form of "userid@extid". <BR>See the config file for
-more details. <BR>By using this function, you can use different
-authentication servers for many sections or guests.</P>
-<P>When the primary authentication server
-does not reply, Opengate can resend the request to other
-authentication servers. See the config file for more details.</P>
-<P>Caution: Do not delete the IPv6 related
-settings in the config file! <BR> The IPv6 access is executed when
-the FQDN for IPv6 is prepared.</P>
-
-<P ALIGN=right><A href="#opengate0">back</A> <A href="#top">top</A></P>
-
-
-<H4><!-- ************ 4 ************** -->
-<A href="#opengate4" name=opengate4>F.4 Setting up IPFW</A></H4>
-<P>Write IPFW rules for Opengate.
-</P>
-<P>a. For FreeBSD6.0 or earlier</P>
-<P>IPv4 and Ipv6 rules are controlled by IPFW and IP6FW respectively
-.</P>
-<P> Sample rule sets for both firewall
-types are prepared as "/etc/opengate/rc.firewall4.sample"
-and "/etc/opengate/rc.firewall6.sample"</P>
-<P>Copy these scripts and modify according to your needs.</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
- <TR>
- <TD>
- <PRE># cd /etc/opengate
-# cp rc.firewall4.sample rc.firewall4
-# cp rc.firewall6.sample rc.firewall6
-# vi rc.firewall4
-# vi rc.firewall6</PRE>
- </TD>
- </TR>
-</TABLE>
-<P>Modify the firewall settings in /etc/rc.conf as follows: <BR> Be
-careful not to lock yourself out of the system after reloading the
-firewall.</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
- <TR>
- <TD>
- <PRE>firewall_enable="YES"
-firewall_script="/etc/opengate/rc.firewall4"
-
-ipv6_firewall_enable="YES"
-ipv6_firewall_script="/etc/opengate/rc.firewall6"</PRE>
- </TD>
- </TR>
-</TABLE>
-<P>For Ipv6 support, change the path in "/etc/opengatesrv.conf"
-from <Ip6fwPath>/sbin/ipfw</Ip6fwPath> to
-<Ip6fwPath>/sbin/ip6fw</Ip6fwPath>
-</P>
-<P>b. For FreeBSD6.1 or later</P>
-<P>Both IPv4 and IPv6 packets are controlled by IPFW.</P>
-<P>A sample rule set for IPFW can be found in
-"/etc/opengate/rc.firewall.sample"</P>
-<P>Copy the script and modify to fit your needs. <BR> If you are
-not familiar with Ipv6, set IPv6 addresses as localhost (*net6="0",
-*ip6="::1").</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
- <TR>
- <TD>
- <PRE># cd /etc/opengate
-# cp rc.firewall.sample rc.firewall
-# vi rc.firewall</PRE>
- </TD>
- </TR>
-</TABLE>
-<P>Modify the firewall settings in /etc/rc.conf as follows:<BR> Be
-careful not to lock yourself out of the system after reloading the
-firewall.</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
- <TR>
- <TD>
- <PRE>firewall_enable="YES"
-firewall_script="/etc/opengate/rc.firewall"</PRE>
- </TD>
- </TR>
-</TABLE>
-<P>Familiarise yourself with the "ipfw" command. <BR> The
-Opengate software sends out ipfw add/delete commands.</P>
-<P ALIGN=right><A href="#opengate0">back</A> <A href="#top">top</A></P>
-
-
-<H4><!-- ************ 5 ************** -->
-<A href="#opengate5" name=opengate5>F.5 Setting
-up syslog</A></H4>
-<P>Edit /etc/syslog.conf to save log entries for Opengate.</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
- <TR>
- <TD>
- <PRE> | Separated by TAB code
- V
-local1.* /var/log/opengate.log</PRE>
- </TD>
- </TR>
-</TABLE>
-<P>Make the log file as follows: <BR> Consider using log rotation to
-control the size of this log file.</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
- <TR>
- <TD>
- <PRE># touch /var/log/opengate.log</PRE>
- </TD>
- </TR>
-</TABLE>
-<P ALIGN=right><A href="#opengate0">back</A> <A href="#top">top</A></P>
-
-
-<H4><!-- ************ 6 ************** -->
-<A href="#opengate6" name=opengate6>F.6 Checking
-Behavior</A></H4>
-<P>Connect a PC to the lower-side network
-and try to access a site in the upper-side network. <BR>If it does
-not work properly, consult doc/progflow.html and doc/protocol.txt to
-better understand the procedure. Also check the log files for
-Opengate, httpd, system and others. To dump more information from
-Opengate, set the <Debug> switch to "2" in
-opengatesrv.conf. Also check the functions of related software. The
-error checking document (errcheck.html) and Q&A documents
-(qa.html, recentqa.html on the web) can be used for problem solving.</P>
-<P ALIGN=right><A href="#opengate0">back</A> <A href="#top">top</A></P>
-
-
-<H4><!-- ************ 7 ************** -->
-<A href="#opengate7" name=opengate7>F.7 Modifying
-Pages</A></H4>
-<P>If you want to modify the contents of the
-web pages, edit the html files in the Opengate directories. The
-relative path cannot be used in httpkeep.html. Use the full URL
-description. The descriptions such as %%XXX%% are variables replaced
-by their proper values during CGI runtime.
-</P>
-<P ALIGN=right STYLE="MARGIN-BOTTOM: 0in"><A href="#opengate0">back</A> <A href="#top">top</A></P>
-<HR>
-
-
-
-<HR>
-<H3><!-- Start:Install MRTG -->
-<A href="#mrtg0" name=mrtg0>G MRTG Installion (Optional)</A></H3>
-<UL>
- <LI><A href="#mrtg1">Ports Installation</A> </LI>
- <LI><A href="#mrtg2">Setting up MRTG</A> </LI>
- <LI><A href="#mrtg3">Confirming proper startup</A> </LI>
- <LI><A href="#mrtg4">Setting up crontab</A> </LI>
-</UL>
-
-<H4><!-- ************ 1 ************** -->
-<A href="#mrtg1" name=mrtg1>G.1 Ports Installation</A></H4>
-
-<P>This section is optional. <BR> If you want to graphically
-monitor the state of Opengate, MRTG can be used but is not required.</P>
-<P><A HREF="http://people.ee.ethz.ch/%7Eoetiker/webtools/mrtg/" TARGET="_blank">MRTG<SPAN STYLE="TEXT-DECORATION: none">
-</SPAN></A>(Multi Router Traffic Grapher) is a system to monitor
-network traffic. MRTG produces graphic images and HTML files.
-</P>
-<P>You can install MRTG on the gateway
-server or another server. If you need to monitor multiple Opengate
-systems, it is advised to install MRTG on a separate server.</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
- <TR>
- <TD>
- <PRE># cd /usr/ports/net-mgmt/mrtg/
-# make clean
-# make install clean ; rehash</PRE>
- </TD>
- </TR>
-</TABLE>
-<P ALIGN=right><A href="#mrtg0">back</A> <A href="#top">top</A></P>
-
-
-<H4><!-- ************ 2 ************** -->
-<A href="#mrtg2" name=mrtg2>G.2 Setting up MRTG</A></H4>
-<P>MRTG creates
-"/usr/local/etc/mrtg/mrtg.cfg.sample" as the sample
-configuration file during installation. Copy mrtg.cfg.sample to
-opengate.cfg and edit the file:</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
- <TR>
- <TD>
- <PRE>##################################################
-# opengate user counter
-
-WorkDir: /usr/home/user/public_html/mrtg/opengate/
-
-##### Options
-Options[^]: growright,gauge,nopercent,integer
-
-Target[opengate]:`/usr/home/user/bin/input.sh`
-Title[opengate]: Opengate user counter
-
-PageTop[opengate]: <h1>Opengate user counter</h1>
- <p>Show the number of people using Opengate</p>
-
-# Max Number
-MaxBytes[opengate]: 200
-
-# Title of Y axis
-YLegend[opengate]: Opengate User
-# unit
-ShortLegend[opengate]: s
-# Title of graph LegendI: first line LegendO: second line
-LegendI[opengate]: IPv6 Users
-LegendO[opengate]: Total Users</PRE>
- </TD>
- </TR>
-</TABLE>
-<P>Be sure to actually create the directory
-which you appointed in "WorkDir". MRTG creates its graphic
-images and HTML files in "WorkDir"</P>
-<P>"Target[opengate]" contains the
-path to the program that hands its data to MRTG. <BR>(details
-explained below)</P>
-
-<H5>G.2.1 Scenario 1: Running MRTG on the gateway server</H5>
-<P>Create the shell script "/usr/home/user/bin/input.sh"
-with the following contents:</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
- <TR>
- <TD>
- <PRE>#!/bin/sh
-
-#######################################
-##
-## show opengate status for MRTG
-##
-## 1 line : IPv6 Users
-## 2 line : Total Users
-## 3 line : uptime
-## 4 line : comment for data
-##
-#######################################
-
-LANG=C
-COLUMNS=256
-
-export LANG
-export COLUMNS
-
-### IPv6 prefix
-prefix="2001:2f8:22:801:"
-###opengateprocessname
-process="opengatesrv.cgi"
-
-###tmp file name
-tmp_all="/tmp/og_count_all.tmp"
-tmp_6="/tmp/og_count_6.tmp"
-
-######################################################
-psax | grep $process > $tmp_all
-COUNT = `wc-l $tmp_all | awk '{print $1}'`
-grep $prefix $tmp_all > $tmp_6
-COUNT6=`wc -l $tmp_6 | awk '{print $1}'`
-UPTIME=`uptime | awk '{print $3$4}' | sed -e "s/,//g"`
-
-rm $tmp_all
-rm $tmp_6
-
-echo "$COUNT6"
-echo "$COUNT"
-echo "$UPTIME"
-echo "Opengate User Counter"</PRE>
- </TD>
- </TR>
-</TABLE>
-<P>Run this shell script as standalone and confirm that you can
-acquire the following data:</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
- <TR>
- <TD>
- <PRE>5
-48
-10days
-Opengate User Counter</PRE>
- </TD>
- </TR>
-</TABLE>
-<H5>G.2.2 Scenario 2: Running MRTG on a separate server</H5>
-<P>Create the shell script "/usr/home/user/bin/input.sh" on
-a separate server.</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
- <TR>
- <TD>
- <PRE>#!/bin/sh
-
-#######################################
-##
-## input data for MRTG
-##
-## 1 line : IPv6 Users
-## 2 line : Total Users
-## 3 line : uptime
-## 4 line : comment for data
-##
-#######################################
-
-# tmp file name
-file="/tmp/opengate.tmp"
-
-# URL of output.sh at opengate
-url="http://opengate.saga-u.ac.jp/cgi-bin/output.sh"
-
-fetch -o $file $url &> /dev/null
-
-more $file</PRE>
- </TD>
- </TR>
-</TABLE>
-<P STYLE="TEXT-INDENT: 0in">Create the shell script
-"/usr/local/apache2/cgi-bin/output.sh" on the Opengate
-(gateway) server, and set the URL to $url, as explained above.</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
- <TR>
- <TD>
- <PRE>#!/bin/sh
-
-#######################################
-##
-## show opengate status for MRTG
-##
-## 1 line : IPv6 Users
-## 2 line : Total Users
-## 3 line : uptime
-## 4 line : comment for data
-##
-#######################################
-
-LANG=C
-COLUMNS=256
-
-export LANG
-export COLUMNS
-
-### IPv6 prefix
-prefix="2001:2f8:22:801:"
-###opengateprocessname
-process="opengatesrv.cgi"
-
-###tmp file name
-tmp_all="/tmp/og_count_all.tmp"
-tmp_6="/tmp/og_count_6.tmp"
-
-######################################################
-psax | grep $process > $tmp_all
-COUNT = `wc-l $tmp_all | awk '{print $1}'`
-grep $prefix $tmp_all > $tmp_6
-COUNT6=`wc -l $tmp_6 | awk '{print $1}'`
-UPTIME=`uptime | awk '{print $3$4}' | sed -e "s/,//g"`
-rm $tmp_all
-rm $tmp_6
-
-echo "Content-type: text/plain; charset=iso-8859-1"
-echo
-
-echo "$COUNT6"
-echo "$COUNT"
-echo "$UPTIME"
-echo "Opengate User Counter"</PRE>
- </TD>
- </TR>
-</TABLE>
-<P>Run "input.sh" on another server and confirm that you
-can acquire the following data:</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
- <TR>
- <TD>
- <PRE>5
-48
-10days
-Opengate User Counter</PRE>
- </TD>
- </TR>
-</TABLE>
-<P ALIGN=right><A href="#mrtg0">back</A> <A href="#top">top</A></P>
-
-<H4><!-- ************ 3 ************** -->
-<A href="#mrtg3" name=mrtg3>G.3 Confirming MRTG Startup Operation:</A></H4>
-
-<P>Use the following command to confirm MRTG is working with your
-config:</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
- <TR>
- <TD>
- <PRE># /usr/local/bin/mrtg /usr/local/etc/mrtg/opengate.cfg</PRE>
- </TD>
- </TR>
-</TABLE>
-<P STYLE="TEXT-INDENT: 0in">Various WARNING messages are output the
-first and second time, this is normal behavior <BR>(as explained in
-the MRTG documentation)!<BR>Some files are created in "WorkDir".</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
- <TR>
- <TD>
- <PRE>> ls -l
--rw-r--r-- 1 root wheel 538 12 14 04:40 mrtg-l.png
--rw-r--r-- 1 root wheel 414 12 14 04:40 mrtg-m.png
--rw-r--r-- 1 root wheel 1759 12 14 04:40 mrtg-r.png
--rw-r--r-- 1 root wheel 2941 12 20 15:15 opengate-day.png
--rw-r--r-- 1 root wheel 2146 12 20 14:35 opengate-month.png
--rw-r--r-- 1 root wheel 2867 12 20 14:55 opengate-week.png
--rw-r--r-- 1 root wheel 1897 12 20 05:00 opengate-year.png
--rw-r--r-- 1 root wheel 5961 12 20 15:15 opengate.html
--rw-r--r-- 1 root wheel 48786 12 20 15:15 opengate.log
--rw-r--r-- 1 root wheel 48784 12 20 15:10 opengate.old</PRE>
- </TD>
- </TR>
-</TABLE>
-<P ALIGN=right><A href="#mrtg0">back</A> <A href="#top">top</A></P>
-
-<H4><!-- ************ 4 ************** -->
-<A href="#mrtg4" name=mrtg4>G.4 Registering to Crontab</A></H4>
-
-<P>Add the following line to "/etc/crontab":</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
- <TR>
- <TD>
- <PRE>*/5 * * * * root /usr/local/bin/mrtg /usr/local/etc/mrtg/opengate.cfg</PRE>
- </TD>
- </TR>
-</TABLE>
-<P ALIGN=right><A href="#mrtg0">back</A> <A href="#top">top</A></P>
-
-
-<H3><!-- Start:Install rulechk -->
-<A href="#rulechk" name=rulechk>H rulechk Installation (Optional)</A></H3>
-
-<P>This section is optional. <BR>When the
-Opengate process is not exited normally, superfluous rules might be
-left behind. <BR>Though it is
-very rare, the tools/rulechk script is made to handle such situations. This
-script compares the Opengate process list and the firewall rule list, and
-deletes the obsolete rules.<BR>This script is compatible with Opengate Ver1.3.1 or above.
-</P>
-<P ALIGN=right STYLE="MARGIN-BOTTOM: 0in"><A href="#rulechk">back</A> <A href="#top">top</A></P>
-</BODY>
-</HTML>
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">\r
+<HTML>\r
+<HEAD>\r
+ <META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=utf-8">\r
+ <TITLE>Opengate Install</TITLE>\r
+\r
+</HEAD>\r
+<BODY LANG="en-US" BGCOLOR="#fafff0" DIR="ltr">\r
+<H2><A href="#top" name=top><FONT SIZE=4>Opengate Installation\r
+Procedure</FONT></A></H2>\r
+\r
+<!-- Start:content table -->\r
+<UL>\r
+ <LI><A href="#outline0">Outline</A>\r
+ \r
+ <UL>\r
+ <LI><A href="#outline1">System Configuration</A> </LI>\r
+ <LI><A href="#outline2">Installation Procedure</A> </LI>\r
+ <LI><A href="#outline3">Support Page</A></LI>\r
+ </UL>\r
+ <LI><A href="#freebsd0">FreeBSD Installation</A> </LI>\r
+ <UL>\r
+ <LI><A href="#freebsd1">Basic Installation</A> </LI>\r
+ <LI><A href="#freebsd2">Adding NAT and Firewall</A> </LI>\r
+ <LI><A href="#freebsd3">Setting up IPv6</A></LI>\r
+ </UL>\r
+ <LI><A href="#bind0">BIND9 Installation (Optional)</A> </LI>\r
+ <UL>\r
+ <LI><A href="#bind1">Ports Installation</A> </LI>\r
+ <LI><A href="#bind2">Making RNDC Key</A> </LI>\r
+ <LI><A href="#bind3">Setting up named.conf</A> </LI>\r
+ <LI><A href="#bind4">Creating a Zone file</A> </LI>\r
+ <LI><A href="#bind5">Checking Behavior</A></LI>\r
+ </UL>\r
+ <LI><A href="#dhcp0">isc-dhcp3 Installation (Optional)</A> \r
+ <UL>\r
+ <LI><A href="#dhcp1">Ports Installation</A> </LI>\r
+ <LI><A href="#dhcp2">Setting up DHCP</A></LI>\r
+ </UL>\r
+ <LI><A href="#apache0">Apache2 Installation</A> </LI>\r
+ <UL>\r
+ <LI><A href="#apache1">Ports Installation</A> </LI>\r
+ <LI><A href="#apache2">Making Certificates</A> </LI>\r
+ <LI><A href="#apache3">Setting up VirtualHost</A> </LI>\r
+ <LI><A href="#apache4">Other Settings and Checking the Installation</A></LI>\r
+ </UL>\r
+ <li class="list_alpha"><A href="#sqlite0">SQLite3 Installation</A>\r
+ <ul>\r
+ <li class="list_num"><A href="#sqlite1">Installation</A></li>\r
+ <li class="list_num"><A href="#sqlite2">Checking</A></li>\r
+ </ul></li>\r
+ <LI><A href="#opengate0">Opengate Installation</A> </LI>\r
+ <UL>\r
+ <LI><A href="#opengate1">Opengate Package</A> </LI>\r
+ <LI><A href="#opengate2">Installation</A> </LI>\r
+ <LI><A href="#opengate3">Setting up Config File</A> </LI>\r
+ <LI><A href="#opengate4">Setting up IPFW</A> </LI>\r
+ <LI><A href="#opengate5">Setting up Syslog</A> </LI>\r
+ <LI><A href="#opengate6">Checking Behavior</A> </LI>\r
+ <LI><A href="#opengate7">Modifying Pages</A> </LI>\r
+ <LI><A href="#opengate8">Setting up SQLite3</A> </LI>\r
+ </UL>\r
+ <LI><A href="#mrtg0">MRTG Install(Optional)</A> </LI>\r
+ <UL>\r
+ <LI><A href="#mrtg1">Ports Installation</A> </LI>\r
+ <LI><A href="#mrtg2">Setting up MRTG</A> </LI>\r
+ <LI><A href="#mrtg3">Confirming MRTG Startup Operation</A> </LI>\r
+ <LI><A href="#mrtg4">Registering to Crontab</A> </LI>\r
+ </UL>\r
+ <LI><A href="#rulechk">rulechk Installation (Optional)</A> </LI>\r
+</UL>\r
+\r
+<BR><BR>\r
+<P></P><!-- End:content table --><!-- Start:Outline -->\r
+\r
+\r
+<H3><A href="#outline0" name=outline0>A Outline</A></H3>\r
+<UL>\r
+ <LI><A href="#outline1">System Configuration</A> </LI>\r
+\r
+ <LI><A href="#outline2">Installation Procedure</A> </LI>\r
+</UL>\r
+\r
+<H4><!-- ************1************* -->\r
+<A href="#outline1" name=outline1>A.1 System\r
+Configuration</A></H4>\r
+<UL>\r
+ <LI>Gateway Machine </LI>\r
+ <UL>\r
+ <LI>FreeBSD Ver 6.1 or later </LI>\r
+ <LI>Having two or more NICs </LI>\r
+ </UL></LI>\r
+</UL>\r
+<P>In this document, we use the system configuration as follows. The\r
+network connecting terminals is called "lower-side network" and\r
+the network having servers is called "upper-side network".</P>\r
+<TABLE CELLPADDING=2 CELLSPACING=2>\r
+ <TR>\r
+ <TD>\r
+ <PRE>upper-side network:192.168.0.0/24, 2001:1:2:3/64\r
+Gateway to upper-side network:fxp1, 192.168.0.124, 2001:1:2:3::4\r
+Gateway to lower-side network:fxp0, 192.168.1.1, 2001:5:6:7::1\r
+lower-side network:192.168.1.0/24, 2001:5:6:7/64</PRE>\r
+ </TD>\r
+ </TR>\r
+</TABLE>\r
+<P>Opengate recognizes both IPv4 and IPv6 addresses, and controls\r
+both firewalls. It can be used for IPv4 control only if the FreeBSD\r
+environment is not set up for IPv6.</P>\r
+\r
+\r
+<H4><!-- ***********2************** -->\r
+<A href="#outline2" name=outline2>A.2 Installation\r
+Procedure</A></H4>\r
+<P>The following steps are necessary to complete the installation of\r
+Opengate. <BR>Items marked with '*' are mandatory.</P>\r
+<UL>\r
+ <LI>FreeBSD Installation * </LI>\r
+\r
+ <LI>Adding the Firewall * </LI>\r
+\r
+ <LI>BIND9 Installation and Setup </LI>\r
+\r
+ <LI>DHCP Installation and Setup </LI>\r
+\r
+ <LI>Apache2 Installation and Setup *</LI>\r
+\r
+ <LI>Opengate Installation and Setup *</LI>\r
+</UL>\r
+\r
+\r
+<H4><!-- ***********3************** -->\r
+<A href="#outline3" name=outline3>A.2 Support Page</A></H4>\r
+<P STYLE="MARGIN-BOTTOM: 0in">The Opengate support page can be\r
+consulted at: \r
+</P>\r
+<TABLE CELLPADDING=2 CELLSPACING=2>\r
+ <TR>\r
+ <TD>\r
+ <PRE> http://www.cc.saga-u.ac.jp/opengate/index-e.html</PRE>\r
+ </TD>\r
+ </TR>\r
+</TABLE>\r
+<P ALIGN=right STYLE="MARGIN-BOTTOM: 0in"><A href="#outline0">back</A> <A href="#top">top</A></P>\r
+<HR>\r
+\r
+\r
+<!-- Start:FreeBSD Install-->\r
+<H3><A href="#freebsd0" name=freebsd0>B FreeBSD Installation</A></H3>\r
+<UL>\r
+ <LI><A href="#freebsd1">Basic Installation</A> </LI>\r
+ <LI><A href="#freebsd2">Adding NAT and Firewall</A> </LI>\r
+ <LI><A href="#freebsd3">Setting up IPv6</A> </LI>\r
+</UL>\r
+\r
+\r
+<H4><!-- ************1************* -->\r
+<A href="#freebsd1" name=freebsd1>B.1 Basic Installation</A></H4>\r
+\r
+<P>Use FreeBSD4.x or later. FreeBSD6.1 or later is preferred. <BR>Choose\r
+distribution "Developer (Full sources, binaries and doc)" or\r
+"all" because we have to compile a custom kernel.</P>\r
+<P>Add the following line to "/etc/rc.conf", to enable the\r
+gateway function:</P>\r
+<TABLE CELLPADDING=2 CELLSPACING=2>\r
+ <TR>\r
+ <TD>\r
+ <P><CODE>gateway_enable="YES"</CODE></P>\r
+ </TD>\r
+ </TR>\r
+</TABLE>\r
+<P ALIGN=right><A href="#freebsd0">back</A> <A href="#top">top</A></P>\r
+\r
+\r
+<H4><!-- ************ 2 ************** --><A href="#freebsd2" name=freebsd2>B.2 Adding\r
+NAT and Firewall</A></H4>\r
+<P>Preparing the kernel to include IPFW and IP6FW functionality.</P>\r
+<P>Copy the kernel configuration file:</P>\r
+<TABLE CELLPADDING=2 CELLSPACING=2>\r
+ <TR>\r
+ <TD>\r
+ <PRE># cd /usr/src/sys/i386/conf\r
+# cp GENERIC MYKERNEL</PRE>\r
+ </TD>\r
+ </TR>\r
+</TABLE>\r
+<P>Add the following lines to the kernel configuration file:</P>\r
+\r
+\r
+<TABLE CELLPADDING=2 CELLSPACING=2>\r
+<TR><TD>\r
+<PRE>options IPDIVERT\r
+\r
+options IPFIREWALL\r
+options IPFIREWALL_FORWARD\r
+options IPFIREWALL_VERBOSE\r
+options IPFIREWALL_VERBOSE_LIMIT=100\r
+\r
+options IPSEC\r
+device crypto</PRE>\r
+</TD></TR>\r
+</TABLE>\r
+\r
+<P>compile and install the new kernel (incl. added support for IPFW\r
+and IP6FW).</P>\r
+<TABLE CELLPADDING=2 CELLSPACING=2>\r
+<TR><TD>\r
+<PRE>#cd /usr/src\r
+#make buildkernel KERNCONF=MYKERNEL\r
+#make installkernel KERNCONF=MYKERNEL\r
+</PRE>\r
+</TD></TR>\r
+</TABLE>\r
+<P>It might be failed in old FreeBSD. In the case, execute the following.</P>\r
+<TABLE CELLPADDING=2 CELLSPACING=2>\r
+<TR><TD>\r
+<PRE># config MYKERNEL\r
+# cd ../compile/MYKERNEL\r
+# make depend\r
+# make\r
+# make install</PRE>\r
+</TD></TR>\r
+</TABLE>\r
+<P>"make clean" might be requested before "make\r
+depend". \r
+</P>\r
+<P>Add the following lines to "/etc/rc.conf":</P>\r
+<P>a. FreeBSD6.0 or earlier</P>\r
+<TABLE CELLPADDING=2 CELLSPACING=2>\r
+ <TR>\r
+ <TD>\r
+ <PRE>firewall_enable="YES"\r
+firewall_script="/etc/rc.firewall"\r
+firewall_type="open"\r
+\r
+ipv6_firewall_enable="YES"\r
+ipv6_firewall_script="/etc/rc.firewall6"\r
+ipv6_firewall_type="open"\r
+\r
+natd_enable="YES"\r
+natd_interface="fxp1"</PRE>\r
+ </TD>\r
+ </TR>\r
+</TABLE>\r
+<P>b. FreeBSD6.1 or later</P>\r
+<TABLE CELLPADDING=2 CELLSPACING=2>\r
+ <TR>\r
+ <TD>\r
+ <PRE>firewall_enable="YES"\r
+firewall_script="/etc/rc.firewall"\r
+firewall_type="open"\r
+\r
+natd_enable="YES"\r
+natd_interface="fxp1"</PRE>\r
+ </TD>\r
+ </TR>\r
+</TABLE>\r
+<P>When enabling IPFW (and IP6FW), make sure\r
+to also set the firewall_type to 'OPEN', to prevent unpredictable\r
+system behavior during installation. <BR>To enable NAT, set\r
+natd_enable to 'YES' and define the natd interface (Upper-side\r
+interface).</P>\r
+<P>Connect a client pc to the lower-side\r
+network and check the IPv4 behavior.<BR>Since DHCP is not yet set up,\r
+the client's network settings must be configured manually.</P>\r
+<P ALIGN=right><A href="#freebsd0">back</A> <A href="#top">top</A></P>\r
+\r
+\r
+<H4><!-- ************ 3 ************** -->\r
+<A href="#freebsd3" name=freebsd3>B.3 Setting up IPv6</A></H4>\r
+<P>If you need IPv4 only, this section can\r
+be skipped. <BR>Though explanation is omitted, many parameters, like\r
+the ones used in the following sample, can be set in /etc/rc.conf.\r
+<BR>It is advised to read up on IPv6 and carefully set up its\r
+parameters. \r
+</P>\r
+<TABLE CELLPADDING=2 CELLSPACING=2>\r
+ <TR>\r
+ <TD>\r
+ <PRE>##ENABLE IPv6\r
+ipv6_enable="YES"\r
+ipv6_network_interfaces="gif0 fxp0"\r
+\r
+##TUNNELLING INTERFACE\r
+gif_interfaces="gif0"\r
+gifconfig_gif0="192.168.0.124 192.168.0.126"\r
+\r
+##IPv6 ADDRESS \r
+ipv6_prefix_fxp0="2001:5:6:7"\r
+ipv6_ifconfig_fxp0="2001:5:6:7::1 prefixlen 64"\r
+\r
+##ADVERTISE\r
+rtadvd_enable="YES"\r
+rtadvd_interfaces="fxp0"\r
+\r
+##DEFAULT GATEWAY\r
+ipv6_default_interface="gif0"\r
+ipv6_defaultrouter="fe80::a:b:c:d%gif0"\r
+\r
+##ROUTING(RIPv6)\r
+ipv6_gateway_enable="YES"\r
+ipv6_router_enable="YES"\r
+ipv6_router="/usr/sbin/route6d"\r
+ipv6_router_flags="-O 2001:5:6:7::/64,gif0"</PRE>\r
+ </TD>\r
+ </TR>\r
+</TABLE>\r
+<P>Connect a client pc to the lower-side\r
+network and check the behavior of IPv6.<BR>On a Windows pc, the\r
+command "ipv6 install" might be needed to activate IPv6.</P>\r
+<P ALIGN=right STYLE="MARGIN-BOTTOM: 0in"><A href="#ipfw0">back</A> <A href="#top">top</A></P>\r
+<HR>\r
+\r
+\r
+<H3><!-- Start:BIND9 Install --><A href="#bind0" name=bind0>C BIND9\r
+Install(Optional)</A></H3>\r
+<UL>\r
+ <LI><A href="#bind1">Ports Install</A></LI>\r
+ <LI><A href="#bind2">Making RNDC Key</A></LI>\r
+ <LI><A href="#bind3">Setting up named.conf</A></LI>\r
+ <LI><A href="#bind4">Creating up a Zone file</A> </LI>\r
+ <LI><A href="#bind5">Checking Behavior</A> </LI>\r
+</UL>\r
+\r
+\r
+<H4><!-- ********** 1 *********** -->\r
+<A href="#bind1" name=bind1>C.1 Ports Install</A></H4>\r
+\r
+<P> You can ignore DNS\r
+settings, if you control with IP address base\r
+or use existing DNS servers.</P>\r
+<P> Installing BIND9 from\r
+ports:<BR> \r
+Note: The "sysinstall" command can also be used.</P>\r
+<TABLE CELLPADDING=2 CELLSPACING=2>\r
+ <TR>\r
+ <TD>\r
+ <PRE># cd /usr/ports/dns/bind9/\r
+# make clean\r
+# make install clean ; rehash</PRE>\r
+ </TD>\r
+ </TR>\r
+</TABLE>\r
+<P>During installation the directory "/etc/namedb\r
+(/var/named/etc/namedb)" is created.</P>\r
+<P ALIGN=right><A href="#bind0">back</A> <A href="#top">top</A></P>\r
+\r
+\r
+<H4><!-- ********** 2 ********** -->\r
+<A href="#bind2" name=bind2>C.2 Making RNDC key</A></H4>\r
+<P>Use the "rndc" command to further secure BIND9.</P>\r
+<P>Create the rndc key as follows:</P>\r
+<TABLE CELLPADDING=2 CELLSPACING=2>\r
+ <TR>\r
+ <TD>\r
+ <PRE># cd /etc/namebd/\r
+# rndc-confgen -b 512 > rndc.conf</PRE>\r
+ </TD>\r
+ </TR>\r
+</TABLE>\r
+<P>This will generate the "rndc.conf" file.</P>\r
+<TABLE CELLPADDING=2 CELLSPACING=2>\r
+ <TR>\r
+ <TD>\r
+ <PRE># Start of rndc.conf\r
+key "rndc-key" {\r
+ algorithm hmac-md5;\r
+ secret "wMpASEmnRVnD602MtEb+RqtMee5+n0RVgpaUrlAHvPpgH3SoK7f2nRZBUH7a0urvmyBuAg0dwtk/Otg9Ker3gA==";\r
+};\r
+\r
+options {\r
+ default-key "rndc-key";\r
+ default-server 127.0.0.1;\r
+ default-port 953;\r
+};\r
+# End of rndc.conf\r
+\r
+# Use with the following in named.conf, adjusting the allow list as needed:\r
+# key "rndc-key" {\r
+# algorithm hmac-md5;\r
+# secret "wMpASEmnRVnD602MtEb+RqtMee5+n0RVgpaUrlAHvPpgH3SoK7f2nRZBUH7a0urvmyBuAg0dwtk/Otg9Ker3gA==";\r
+# };\r
+# \r
+# controls {\r
+# inet 127.0.0.1 port 953\r
+# allow { 127.0.0.1; } keys { "rndc-key"; };\r
+# };\r
+# End of named.conf</PRE>\r
+ </TD>\r
+ </TR>\r
+</TABLE>\r
+<P ALIGN=right><A href="#bind0">back</A> <A href="#top">top</A></P>\r
+\r
+\r
+<H4><!-- ********* 3 ********* -->\r
+<A href="#bind3" name=bind3>C.3 Setting up named.conf</A></H4>\r
+<P>After installation, look for the\r
+"/etc/namedb/named.conf" file and copy the last half of the\r
+"rndc.conf" file to it, making sure to remove comments, and\r
+add IPv6 configuration where/if required.</P>\r
+<TABLE CELLPADDING=2 CELLSPACING=2>\r
+ <TR>\r
+ <TD>\r
+ <PRE># Use with the following in named.conf, adjusting the allow list as needed:\r
+key "rndc-key" {\r
+ algorithm hmac-md5;\r
+ secret "wMpASEmnRVnD602MtEb+RqtMee5+n0RVgpaUrlAHvPpgH3SoK7f2nRZBUH7a0urvmyBuAg0dwtk/Otg9Ker3gA==";\r
+};\r
+\r
+controls {\r
+ inet ::1 port 953 allow { ::1; } keys { "rndc-key"; };\r
+ inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; };\r
+};\r
+# End of named.conf</PRE>\r
+ </TD>\r
+ </TR>\r
+</TABLE>\r
+<P>For security reasons, it is better to write the "key"\r
+directive in the other file.</P>\r
+<P>Edit the "options" directive in "named.conf":</P>\r
+<TABLE CELLPADDING=2 CELLSPACING=2>\r
+ <TR>\r
+ <TD>\r
+ <PRE>options {\r
+ directory "/etc/namedb";\r
+ pid-file "/var/run/named/pid";\r
+ auth-nxdomain yes;\r
+ listen-on-v6 { any; };\r
+};</PRE>\r
+ </TD>\r
+ </TR>\r
+</TABLE>\r
+<P>Create the corresponding "pid" directory.</P>\r
+<P ALIGN=right><A href="#bind0">back</A> <A href="#top">top</A></P>\r
+\r
+\r
+<H4><!-- ******** 4 ********* -->\r
+<A href="#bind4" name=bind4>C.4 Creating a Zone file</A></H4>\r
+<P>Edit the "view" and "zone" directives in "named.conf".</P>\r
+<P>The "view" directive is implemented in BIND9. Replying\r
+to the inquiries from matched-clients, BIND9 sends the information as\r
+described in the corresponding "view"</P>\r
+<TABLE CELLPADDING=2 CELLSPACING=2>\r
+ <TR>\r
+ <TD>\r
+ <PRE>view "og" {\r
+ match-clients\r
+ {\r
+ 192.168.1.0/24;\r
+ };\r
+\r
+ recursion yes;\r
+\r
+ zone "." {\r
+ type hint;\r
+ file "named.root";\r
+ };\r
+\r
+ zone "og.saga-u.ac.jp" {\r
+ type master;\r
+ file "og.saga-u.ac.jp";\r
+ };\r
+\r
+ zone "0.0.127.IN-ADDR.ARPA" {\r
+ type master;\r
+ file "master/localhost.rev";\r
+ };\r
+\r
+ // RFC 3152\r
+ zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.\\r
+ 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA" {\r
+ type master;\r
+ file "master/localhost-v6.rev";\r
+ };\r
+\r
+ // RFC 1886 -- deprecated\r
+ zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.\\r
+ 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.INT" {\r
+ type master;\r
+ file "master/localhost-v6.rev";\r
+ };\r
+};</PRE>\r
+ </TD>\r
+ </TR>\r
+</TABLE>\r
+<P><BR>Make a "zone" file for the domain "og.saga-u.ac.jp".\r
+<BR>The domain name and IPv4/6 addresses should be modified properly.\r
+If you don't need IPv6, remove the line containing "AAAA ....".</P>\r
+<TABLE CELLPADDING=2 CELLSPACING=2>\r
+ <TR>\r
+ <TD>\r
+ <PRE>$TTL 3600\r
+$ORIGIN og.saga-u.ac.jp.\r
+\r
+@ IN SOA ns.og.saga-u.ac.jp. postmaster (\r
+ 2005051702 ;\r
+ 3600\r
+ 1200\r
+ 2419200\r
+ 86400 )\r
+ IN NS ns.og.saga-u.ac.jp.\r
+ IN A 192.168.1.1\r
+ IN MX 10 opengate.og.saga-u.ac.jp.\r
+\r
+ns IN A 192.168.1.1\r
+\r
+opengate IN A 192.168.1.1\r
+ AAAA 2001:5:6:7::1</PRE>\r
+ </TD>\r
+ </TR>\r
+</TABLE>\r
+<P ALIGN=right><A href="#bind0">back</A> <A href="#top">top</A></P>\r
+\r
+\r
+<H4><!-- ********* 5 ********* -->\r
+<A href="#bind5" name=bind5>C.5 Checking Behavior</A></H4>\r
+<P>Confirm starting of "named" after completings its\r
+configuration.</P>\r
+<TABLE CELLPADDING=2 CELLSPACING=2>\r
+ <TR>\r
+ <TD>\r
+ <PRE># /usr/local/sbin/named -u bind -c /etc/namedb/named.conf</PRE>\r
+ </TD>\r
+ </TR>\r
+</TABLE>\r
+<P>If "named" starts without problems, add the following\r
+lines to "/etc/rc.conf" to allow it to automatically start\r
+on boot up.</P>\r
+<TABLE CELLPADDING=2 CELLSPACING=2>\r
+ <TR>\r
+ <TD>\r
+ <PRE>named_enable="YES"\r
+named_program="/usr/local/sbin/named"\r
+named_flags="-u bind -c /etc/namedb/named.conf"</PRE>\r
+ </TD>\r
+ </TR>\r
+</TABLE>\r
+<P>Because the management of a DNS server\r
+can be complicated, it is strongly advised to carefully read the\r
+BIND9 manual, and/or consult other documentation.</P>\r
+<P ALIGN=right STYLE="MARGIN-BOTTOM: 0in"><A href="#bind0">back</A> <A href="#top">top</A></P>\r
+\r
+\r
+<HR>\r
+<H3><!-- Start:isc-dhcp3 Install -->\r
+<A href="#dhcp0" name=dhcp0>D isc-dhcp3 Installation (Optional)</A></H3>\r
+<UL>\r
+ <LI><A href="#dhcp1">Ports Installation</A> \r
+ <LI><A href="#dhcp2">Setting up DHCP</A> </LI>\r
+</UL>\r
+\r
+\r
+<H4><!-- *********** 1 ************* -->\r
+<A href="#dhcp1" name=dhcp1>D.1 Ports Install</A></H4>\r
+<P>If many client PCs are going to be\r
+connected, using the DHCP service might be a desirable solution for\r
+assigning IP addresses to these clients.</P>\r
+<P>Installing isc-dhcp3 from ports:<BR>Note:\r
+the "sysinstall" command can also be used.</P>\r
+<TABLE CELLPADDING=2 CELLSPACING=2>\r
+ <TR>\r
+ <TD>\r
+ <PRE># cd /usr/ports/net/isc-dhcp3-server\r
+# make clean\r
+# make install clean ; rehash</PRE>\r
+ </TD>\r
+ </TR>\r
+</TABLE>\r
+<P ALIGN=right><A href="#dhcp0">back</A> <A href="#top">top</A></P>\r
+\r
+\r
+<H4><!-- ************ 2 ************** -->\r
+<A href="#dhcp2" name=dhcp2>D.2 Setting up DHCP</A></H4>\r
+<P>The"/usr/local/etc/dhcpd.conf.sample"\r
+ configuration file is created during installation. <BR>Copy\r
+"dhcpd.conf.sample" to "dhcpd.conf" and edit the\r
+file. <BR><BR>The following is an example setup: <BR>The lease time\r
+must be greater than the maximum usage duration (Duration/Max in\r
+opengatesrv.conf).<BR>The domain name and IP addresses should be\r
+modified. \r
+</P>\r
+<TABLE CELLPADDING=2 CELLSPACING=2>\r
+ <TR>\r
+ <TD>\r
+ <PRE>option domain-name "og.saga-u.ac.jp";\r
+option domain-name-servers 192.168.1.1;\r
+option subnet-mask 255.255.255.0;\r
+option broadcast-address 192.168.1.255;\r
+option routers 192.168.1.1;\r
+\r
+default-lease-time 86400;\r
+max-lease-time 604800;\r
+ddns-update-style none;\r
+log-facility local7;\r
+\r
+subnet 192.168.55.0 netmask 255.255.255.0 {\r
+ range 192.168.1.10 192.168.1.250;\r
+}</PRE>\r
+ </TD>\r
+ </TR>\r
+</TABLE>\r
+<P>Add the following lines to "/etc/rc.conf" to allow it to\r
+automatically start on boot up.</P>\r
+<TABLE CELLPADDING=2 CELLSPACING=2>\r
+ <TR>\r
+ <TD>\r
+ <PRE>dhcpd_enable="YES"\r
+dhcpd_ifaces="fxp0"\r
+dhcpd_conf="/usr/local/etc/dhcpd.conf"</PRE>\r
+ </TD>\r
+ </TR>\r
+</TABLE>\r
+<P>In this example, the value of\r
+"dhcpd_ifaces" is the interface providing the DHCP service\r
+<BR>(to the lower-side network).</P>\r
+<P ALIGN=right STYLE="MARGIN-BOTTOM: 0in"><A href="#dhcp0">back</A> <A href="#top">top</A></P>\r
+<HR>\r
+\r
+\r
+<H3><!-- Start:Apache2 Install--><A href="#apache0" name=apache0>E Apache2\r
+Installation</A></H3>\r
+<UL>\r
+ <LI><A href="#apache1">Ports Installation</A> </LI>\r
+ <LI><A href="#apache2">Making Certificates</A> </LI>\r
+ <LI><A href="#apache3">Setting up SSL</A></LI>\r
+ <LI><A href="#apache4">Other Settings and Checking the installation</A> </LI>\r
+</UL>\r
+\r
+\r
+<H4><!-- ************ 1 ************** --><A href="#apache1" name=apache1>E.1 Ports\r
+Install</A></H4>\r
+<P>When using IPv6, Opengate needs Apache2\r
+to support IPv6. <BR>By default, Apache2 supports SSL which is\r
+preferred for secure authentication.</P>\r
+<P>Installing Apache2 from ports:<BR>Note:\r
+The "sysinstall" command can also be used.</P>\r
+<TABLE CELLPADDING=2 CELLSPACING=2>\r
+ <TR>\r
+ <TD>\r
+ <PRE># cd /usr/ports/www/apache22\r
+# make clean\r
+# make install clean ; rehash</PRE>\r
+ </TD>\r
+ </TR>\r
+</TABLE>\r
+<P ALIGN=right><A href="#apache0">back</A> <A href="#top">top</A></P>\r
+\r
+\r
+<H4><!-- ************ 2 ************** --><A href="#apache2" name=apache2>E.2 Making\r
+Certificates</A></H4>\r
+<P>It is better to obtain a formal key from\r
+some CA. But we will show you how to create a self-signed private key\r
+and certificate. \r
+</P>\r
+<P>Creating a private key:</P>\r
+<TABLE CELLPADDING=2 CELLSPACING=2>\r
+ <TR>\r
+ <TD>\r
+ <PRE># cd /usr/local/etc/apache22\r
+# mkdir ssl.key ssl.crt\r
+# chmod 700 ssl.key ssl.crt\r
+\r
+# /usr/bin/openssl genrsa -out /usr/local/etc/apache22/server.key 1024</PRE>\r
+ </TD>\r
+ </TR>\r
+</TABLE>\r
+<P><BR>Making a certificate from the created key:</P>\r
+<TABLE CELLPADDING=2 CELLSPACING=2>\r
+ <TR>\r
+ <TD>\r
+ <PRE># /usr/bin/openssl req -new -x509 -days 365 \\r
+ -key /usr/local/etc/apache22/server.key \\r
+ -out /usr/local/etc/apache22/server.crt\r
+\r
+You are about to be asked to enter information that will be incorporated\r
+into your certificate request.\r
+What you are about to enter is what is called a Distinguished Name or a DN.\r
+There are quite a few fields but you can leave some blank\r
+For some fields there will be a default value,\r
+If you enter '.', the field will be left blank.\r
+-----\r
+Country Name (2 letter code) [AU]:JP\r
+State or Province Name (full name) [Some-State]:Saga\r
+Locality Name (eg, city) []:Saga-city\r
+Organization Name (eg, company) [Internet Widgits Pty Ltd]:Saga-university\r
+Organizational Unit Name (eg, subsection) []:Opengate Management\r
+Common Name (eg, YOUR name) []:opengate.og.saga-u.ac.jp\r
+Email Address []:administrator@opengate.og.saga-u.ac.jp\r
+\r
+Please enter the following 'extra' attributes\r
+to be sent with your certificate request\r
+A challenge password []:\r
+An optional company name []:</PRE>\r
+ </TD>\r
+ </TR>\r
+</TABLE>\r
+<P ALIGN=right><A href="#apache0">back</A> <A href="#top">top</A></P>\r
+\r
+\r
+<H4><!-- ************ 3 ************** --><A href="#apache3" name=apache3>E.3 \r
+Setting up SSL</A></H4>\r
+<P>Edit "/usr/local/etc/apache22/extra/httpd-ssl.conf" as\r
+shown in the following example:</P>\r
+<TABLE CELLPADDING=2 CELLSPACING=2>\r
+ <TR>\r
+ <TD>\r
+ <P>ssl.conf \r
+ </P>\r
+ </TD>\r
+ </TR>\r
+ <TR>\r
+ <TD>\r
+ <PRE><VirtualHost _default_:443>\r
+ DocumentRoot "/usr/local/www/apache22/data"\r
+ ServerName opengate.og.saga-u.ac.jp:443\r
+ ServerAdmin administrator@opengate.og.saga-u.ac.jp\r
+ ErrorLog "|/usr/bin/logger -p local6.info"\r
+ CustomLog "|/usr/bin/logger -p local5.info" combined\r
+\r
+ SSLEngine on\r
+ SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL\r
+ SSLCertificateFile /usr/local/etc/apache22/server.crt\r
+ SSLCertificateKeyFile /usr/local/etc/apache22/server.key\r
+</VirtualHost></PRE>\r
+ </TD>\r
+ </TR>\r
+</TABLE>\r
+<P>Since Apache2 has many settings,\r
+familiarize yourself with the Apache2 configuration options for\r
+adequate control.</P>\r
+<P ALIGN=right><A href="#apache0">back</A> <A href="#top">top</A></P>\r
+\r
+\r
+<H4><!-- ************ 4 ************** --><A href="#apache4" name=apache4>E.4 Other\r
+Settings and Checking the Installation</A></H4>\r
+<P>Edit "/usr/local/etc/apache22/httpd.conf" as follows:</P>\r
+<P>Opengate should send back the\r
+authentication page in response to any kind of HTTP request. <BR>To\r
+do so, add the following line to httpd.conf: <BR> (the top page will\r
+be sent back on an HTTP_ERROR 404 [file not found] error).</P>\r
+<TABLE CELLPADDING=2 CELLSPACING=2>\r
+ <TR>\r
+ <TD>\r
+ <PRE>ErrorDocument 404 /</PRE>\r
+ </TD>\r
+ </TR>\r
+</TABLE>\r
+<P><BR>Add "ExecCGI" to allow executing CGI programs in the\r
+cgi-bin directory.</P>\r
+<TABLE CELLPADDING=2 CELLSPACING=2>\r
+ <TR>\r
+ <TD>\r
+ <PRE><Directory "/usr/local/www/cgi-bin">\r
+ ...\r
+ Options ExecCGI\r
+ ...\r
+</Directory></PRE>\r
+ </TD>\r
+ </TR>\r
+</TABLE>\r
+<P>Remove the comment mark ("#") to\r
+enable the following setting: \r
+</P>\r
+<TABLE CELLPADDING=2 CELLSPACING=2>\r
+ <TR>\r
+ <TD>\r
+ <PRE>AddHandler cgi-script .cgi\r
+AddHandler type-map .var</PRE>\r
+ </TD>\r
+ </TR>\r
+</TABLE>\r
+<P>Add "index.html.var" to\r
+DirectoryIndex: \r
+</P>\r
+<TABLE CELLPADDING=2 CELLSPACING=2>\r
+ <TR>\r
+ <TD>\r
+ <PRE>DirectoryIndex index.html.var index.html</PRE>\r
+ </TD>\r
+ </TR>\r
+</TABLE>\r
+<P>Include ssl conf file:</P>\r
+<TABLE CELLPADDING=2 CELLSPACING=2>\r
+ <TR>\r
+ <TD>\r
+ <PRE>Include etc/apache22/extra/httpd-ssl.conf</PRE>\r
+ </TD>\r
+ </TR>\r
+</TABLE>\r
+<P>Set ServerName: \r
+</P>\r
+<TABLE CELLPADDING=2 CELLSPACING=2>\r
+ <TR>\r
+ <TD>\r
+ <PRE>ServerName opengate.og.saga-u.ac.jp</PRE>\r
+ </TD>\r
+ </TR>\r
+</TABLE>\r
+<P>Start Apache2 with "apachectl start"\r
+and check for errors. <BR>If no errors are displayed, add the\r
+following lines to "/etc/rc.conf" to allow Apache to start\r
+on boot up:</P>\r
+<TABLE CELLPADDING=2 CELLSPACING=2>\r
+ <TR>\r
+ <TD>\r
+ <PRE>apache22_enable="YES"\r
+apache22ssl_enable="YES"</PRE>\r
+ </TD>\r
+ </TR>\r
+</TABLE>\r
+<P>If the system shows "Failed to\r
+enable the 'httpready' Accept Filter", add the following to\r
+/boot/loader.conf :</P>\r
+<TABLE CELLPADDING=2 CELLSPACING=2>\r
+ <TR>\r
+ <TD>\r
+ <PRE>accf_http_load="YES"</PRE>\r
+ </TD>\r
+ </TR>\r
+</TABLE>\r
+<P>Should the certificate require a PASSPHRASE, Apache will ask for it during\r
+boot up.<BR> If you do not enter the passphrase (reboot due to\r
+power outage, remote reboot, ,...), this will prevent <BR> the server from starting Apache normally, \r
+i.e. leaving you with a possible "crippled" server.</P>\r
+<BLOCKQUOTE>\r
+<P>\r
+Easy fix:<BR>\r
+1. create a simple script containing the following:<BR>\r
+#!/bin/sh<BR>\r
+echo "<passphrase goes here>"<BR>\r
+<BR>2. add the following to httpd.conf:<BR>\r
+SSLPassPhraseDialog exec:/path/to/above/script\r
+</P></BLOCKQUOTE>\r
+\r
+<P ALIGN=right STYLE="MARGIN-BOTTOM: 0in"><A href="#apache0">back</A> <A href="#top">top</A></P>\r
+\r
+\r
+<!-- Start:SQLite3 Installation -->\r
+<h3><A class=anchor href="#sqlite0" name=sqlite0>F SQLite3 Installation</A></h3>\r
+<ul>\r
+ <li class="list_num"><A href="#sqlite1">Inatallation</A></li>\r
+ <li class="list_num"><A href="#sqlite2">Checking</A></li>\r
+</ul>\r
+\r
+<!-- ************ 1 ************** -->\r
+<h4><A class=anchor href="#sqlite1" name=sqlite1>F.1 Installation</A></h4>\r
+\r
+\r
+<p>Download archive file from SQLite site(www.sqlite.org). Install it as follows.</p>\r
+\r
+<table><tr><td><pre>\r
+# tar xzvf sqlite-amalgamation-3.xx.xx.tar.gz\r
+# cd sqlite-3.xx.xx\r
+# ./configure\r
+# make\r
+# make install\r
+</pre></td></tr></table>\r
+\r
+<div align="right"><A href="#sqlite0">back</A> <A href="#top">top</A></div>\r
+\r
+<!-- ************ 2 ************** -->\r
+<h4><A class=anchor href="#sqlite2" name=sqlite2>F.2 Checking</A></h4>\r
+\r
+<p>\r
+Check the normal execution.\r
+\r
+<table><tr><td><pre>\r
+# sqlite3\r
+SQLite version 3.xx.xx\r
+Enter ".help" for instructions\r
+Enter SQL statements terminated with a ";"\r
+sqlite> .quit\r
+#\r
+</pre></td></tr></table>\r
+\r
+<div align="right"><A href="#sqlite0">back</A> <A href="#top">top</A></div>\r
+\r
+<HR>\r
+<H3><!-- Start:Opengate Install -->\r
+<A href="#opengate0" name=opengate0>G Opengate Installation</A></H3>\r
+<UL>\r
+ <LI><A href="#opengate1">Opengate Package</A> \r
+ <LI><A href="#opengate2">Installation</A> </LI>\r
+ <LI><A href="#opengate3">Setting up Config File</A> </LI>\r
+ <LI><A href="#opengate4">Setting up IPFW</A> </LI>\r
+ <LI><A href="#opengate5">Setting up syslog</A> </LI>\r
+ <LI><A href="#opengate6">Checking Behavior</A> </LI>\r
+ <LI><A href="#opengate7">Modifying Pages</A> </LI>\r
+ <LI><A href="#opengate8">Setting up SQLite3</A> </LI>\r
+</UL>\r
+\r
+\r
+<H4><!-- ************1************* -->\r
+<A href="#opengate1" name=opengate1>G.1 Opengate\r
+Package</A></H4>\r
+<P>Unpack the Opengate compressed file: \r
+</P>\r
+<TABLE CELLPADDING=2 CELLSPACING=2>\r
+ <TR>\r
+ <TD>\r
+ <PRE># tar xzvf opengatexxxx.tar.gz</PRE>\r
+ </TD>\r
+ </TR>\r
+</TABLE>\r
+<P>It contains the following directories:</P>\r
+<TABLE CELLPADDING=2 CELLSPACING=2>\r
+ <TR>\r
+ <TD>\r
+ <PRE>doc: Documentation\r
+conf: Configuration files and firewall control Perl script sample\r
+javahtml: Client Programs and HTML files\r
+opengatesrv: Server CGI programs\r
+tools: Some related tools\r
+ezxml: XML parser (Copyright Aaron Voisine)</PRE>\r
+ </TD>\r
+ </TR>\r
+</TABLE>\r
+<P ALIGN=right><A href="#opengate0">back</A> <A href="#top">top</A></P>\r
+\r
+\r
+<H4><!-- ************2************* -->\r
+<A href="#opengate2" name=opengate2>G.2 Installation</A></H4>\r
+<P>Check the settings in "opengatesrv/Makefile" and modify\r
+if needed:</P>\r
+<TABLE CELLPADDING=2 CELLSPACING=2>\r
+ <TR>\r
+ <TD>\r
+ <PRE>HTMLTOP = /usr/local/www/apache22\r
+DOCDIR = /data\r
+CGIDIR = /cgi-bin\r
+OPENGATEDIR = /opengate\r
+CONFIGPATH = /etc/opengate</PRE>\r
+ </TD>\r
+ </TR>\r
+</TABLE>\r
+<P>Compile and Install:</P>\r
+<TABLE CELLPADDING=2 CELLSPACING=2>\r
+ <TR>\r
+ <TD>\r
+ <PRE># make clean\r
+# make install</PRE>\r
+ </TD>\r
+ </TR>\r
+</TABLE>\r
+<P ALIGN=right><A href="#opengate0">back</A> <A href="#top">top</A></P>\r
+\r
+\r
+<H4><!-- ************ 3 ************** -->\r
+<A href="#opengate3" name=opengate3>G.3 Setting up Config File</A></H4>\r
+\r
+<P>Copy the sample configuration file\r
+"/etc/opengate/opengatesrv.conf.sample" to\r
+"/etc/opengate/opengatesrv.conf" and modify. <BR>The\r
+following settings must be changed:</P>\r
+<TABLE CELLPADDING=2 CELLSPACING=2>\r
+ <TR>\r
+ <TD>\r
+ <PRE> <OpengateServerName>opengate.og.saga-u.ac.jp</OpengateServerName>\r
+\r
+ <AuthServer>\r
+ <Protocol>pop3s</Protocol>\r
+ <Address>192.168.0.2</Address>\r
+ </AuthServer></PRE>\r
+ </TD>\r
+ </TR>\r
+</TABLE>\r
+<P>In <OpengateServerName>, set the\r
+HOSTNAME(FQDN) or IP address of the opengate gateway server. If you\r
+want to use IPv6, you need to set the FQDN corresponding to both IPv4\r
+and IPv6 addresses.</P>\r
+<P>In <AuthServer>, set the\r
+information for the authentication server. Opengate supports various\r
+authentication protocols. See the config file for details. <BR>To\r
+differentiate between erorrs caused by authentication server or those\r
+caused by the opengate server, try the following setting first. This\r
+means that any userid and password combination is accepted.</P>\r
+<TABLE CELLPADDING=2 CELLSPACING=2>\r
+ <TR>\r
+ <TD>\r
+ <PRE> ****Do not use this setting in real service****\r
+ <AuthServer>\r
+ <Protocol>accept</Protocol> \r
+ <AuthServer></PRE>\r
+ </TD>\r
+ </TR>\r
+</TABLE>\r
+<P>The config file is XML. "#" marks in\r
+the file do not represent the start of a comment. <BR>Use\r
+XML-formatted comments like <!-- Comment String --> to disable\r
+a description.</P>\r
+<P>Opengate can pass authentication settings\r
+in the form of "userid@extid". <BR>See the config file for\r
+more details. <BR>By using this function, you can use different\r
+authentication servers for many sections or guests.</P>\r
+<P>When the primary authentication server\r
+does not reply, Opengate can resend the request to other\r
+authentication servers. See the config file for more details.</P>\r
+<P>Caution: Do not delete the IPv6 related\r
+settings in the config file! <BR> The IPv6 access is executed when\r
+the FQDN for IPv6 is prepared.</P>\r
+\r
+<P ALIGN=right><A href="#opengate0">back</A> <A href="#top">top</A></P>\r
+\r
+\r
+<H4><!-- ************ 4 ************** -->\r
+<A href="#opengate4" name=opengate4>G.4 Setting up IPFW</A></H4>\r
+<P>Write IPFW rules for Opengate. \r
+</P>\r
+<P>Both IPv4 and IPv6 packets are controlled by IPFW.</P>\r
+<P>A sample rule set for IPFW can be found in\r
+"/etc/opengate/rc.firewall.sample"</P>\r
+<P>Copy the script and modify to fit your needs. <BR> If you are\r
+not familiar with Ipv6, set IPv6 addresses as localhost (*net6="0",\r
+*ip6="::1").</P>\r
+<TABLE CELLPADDING=2 CELLSPACING=2>\r
+ <TR>\r
+ <TD>\r
+ <PRE># cd /etc/opengate\r
+# cp rc.firewall.sample rc.firewall\r
+# vi rc.firewall</PRE>\r
+ </TD>\r
+ </TR>\r
+</TABLE>\r
+<P>Modify the firewall settings in /etc/rc.conf as follows:<BR> Be\r
+careful not to lock yourself out of the system after reloading the\r
+firewall.</P>\r
+<TABLE CELLPADDING=2 CELLSPACING=2>\r
+ <TR>\r
+ <TD>\r
+ <PRE>firewall_enable="YES"\r
+firewall_script="/etc/opengate/rc.firewall"</PRE>\r
+ </TD>\r
+ </TR>\r
+</TABLE>\r
+<P>Familiarise yourself with the "ipfw" command. <BR> The\r
+Opengate software sends out ipfw add/delete commands.</P>\r
+<P ALIGN=right><A href="#opengate0">back</A> <A href="#top">top</A></P>\r
+\r
+\r
+<H4><!-- ************ 5 ************** -->\r
+<A href="#opengate5" name=opengate5>G.5 Setting\r
+up syslog</A></H4>\r
+<P>Edit /etc/syslog.conf to save log entries for Opengate.</P>\r
+<TABLE CELLPADDING=2 CELLSPACING=2>\r
+ <TR>\r
+ <TD>\r
+ <PRE> | Separated by TAB code\r
+ V\r
+local1.* /var/log/opengate.log</PRE>\r
+ </TD>\r
+ </TR>\r
+</TABLE>\r
+<P>Make the log file as follows: <BR> Consider using log rotation to\r
+control the size of this log file.</P>\r
+<TABLE CELLPADDING=2 CELLSPACING=2>\r
+ <TR>\r
+ <TD>\r
+ <PRE># touch /var/log/opengate.log</PRE>\r
+ </TD>\r
+ </TR>\r
+</TABLE>\r
+<P ALIGN=right><A href="#opengate0">back</A> <A href="#top">top</A></P>\r
+\r
+\r
+<H4><!-- ************ 6 ************** -->\r
+<A href="#opengate6" name=opengate6>G.6 Checking\r
+Behavior</A></H4>\r
+<P>Connect a PC to the lower-side network\r
+and try to access a site in the upper-side network. <BR>If it does\r
+not work properly, consult doc/progflow.html and doc/protocol.txt to\r
+better understand the procedure. Also check the log files for\r
+Opengate, httpd, system and others. To dump more information from\r
+Opengate, set the <Debug> switch to "2" in\r
+opengatesrv.conf. Also check the functions of related software. The\r
+error checking document (errcheck.html) and Q&A documents\r
+(qa.html, recentqa.html on the web) can be used for problem solving.</P>\r
+<P ALIGN=right><A href="#opengate0">back</A> <A href="#top">top</A></P>\r
+\r
+\r
+<H4><!-- ************ 7 ************** -->\r
+<A href="#opengate7" name=opengate7>G.7 Modifying\r
+Pages</A></H4>\r
+<P>If you want to modify the contents of the\r
+web pages, edit the html files in the Opengate directories. The\r
+relative path cannot be used in httpkeep.html. Use the full URL\r
+description. The descriptions such as %%XXX%% are variables replaced\r
+by their proper values during CGI runtime. \r
+</P>\r
+<P ALIGN=right STYLE="MARGIN-BOTTOM: 0in"><A href="#opengate0">back</A> <A href="#top">top</A></P>\r
+\r
+\r
+<!-- ************ 8 ************** -->\r
+<h4><A class=anchor href="#opengate8" name=opengate8>G.8 Setting up SQLite3</A></h4>\r
+\r
+<p>\r
+Opengate uses the SQLite3 database to hold session information. \r
+The path of the database file is indicated with <SqliteDb> \r
+in opengatesrv.conf.\r
+It is recommended to change the default value \r
+to the proper directory.\r
+WWW sholud have write permission for the directory.\r
+</p>\r
+<table><tr><td><pre>\r
+Example:\r
+-- opengatesrv.conf --\r
+<SqliteDb>/home/sqlitedb/opengate.db</SqliteDb>\r
+\r
+-- shell commands --\r
+# mkdir /home/sqlitedb\r
+# chown www /home/sqlitedb\r
+</pre></td></tr></table>\r
+<p> \r
+The file and database table are created automatically.\r
+</p>\r
+\r
+As the file size incleases steadily, you should periodically trim or remove the file with cron (or manually). Following is a sample script to delete 3 day old records.</p>\r
+\r
+<table>\r
+<tr><td><pre>\r
+#!/bin/sh\r
+echo "delete from session where closeTime < datetime('now','localtime','-3days');" | sqlite3 /tmp/opengate.db\r
+exit 0\r
+</pre></td></tr>\r
+</table>\r
+\r
+<div align="right"><A href="#opengate0">back</A> <A href="#top">top</A></div>\r
+\r
+<hr>\r
+\r
+\r
+<H3><!-- Start:Install MRTG -->\r
+<A href="#mrtg0" name=mrtg0>H MRTG Installion (Optional)</A></H3>\r
+<UL>\r
+ <LI><A href="#mrtg1">Ports Installation</A> </LI>\r
+ <LI><A href="#mrtg2">Setting up MRTG</A> </LI>\r
+ <LI><A href="#mrtg3">Confirming proper startup</A> </LI>\r
+ <LI><A href="#mrtg4">Setting up crontab</A> </LI>\r
+</UL>\r
+\r
+<H4><!-- ************ 1 ************** -->\r
+<A href="#mrtg1" name=mrtg1>H.1 Ports Installation</A></H4>\r
+\r
+<P>This section is optional. <BR> If you want to graphically\r
+monitor the state of Opengate, MRTG can be used but is not required.</P>\r
+<P><A HREF="http://people.ee.ethz.ch/%7Eoetiker/webtools/mrtg/" TARGET="_blank">MRTG<SPAN STYLE="TEXT-DECORATION: none">\r
+</SPAN></A>(Multi Router Traffic Grapher) is a system to monitor\r
+network traffic. MRTG produces graphic images and HTML files. \r
+</P>\r
+<P>You can install MRTG on the gateway\r
+server or another server. If you need to monitor multiple Opengate\r
+systems, it is advised to install MRTG on a separate server.</P>\r
+<TABLE CELLPADDING=2 CELLSPACING=2>\r
+ <TR>\r
+ <TD>\r
+ <PRE># cd /usr/ports/net-mgmt/mrtg/\r
+# make clean\r
+# make install clean ; rehash</PRE>\r
+ </TD>\r
+ </TR>\r
+</TABLE>\r
+<P ALIGN=right><A href="#mrtg0">back</A> <A href="#top">top</A></P>\r
+\r
+\r
+<H4><!-- ************ 2 ************** -->\r
+<A href="#mrtg2" name=mrtg2>H.2 Setting up MRTG</A></H4>\r
+<P>MRTG creates\r
+"/usr/local/etc/mrtg/mrtg.cfg.sample" as the sample\r
+configuration file during installation. Copy mrtg.cfg.sample to\r
+opengate.cfg and edit the file:</P>\r
+<TABLE CELLPADDING=2 CELLSPACING=2>\r
+ <TR>\r
+ <TD>\r
+ <PRE>##################################################\r
+# opengate user counter\r
+\r
+WorkDir: /usr/home/user/public_html/mrtg/opengate/\r
+\r
+##### Options\r
+Options[^]: growright,gauge,nopercent,integer\r
+\r
+Target[opengate]:`/usr/home/user/bin/input.sh`\r
+Title[opengate]: Opengate user counter\r
+\r
+PageTop[opengate]: <h1>Opengate user counter</h1>\r
+ <p>Show the number of people using Opengate</p>\r
+\r
+# Max Number\r
+MaxBytes[opengate]: 200\r
+\r
+# Title of Y axis\r
+YLegend[opengate]: Opengate User\r
+# unit\r
+ShortLegend[opengate]: s\r
+# Title of graph LegendI: first line LegendO: second line\r
+LegendI[opengate]: IPv6 Users\r
+LegendO[opengate]: Total Users</PRE>\r
+ </TD>\r
+ </TR>\r
+</TABLE>\r
+<P>Be sure to actually create the directory\r
+which you appointed in "WorkDir". MRTG creates its graphic\r
+images and HTML files in "WorkDir"</P>\r
+<P>"Target[opengate]" contains the\r
+path to the program that hands its data to MRTG. <BR>(details\r
+explained below)</P>\r
+\r
+<H5>H.2.1 Scenario 1: Running MRTG on the gateway server</H5>\r
+<P>Create the shell script "/usr/home/user/bin/input.sh"\r
+with the following contents:</P>\r
+<TABLE CELLPADDING=2 CELLSPACING=2>\r
+ <TR>\r
+ <TD>\r
+ <PRE>#!/bin/sh\r
+\r
+#######################################\r
+##\r
+## show opengate status for MRTG\r
+##\r
+## 1 line : IPv6 Users\r
+## 2 line : Total Users\r
+## 3 line : uptime\r
+## 4 line : comment for data\r
+##\r
+#######################################\r
+\r
+LANG=C\r
+COLUMNS=256\r
+\r
+export LANG\r
+export COLUMNS\r
+\r
+### IPv6 prefix\r
+prefix="2001:2f8:22:801:"\r
+###opengateprocessname\r
+process="opengatesrv.cgi" \r
+\r
+###tmp file name\r
+tmp_all="/tmp/og_count_all.tmp"\r
+tmp_6="/tmp/og_count_6.tmp"\r
+\r
+######################################################\r
+psax | grep $process > $tmp_all\r
+COUNT = `wc-l $tmp_all | awk '{print $1}'` \r
+grep $prefix $tmp_all > $tmp_6\r
+COUNT6=`wc -l $tmp_6 | awk '{print $1}'`\r
+UPTIME=`uptime | awk '{print $3$4}' | sed -e "s/,//g"`\r
+\r
+rm $tmp_all\r
+rm $tmp_6\r
+\r
+echo "$COUNT6"\r
+echo "$COUNT"\r
+echo "$UPTIME"\r
+echo "Opengate User Counter"</PRE>\r
+ </TD>\r
+ </TR>\r
+</TABLE>\r
+<P>Run this shell script as standalone and confirm that you can\r
+acquire the following data:</P>\r
+<TABLE CELLPADDING=2 CELLSPACING=2>\r
+ <TR>\r
+ <TD>\r
+ <PRE>5\r
+48\r
+10days\r
+Opengate User Counter</PRE>\r
+ </TD>\r
+ </TR>\r
+</TABLE>\r
+<H5>H.2.2 Scenario 2: Running MRTG on a separate server</H5>\r
+<P>Create the shell script "/usr/home/user/bin/input.sh" on\r
+a separate server.</P>\r
+<TABLE CELLPADDING=2 CELLSPACING=2>\r
+ <TR>\r
+ <TD>\r
+ <PRE>#!/bin/sh\r
+\r
+#######################################\r
+##\r
+## input data for MRTG\r
+##\r
+## 1 line : IPv6 Users\r
+## 2 line : Total Users\r
+## 3 line : uptime\r
+## 4 line : comment for data\r
+##\r
+#######################################\r
+\r
+# tmp file name\r
+file="/tmp/opengate.tmp"\r
+\r
+# URL of output.sh at opengate\r
+url="http://opengate.saga-u.ac.jp/cgi-bin/output.sh"\r
+\r
+fetch -o $file $url &> /dev/null\r
+\r
+more $file</PRE>\r
+ </TD>\r
+ </TR>\r
+</TABLE>\r
+<P STYLE="TEXT-INDENT: 0in">Create the shell script\r
+"/usr/local/apache2/cgi-bin/output.sh" on the Opengate\r
+(gateway) server, and set the URL to $url, as explained above.</P>\r
+<TABLE CELLPADDING=2 CELLSPACING=2>\r
+ <TR>\r
+ <TD>\r
+ <PRE>#!/bin/sh\r
+\r
+#######################################\r
+##\r
+## show opengate status for MRTG\r
+##\r
+## 1 line : IPv6 Users\r
+## 2 line : Total Users\r
+## 3 line : uptime\r
+## 4 line : comment for data\r
+##\r
+#######################################\r
+\r
+LANG=C\r
+COLUMNS=256\r
+\r
+export LANG\r
+export COLUMNS\r
+\r
+### IPv6 prefix\r
+prefix="2001:2f8:22:801:"\r
+###opengateprocessname\r
+process="opengatesrv.cgi" \r
+\r
+###tmp file name\r
+tmp_all="/tmp/og_count_all.tmp"\r
+tmp_6="/tmp/og_count_6.tmp"\r
+\r
+######################################################\r
+psax | grep $process > $tmp_all \r
+COUNT = `wc-l $tmp_all | awk '{print $1}'` \r
+grep $prefix $tmp_all > $tmp_6\r
+COUNT6=`wc -l $tmp_6 | awk '{print $1}'`\r
+UPTIME=`uptime | awk '{print $3$4}' | sed -e "s/,//g"`\r
+rm $tmp_all\r
+rm $tmp_6\r
+\r
+echo "Content-type: text/plain; charset=iso-8859-1"\r
+echo\r
+\r
+echo "$COUNT6"\r
+echo "$COUNT"\r
+echo "$UPTIME"\r
+echo "Opengate User Counter"</PRE>\r
+ </TD>\r
+ </TR>\r
+</TABLE>\r
+<P>Run "input.sh" on another server and confirm that you\r
+can acquire the following data:</P>\r
+<TABLE CELLPADDING=2 CELLSPACING=2>\r
+ <TR>\r
+ <TD>\r
+ <PRE>5\r
+48\r
+10days\r
+Opengate User Counter</PRE>\r
+ </TD>\r
+ </TR>\r
+</TABLE>\r
+<P ALIGN=right><A href="#mrtg0">back</A> <A href="#top">top</A></P>\r
+\r
+<H4><!-- ************ 3 ************** -->\r
+<A href="#mrtg3" name=mrtg3>H.3 Confirming MRTG Startup Operation:</A></H4>\r
+\r
+<P>Use the following command to confirm MRTG is working with your\r
+config:</P>\r
+<TABLE CELLPADDING=2 CELLSPACING=2>\r
+ <TR>\r
+ <TD>\r
+ <PRE># /usr/local/bin/mrtg /usr/local/etc/mrtg/opengate.cfg</PRE>\r
+ </TD>\r
+ </TR>\r
+</TABLE>\r
+<P STYLE="TEXT-INDENT: 0in">Various WARNING messages are output the\r
+first and second time, this is normal behavior <BR>(as explained in\r
+the MRTG documentation)!<BR>Some files are created in "WorkDir".</P>\r
+<TABLE CELLPADDING=2 CELLSPACING=2>\r
+ <TR>\r
+ <TD>\r
+ <PRE>> ls -l\r
+-rw-r--r-- 1 root wheel 538 12 14 04:40 mrtg-l.png\r
+-rw-r--r-- 1 root wheel 414 12 14 04:40 mrtg-m.png\r
+-rw-r--r-- 1 root wheel 1759 12 14 04:40 mrtg-r.png\r
+-rw-r--r-- 1 root wheel 2941 12 20 15:15 opengate-day.png\r
+-rw-r--r-- 1 root wheel 2146 12 20 14:35 opengate-month.png\r
+-rw-r--r-- 1 root wheel 2867 12 20 14:55 opengate-week.png\r
+-rw-r--r-- 1 root wheel 1897 12 20 05:00 opengate-year.png\r
+-rw-r--r-- 1 root wheel 5961 12 20 15:15 opengate.html\r
+-rw-r--r-- 1 root wheel 48786 12 20 15:15 opengate.log\r
+-rw-r--r-- 1 root wheel 48784 12 20 15:10 opengate.old</PRE>\r
+ </TD>\r
+ </TR>\r
+</TABLE>\r
+<P ALIGN=right><A href="#mrtg0">back</A> <A href="#top">top</A></P>\r
+\r
+<H4><!-- ************ 4 ************** -->\r
+<A href="#mrtg4" name=mrtg4>H.4 Registering to Crontab</A></H4>\r
+\r
+<P>Add the following line to "/etc/crontab":</P>\r
+<TABLE CELLPADDING=2 CELLSPACING=2>\r
+ <TR>\r
+ <TD>\r
+ <PRE>*/5 * * * * root /usr/local/bin/mrtg /usr/local/etc/mrtg/opengate.cfg</PRE>\r
+ </TD>\r
+ </TR>\r
+</TABLE>\r
+<P ALIGN=right><A href="#mrtg0">back</A> <A href="#top">top</A></P>\r
+\r
+<HR>\r
+<H3><!-- Start:Install rulechk -->\r
+<A href="#rulechk" name=rulechk>I rulechk Installation (Optional)</A></H3>\r
+\r
+<P>This section is optional. <BR>When the\r
+Opengate process is not exited normally, superfluous rules might be\r
+left behind. <BR>Though it is \r
+very rare, the tools/rulechk script is made to handle such situations. This \r
+script compares the Opengate process list and the firewall rule list, and \r
+deletes the obsolete rules.<BR>This script is compatible with Opengate Ver1.3.1 or above. \r
+</P>\r
+<P ALIGN=right STYLE="MARGIN-BOTTOM: 0in"><A href="#rulechk">back</A> <A href="#top">top</A></P>\r
+</BODY>\r
+</HTML>\r
What to do for No Java terminals?\r
<BLOCKQUOTE>\r
The no Java user can enters the usage duraion in auth page. To cope with hijacking and notting, the connection state is checked periodically by ARP command and packet count passing the firewall. The user can also close the network by clicking the TERMINATE link in accept page.\r
-\r
+From Version 1.4, JavaScript is used instead of Java.\r
</BLOCKQUOTE></LI>\r
\r
\r
Can I display web pages with other language.\r
\r
<BLOCKQUOTE>\r
-Directorys named en and ja are the html documentations in english and japanese. Same as the directory, make the new language documentations. And modify the language setting in configuration file and index.html.var. To change the Java Applet message, modify the source of Java.\r
+Directorys named en and ja are the html documentations in english and japanese. Same as the directory, make the new language documentations. And modify the language setting in configuration file and index.html.var. \r
</BLOCKQUOTE>\r
\r
<LI>\r
<P>Necessity</P>
</TD>
<TD>
- <P>Web browser can run on the client. Ajax or JavaVM is desired.</P>
+ <P>Web browser can run on the client. Ajax is desired.</P>
</TD>
</TR>
<TR>
<P>Condition to close network</P>
</TD>
<TD>
- <P>When (Ajax or JavaVM) is enabled and the usage duration is not
+ <P>When Ajax is enabled and the usage duration is not
entered:<BR> - Close Web browser or OS<BR> - Fail
periodic live check<BR>Other cases<BR> - A fixed time length
passes.<BR> - No packet passed from/to the client for a long
Opengate\82Í\88È\89º\82Ì\83t\83@\83C\83\8b\82ð\97\98\97p\82µ\82Ü\82·\81B\82±\82ê\82ç\82Í\90³\82µ\82\94z\92u\82³\82ê\82Ä\82¢\82Ü\82·\82©\81B\83f\83B\83\8c\83N\83g\83\8a\82Ídefault\88Ê\92u\82Å\82·\81B<br>\r
/usr/local/www/data/index.html.var<br>\r
/usr/local/www/cgi-bin/opengate/(opengatesrv.cgi, opengatefwd.cgi, opengateauth.cgi)<br>\r
- /usr/local/www/data/opengate/(Opengate.jar, Opengate.class, OpengateOlient.class)<br>\r
/usr/local/www/data/opengate/(ja, en)/(topindex.html, index.html, index-ssl.html, accept.html, accept2.hmtl, deny.html, deny-ssl.html, retry.html)<br>\r
- /etc/opengate/(opengatesrv.conf, rc.firewall, rc.irewall6, ipfwctrl.pl): *.sample\82©\82ç\83R\83s\81[\81B<br>\r
+ /etc/opengate/(opengatesrv.conf, rc.firewall, ipfwctrl.pl): *.sample\82©\82ç\83R\83s\81[\81B<br>\r
/var/log/opengate.log<br>\r
\82³\82ç\82É\81A\83\8d\83b\83N\83t\83@\83C\83\8b\82Æ\82µ\82Ä/tmp/opengate.lock\82ð\8eg\97p\82µ\82Ü\82·\82ª\81A\8dì\90¬\82Í\95s\97v\82Å\82·\81B\8fÁ\82µ\82Ä\82à\8d\\82¢\82Ü\82¹\82ñ\81B\r
</LI>\r
<LI>EndWebAndRetry\82Ì\83y\81[\83W\82ª\95\\8e¦\82³\82ê\82é\81B</LI>\r
<UL>\r
<LI>\8aù\82É\8aJ\95ú\82³\82ê\82Ä\82¢\82é\92[\96\96\82©\82ç\82Ì\97v\8b\81\82ð\8b\91\94Û\82µ\82Ä\82¢\82Ü\82·\81B\83u\83\89\83E\83U\82ÌBack\93\99\82ð\8eg\82Á\82Ä\8dÄ\93x\94F\8fØ\97v\8b\81\82ð\82µ\82½\82Æ\82«\82È\82Ç\82É\8bN\82«\82Ü\82·\81B\8dÄ\8e\8e\8ds\82·\82ê\82Î\81A\94F\8fØ\83y\81[\83W\82Å\82Í\82È\82\96Ú\93I\82Æ\82·\82é\8aO\95\94\83y\81[\83W\82ª\95\\8e¦\82³\82ê\82é\82Í\82¸\82Å\82·\81B</li>\r
-<LI>JavaApplet\82ª\93®\82©\82È\82¢\8fê\8d\87\82É\82Í\81A\83u\83\89\83E\83U\82ð\8fI\97¹\82µ\82Ä\82à\91¦\8e\9e\95Â\8d½\82Æ\82È\82ç\82¸\81A\82µ\82Î\82ç\82\82Í\8aJ\95ú\8fó\91Ô\82É\82 \82è\82Ü\82·\81B</li>\r
</UL>\r
\r
<LI>Apache\82ªInternal\83G\83\89\81[\82âFileNotFound\83G\83\89\81[\82È\82Ç\82ð\8fo\82·\81B</LI>\r
<UL>\r
<LI>\89©\90F\82¢\83o\81[\82ª\95\\8e¦\82³\82ê\82È\82¢\81B</LI>\r
<UL>\r
-<LI>JavaApplet\82ª\93®\8dì\82µ\82Ä\82¢\82Ü\82¹\82ñ\81B\83u\83\89\83E\83U\82ÅJavaVM\82ª\93®\8dì\82·\82é\82æ\82¤\82É\90Ý\92è\82µ\82Ä\82\82¾\82³\82¢\81B</LI>\r
-<LI>ClassNotFound\82Ì\83\81\83b\83Z\81[\83W\82ª\8fo\82é\82Æ\82«\82Í\81AJava\82Ìclass\83t\83@\83C\83\8b\82Ü\82½\82Íjar\83t\83@\83C\83\8b\82Ì\88Ê\92u\8ew\92è\82ð\8am\94F\82\82¾\82³\82¢\81B</LI>\r
+<LI>JavaScript\82ª\93®\8dì\82µ\82Ä\82¢\82Ü\82¹\82ñ\81B\83u\83\89\83E\83U\82ÅJavaScript\82ª\93®\8dì\82·\82é\82æ\82¤\82É\90Ý\92è\82µ\82Ä\82\82¾\82³\82¢\81B</LI>\r
<LI>\82±\82Ì\8fê\8d\87\82à\81A\82µ\82Î\82ç\82\82Í\83l\83b\83g\83\8f\81[\83N\82ª\97\98\97p\82Å\82«\82Ü\82·\81B\95Â\8d½\82Í\88È\89º\82Ì\8e\9e\82É\8bN\82«\82Ü\82·\81B\81u\8ew\92è\8e\9e\8aÔ\82ª\8co\89ß\81v\81u\8fI\97¹\83\8a\83\93\83N\82ð\83N\83\8a\83b\83N\81v\81uIP\83A\83h\83\8c\83X\82É\91Î\82·\82éMAC\83A\83h\83\8c\83X\82ª\95Ï\89»\81v\81u\88ê\92è\8e\9e\8aÔ\83p\83P\83b\83g\82ª\92Ê\82ç\82È\82¢\81v\81B</LI>\r
-<LI>Java Applet\82ª\81AJava Runtime 1.1\8cü\82¯\82É\83R\83\93\83p\83C\83\8b\82µ\82Ä\82¢\82È\82¢\82Æ\81AMicrosoft VM\82Å\93®\82«\82Ü\82¹\82ñ\81B\91Î\89\9e\82·\82é\82É\82Í\81A\81ujavac -target 1.1 Opengate.java\81v\82Æ\82µ\82Ä\83R\83\93\83p\83C\83\8b\89º\82³\82¢\81B\8aÂ\8b«\82É\82æ\82Á\82Ä\82Í\81u-source 1.2\81v\82Ü\82½\82Í\81u-source 1.3\81v\82ª\95K\97v\82©\82à\92m\82ê\82Ü\82¹\82ñ\81B</LI>\r
-\r
</UL>\r
</UL>\r
<P></P>\r
<UL>\r
<LI>JavaScript\82ª\97L\8cø\82É\82È\82Á\82Ä\82¢\82È\82¢\82Æ\83|\83b\83v\83A\83b\83v\82µ\82Ü\82¹\82ñ\81B</LI>\r
<LI>\83u\83\89\83E\83U\82Å\83|\83b\83v\83A\83b\83v\8bÖ\8e~\82É\90Ý\92è\82³\82ê\82Ä\82¢\82é\82Æ\83|\83b\83v\83A\83b\83v\82µ\82Ü\82¹\82ñ\81B</LI>\r
-<LI>\82±\82ê\82ç\92[\96\96\82É\91Î\89\9e\82·\82é\82½\82ß\82É\95Ê\83E\83C\83\93\83h\83E\82ð\8aJ\82\82½\82ß\82Ì\83\8a\83\93\83N\82ð\95t\82¯\82Ä\82¢\82Ü\82·\81B\82È\82¨\81AJavaApplet\82Ì\83y\81[\83W\82ð\95Û\8e\9d\82Å\82«\82ê\82Î\81A\95Ê\83E\83C\83\93\83h\83E\82ª\8fo\82È\82\82Ä\82à\97\98\97p\82É\8ex\8fá\82Í\82 \82è\82Ü\82¹\82ñ\81B</LI>\r
+<LI>\82±\82ê\82ç\92[\96\96\82É\91Î\89\9e\82·\82é\82½\82ß\82É\95Ê\83E\83C\83\93\83h\83E\82ð\8aJ\82\82½\82ß\82Ì\83\8a\83\93\83N\82ð\95t\82¯\82Ä\82¢\82Ü\82·\81B\82È\82¨\81AJavaScript\82Ì\83y\81[\83W\82ð\95Û\8e\9d\82Å\82«\82ê\82Î\81A\95Ê\83E\83C\83\93\83h\83E\82ª\8fo\82È\82\82Ä\82à\97\98\97p\82É\8ex\8fá\82Í\82 \82è\82Ü\82¹\82ñ\81B</LI>\r
</UL>\r
</UL>\r
<P></P>\r
<LI>\8b\96\89Â\83y\81[\83W\82ª\95\\8e¦\82³\82ê\82½\82Ì\82É\81A\92Ê\90M\82ª\92Ê\82ç\82È\82¢\81B</LI>\r
<UL>\r
<LI>ipfw list\83R\83}\83\93\83h\82Å\81A\8b\96\89Â\83\8b\81[\83\8b\82ª\92Ç\89Á\82³\82ê\82Ä\82¢\82é\82±\82Æ\82ð\8am\94F\82\82¾\82³\82¢\81B\83\8b\81[\83g\8c \8cÀ\82Å\93®\82©\82È\82¢\82Æipfw\83R\83}\83\93\83h\82Í\94\8ds\82ª\8fo\97\88\82Ü\82¹\82ñ\81Bopengatesrv.cgi\83t\83@\83C\83\8b\82ÉS\83r\83b\83g\82ª\97§\82Á\82Ä\82¢\82é\82±\82Æ\82ð\8am\94F\82\82¾\82³\82¢\81B</LI>\r
-<LI>\83u\83\89\83E\83U\82ð\8fI\97¹\82µ\82È\82¢\82Å\82\82¾\82³\82¢\81B\8dÅ\8f¬\89»\8fó\91Ô\82Å\82à\82©\82Ü\82¢\82Ü\82¹\82ñ\81B\8fI\97¹\82·\82é\82ÆJavaApplet\82©\82ç\82Ì\98A\97\8d\82É\82æ\82è\83l\83b\83g\83\8f\81[\83N\82ª\95Â\8d½\82³\82ê\82Ü\82·\81B</LI>\r
+<LI>\83u\83\89\83E\83U\82ð\8fI\97¹\82µ\82È\82¢\82Å\82\82¾\82³\82¢\81B\8dÅ\8f¬\89»\8fó\91Ô\82Å\82à\82©\82Ü\82¢\82Ü\82¹\82ñ\81B\8fI\97¹\82·\82é\82ÆJavaScript\82©\82ç\82Ì\98A\97\8d\82É\82æ\82è\83l\83b\83g\83\8f\81[\83N\82ª\95Â\8d½\82³\82ê\82Ü\82·\81B</LI>\r
</UL>\r
<LI>\8b\96\89Â\83y\81[\83W\82ª\95\\8e¦\82³\82ê\82Ä\82µ\82Î\82ç\82\82Í\92Ê\90M\82ª\8fo\97\88\82é\82ª\81A\89½\95ª\82©\8co\82Â\82Æ\92Ê\90M\82ª\92Ê\82ç\82È\82\82È\82é\81B</LI>\r
<UL>\r
-<LI>JavaApplet\82ª\93®\82¢\82Ä\82¢\82È\82¢\8fê\8d\87\82Ì\90à\96¾\82Í\8fã\82ð\8eQ\8fÆ\82\82¾\82³\82¢\81B</LI>\r
-<LI>JavaApplet\89Ò\93®\8e\9e\82É\82Í\81A\88È\89º\82Ì\82¢\82¸\82ê\82©\82Å\95Â\8d½\82³\82ê\82Ü\82·\81B\81uJavaApplet\82ª\92â\8e~\82·\82é\81i\83u\83\89\83E\83U\92â\8e~\81AOS\92â\8e~\82É\94º\82¤\92â\8e~\82ð\8aÜ\82Þ)\81v\81u10\95ª\82²\82Æ\82ÌHello\83\81\83b\83Z\81[\83W\8cð\8a·\82ÉJavaApplet\82ª\88ê\92è\89ñ\90\94\95Ô\93\9a\82µ\82È\82¢\81v\81u\88ê\92è\8e\9e\8aÔ\83p\83P\83b\83g\82ª\92Ê\82ç\82È\82¢\81v\81B</LI>\r
+<LI>JavaScript\82ª\93®\82¢\82Ä\82¢\82È\82¢\8fê\8d\87\82Ì\90à\96¾\82Í\8fã\82ð\8eQ\8fÆ\82\82¾\82³\82¢\81B</LI>\r
+<LI>JavaScript\89Ò\93®\8e\9e\82É\82Í\81A\88È\89º\82Ì\82¢\82¸\82ê\82©\82Å\95Â\8d½\82³\82ê\82Ü\82·\81B\81uJavaScript\82ª\92â\8e~\82·\82é\81i\83u\83\89\83E\83U\92â\8e~\81AOS\92â\8e~\82É\94º\82¤\92â\8e~\82ð\8aÜ\82Þ)\81v\81uHello\83\81\83b\83Z\81[\83W\8cð\8a·\82ÉJavaScript\82ª\95Ô\93\9a\82µ\82È\82¢\81v\81B</LI>\r
</UL>\r
\r
</UL>\r
\r
<!-- ******************** -->\r
\r
-<LI>10\95ª\82²\82Æ\82É\89©\90F\82¢\83o\81[\82Ì\92\86\82Ì\95\\8e¦\82ª\95Ï\82í\82é\81B</LI>\r
+<LI>\90\94\95ª\82²\82Æ\82É\89©\90F\82¢\83o\81[\82Ì\92\86\82Ì\95\\8e¦\82ª\95Ï\82í\82é\81B</LI>\r
\r
<UL>\r
<LI>\8dÅ\8f\89\82Ì\90³\8fí\8aJ\8en\82Ì\83\81\83b\83Z\81[\83W\82Ì\82Ü\82Ü\95Ï\82í\82ç\82È\82¢\81B</LI>\r
<li class="list_num"><A href="#apache3">\83o\81[\83`\83\83\83\8b\83z\83X\83g\82Ì\90Ý\92è</A></li>\r
<li class="list_num"><A href="#apache4">\82»\82Ì\91¼\82Ì\90Ý\92è\82Æ\93®\8dì\8am\94F</A></li>\r
</ul></li>\r
+ <li class="list_alpha"><A href="#sqlite0">SQLite3\82Ì\83C\83\93\83X\83g\81[\83\8b</A>\r
+ <ul>\r
+ <li class="list_num"><A href="#sqlite1">\83C\83\93\83X\83g\81[\83\8b</A></li>\r
+ <li class="list_num"><A href="#sqlite2">\93®\8dì\8am\94F</A></li>\r
+ </ul></li>\r
<li class="list_alpha"><A href="#opengate0">Opengate \82Ì\83C\83\93\83X\83g\81[\83\8b</A>\r
<ul>\r
<li class="list_num"><A href="#opengate1">Opengate\83p\83b\83P\81[\83W</A></li>\r
<li class="list_num"><A href="#opengate4">ipfw\82Ì\90Ý\92è</A></li>\r
<li class="list_num"><A href="#opengate5">syslog\82Ì\90Ý\92è</A></li>\r
<li class="list_num"><A href="#opengate6">\93®\8dì\8am\94F</A></li>\r
+ <li class="list_num"><A href="#opengate7">\83y\81[\83W\82Ì\8fC\90³</A></li>\r
+ <li class="list_num"><A href="#opengate8">sqlite3\82Ì\90Ý\92è</A></li>\r
\r
</ul></li>\r
<li class="list_alpha"><A href="#mrtg0">MRTG\82Ì\83C\83\93\83X\83g\81[\83\8b(Optional)</A>\r
<!-- ************1************* -->\r
<h4>B.1 \8aî\96{\83C\83\93\83X\83g\81[\83\8b<A class=anchor href="#freebsd1" name=freebsd1>\81õ</A></h4>\r
\r
-<p>FreeBSD4.x\88È\8d~\82Ì\82Ç\82ê\82©\82ð\83C\83\93\83X\83g\81[\83\8b\82·\82é\81BFreeBSD6.1\88È\8d~\82ª\96]\82Ü\82µ\82¢\81B\8cã\82É\83J\81[\83l\83\8b\82ð\8dÄ\8d\\92z\82·\82é\95K\97v\82ª\82 \82é\82Ì\82Å\81A\83C\83\93\83X\83g\81[\83\8b\82·\82éDistributions\82ð\91I\91ð\82·\82é\8dÛ\82É\81ADeveloper(Full sources,binaries and doc)\82à\82µ\82\82ÍAll\82ð\91I\91ð\82µ\82È\82¯\82ê\82Î\82È\82ç\82È\82¢\81B</p>\r
+<p>FreeBSD6.1\88È\8d~\82Ì\82Ç\82ê\82©\82ð\83C\83\93\83X\83g\81[\83\8b\82·\82é\81B\8cã\82É\83J\81[\83l\83\8b\82ð\8dÄ\8d\\92z\82·\82é\95K\97v\82ª\82 \82é\82Ì\82Å\81A\83C\83\93\83X\83g\81[\83\8b\82·\82éDistributions\82ð\91I\91ð\82·\82é\8dÛ\82É\81ADeveloper(Full sources,binaries and doc)\82à\82µ\82\82ÍAll\82ð\91I\91ð\82µ\82È\82¯\82ê\82Î\82È\82ç\82È\82¢\81B</p>\r
\r
<p>FreeBSD\82ð\83C\83\93\83X\83g\81[\83\8b\82µ\82½\8cã\82É\81A\83Q\81[\83g\83E\83F\83C\82Æ\82µ\82Ä\82Ì\8b@\94\\82ð\97L\8cø\82É\82·\82é\82½\82ß\82É\81A/etc/rc.conf\82É\8e\9f\82Ì\90Ý\92è\82ð\8bL\8fq\82·\82é\81B\82à\82µ\82\82Í\81AFreeBSD\82ð\83C\83\93\83X\83g\81[\83\8b\82·\82é\8dÛ\82É\81A\83Q\81[\83g\83E\83F\83C\82Æ\82µ\82Ä\82Ì\8b@\94\\82ð\97L\8cø\82É\82·\82é\82©\94Û\82©\82ð\96â\82í\82ê\82é\82Ì\82Å\81A\82±\82±\82Å\83Q\81[\83g\83E\83F\83C\82Ì\8b@\94\\82ð\97L\8cø\82É\82µ\82Ä\82à\8d\\82í\82È\82¢\81B</p>\r
\r
<h4>B.2 NAT\82Æ\83t\83@\83C\83A\83E\83H\81[\83\8b\82Ì\92Ç\89Á<A class=anchor href="#freebsd2" name=freebsd2>\81õ</A></h4>\r
\r
<p>\r
-\83t\83@\83C\83A\83E\83H\81[\83\8b\81iipfw\82¨\82æ\82Ñip6fw)\82ð\97\98\97p\82·\82é\82½\82ß\82É\82Í\81AFreeBSD\82Ì\83J\81[\83l\83\8b\82ð\8dÄ\8d\\92z\82·\82é\95K\97v\82ª\82 \82é\81BFreeBSD\83C\83\93\83X\83g\81[\83\8b\8e\9e\82É\83J\81[\83l\83\8b\93\99\82Ì\91S\82Ä\82Ì\83\\81[\83X\82ð\83C\83\93\83X\83g\81[\83\8b\82µ\82Ä\82¢\82È\82¯\82ê\82Î\82È\82ç\82È\82¢\81B</p>\r
+\83t\83@\83C\83A\83E\83H\81[\83\8b\81iipfw)\82ð\97\98\97p\82·\82é\82½\82ß\82É\82Í\81AFreeBSD\82Ì\83J\81[\83l\83\8b\82ð\8dÄ\8d\\92z\82·\82é\95K\97v\82ª\82 \82é\81BFreeBSD\83C\83\93\83X\83g\81[\83\8b\8e\9e\82É\83J\81[\83l\83\8b\93\99\82Ì\91S\82Ä\82Ì\83\\81[\83X\82ð\83C\83\93\83X\83g\81[\83\8b\82µ\82Ä\82¢\82È\82¯\82ê\82Î\82È\82ç\82È\82¢\81B</p>\r
\r
<p>\88È\89º\82Ì\83f\83B\83\8c\83N\83g\83\8a\82É\82¨\82¢\82Ä\81AOpengate\97p\82Ì\83J\81[\83l\83\8b\83I\83v\83V\83\87\83\93\82ð\8dì\90¬\82·\82é\81B</p>\r
\r
\r
<p>\83R\83s\81[\82µ\82½\83J\81[\83l\83\8b\83I\83v\83V\83\87\83\93\82É\81A\8e\9f\82Ì\83I\83v\83V\83\87\83\93\82ð\92Ç\89Á\82·\82é\81B</p>\r
\r
-<p> FreeBSD6.0\88È\91O </p>\r
-\r
-<table><tr><td><pre>\r
-options IPDIVERT\r
-\r
-options IPFIREWALL\r
-options IPFIREWALL_FORWARD\r
-options IPFIREWALL_VERBOSE\r
-options IPFIREWALL_VERBOSE_LIMIT=100\r
-\r
-options IPV6FIREWALL\r
-options IPV6FIREWALL_VERBOSE\r
-options IPV6FIREWALL_VERBOSE_LIMIT=100\r
\r
-options IPSEC\r
-options IPSEC_ESP\r
-options TCP_DROP_SYNFIN\r
-</pre></td></tr></table>\r
-\r
-<p> FreeBSD6.1\88È\8d~ </p>\r
\r
<table><tr><td><pre>\r
options IPDIVERT\r
\r
<p>\82±\82ê\82ç\82Ì\83I\83v\83V\83\87\83\93\82ð\92Ç\89Á\82µ\82½\8cã\82É\81A\83J\81[\83l\83\8b\82Ì\83R\83\93\83p\83C\83\8b\82Æ\83C\83\93\83X\83g\81[\83\8b\82ð\8ds\82È\82¤\81B</p>\r
\r
+<TABLE CELLPADDING=2 CELLSPACING=2>\r
+<TR><TD>\r
+<PRE>#cd /usr/src\r
+#make buildkernel KERNCONF=MYKERNEL\r
+#make installkernel KERNCONF=MYKERNEL\r
+</PRE>\r
+</TD></TR>\r
+</TABLE>\r
+\r
+<p>\82±\82ê\82ª\8e¸\94s\82·\82é\82È\82ç\81A\8cÃ\82¢\95û\8e®\82ð\97\98\97p\82·\82é\81B\r
<table><tr><td><pre># config MYKERNEL\r
# cd ../compile/MYKERNEL\r
# make depend\r
<p>\r
\8dÄ\8d\\92z\82µ\82½\83J\81[\83l\83\8b\82É\82æ\82Á\82Ä\81A\83t\83@\83C\83A\83E\83H\81[\83\8b\82ð\97L\8cø\82É\82·\82é\82½\82ß\82É/etc/rc.conf\82É\88È\89º\82Ì\83I\83v\83V\83\87\83\93\82ð\8bL\8fq\82·\82é\81B</p>\r
\r
-<p> FreeBSD6.0\88È\91O </p>\r
-\r
-<table><tr><td><pre>\r
-firewall_enable="YES"\r
-firewall_script="/etc/rc.firewall"\r
-firewall_type="open"\r
-\r
-ipv6_firewall_enable="YES"\r
-ipv6_firewall_script="/etc/rc.firewall6"\r
-ipv6_firewall_type="open"\r
-\r
-natd_enable="YES"\r
-natd_interface="fxp1"\r
-</pre></td></tr></table>\r
\r
-<p> FreeBSD6.1\88È\8d~ </p>\r
<table><tr><td><pre>\r
firewall_enable="YES"\r
firewall_script="/etc/rc.firewall"\r
\r
<hr>\r
\r
+\r
+<!-- Start:SQLite3\82Ì\83C\83\93\83X\83g\81[\83\8b -->\r
+<h3>F SQLite3\82Ì\83C\83\93\83X\83g\81[\83\8b<A class=anchor href="#sqlite0" name=sqlite0>\81õ</A></h3>\r
+<ul>\r
+ <li class="list_num"><A href="#sqlite1">\83C\83\93\83X\83g\81[\83\8b</A></li>\r
+ <li class="list_num"><A href="#sqlite2">\93®\8dì\8am\94F</A></li>\r
+</ul>\r
+\r
+<!-- ************ 1 ************** -->\r
+<h4>F.1 \83C\83\93\83X\83g\81[\83\8b<A class=anchor href="#sqlite1" name=sqlite1>\81õ</A></h4>\r
+\r
+\r
+<p>SQLite\82Ì\83T\83C\83g\82©\82ç\83_\83E\83\93\83\8d\81[\83h\82µ\82½\83A\81[\83J\83C\83u\82ð\89ð\93\80\82µ\81A\83C\83\93\83X\83g\81[\83\8b\82·\82é\81B</p>\r
+\r
+<table><tr><td><pre>\r
+# tar xzvf sqlite-amalgamation-3.xx.xx.tar.gz\r
+# cd sqlite-3.xx.xx\r
+# ./configure\r
+# make\r
+# make install\r
+</pre></td></tr></table>\r
+\r
+<div align="right"><A href="#sqlite0">back</A> <A href="#top">top</A></div>\r
+\r
+<!-- ************ 2 ************** -->\r
+<h4>F.2 \93®\8dì\8am\94F<A class=anchor href="#sqlite2" name=sqlite2>\81õ</A></h4>\r
+\r
+<p>\r
+\88È\89º\82Ì\83R\83}\83\93\83h\82Å\83C\83\93\83X\83g\81[\83\8b\82ð\8am\94F\82·\82é\81B\r
+\r
+<table><tr><td><pre>\r
+# sqlite3\r
+SQLite version 3.xx.xx\r
+Enter ".help" for instructions\r
+Enter SQL statements terminated with a ";"\r
+sqlite> .quit\r
+#\r
+</pre></td></tr></table>\r
+\r
+<div align="right"><A href="#sqlite0">back</A> <A href="#top">top</A></div>\r
+\r
+<hr>\r
+\r
<!-- Start:Opengate\82Ì\83C\83\93\83X\83g\81[\83\8b -->\r
-<h3>F Opengate\82Ì\83C\83\93\83X\83g\81[\83\8b<A class=anchor href="#opengate0" name=opengate0>\81õ</A></h3>\r
+<h3>G Opengate\82Ì\83C\83\93\83X\83g\81[\83\8b<A class=anchor href="#opengate0" name=opengate0>\81õ</A></h3>\r
\r
<ul>\r
<li class="list_num"><A href="#opengate1">Opengate\83p\83b\83P\81[\83W</A></li>\r
<li class="list_num"><A href="#opengate2">\83C\83\93\83X\83g\81[\83\8b</A></li>\r
<li class="list_num"><A href="#opengate3">\90Ý\92è\83t\83@\83C\83\8b\82Ì\90Ý\92è</A></li>\r
<li class="list_num"><A href="#opengate4">ipfw\82Ì\90Ý\92è</A></li>\r
- <li class="list_num"><A href="#opengate5">ip6fw\82Ì\90Ý\92è</A></li>\r
- <li class="list_num"><A href="#opengate6">syslog\82Ì\90Ý\92è</A></li>\r
- <li class="list_num"><A href="#opengate7">\93®\8dì\8am\94F</A></li> </ul>\r
+ <li class="list_num"><A href="#opengate5">syslog\82Ì\90Ý\92è</A></li>\r
+ <li class="list_num"><A href="#opengate6">\93®\8dì\8am\94F</A></li> \r
+ <li class="list_num"><A href="#opengate7">\83y\81[\83W\82Ì\8fC\90³</A></li>\r
+ <li class="list_num"><A href="#opengate8">sqlite3\82Ì\90Ý\92è</A></li>\r
+</ul>\r
\r
<!-- ************1************* -->\r
-<h4>F.1 Opengate\83p\83b\83P\81[\83W<A class=anchor href="#opengate1" name=opengate1>\81õ</A></h4>\r
+<h4>G.1 Opengate\83p\83b\83P\81[\83W<A class=anchor href="#opengate1" name=opengate1>\81õ</A></h4>\r
\r
<p>Opengate\82Ì\83p\83b\83P\81[\83W\82ð\93K\93\96\82È\83f\83B\83\8c\83N\83g\83\8a\82É\93W\8aJ\82·\82é\81B</p>\r
\r
<tr><td><pre>\r
doc\81F\8ae\8eí\95¶\8f\91\r
conf\81F\90Ý\92è\83t\83@\83C\83\8b\81A\83t\83@\83C\83A\83E\83H\81[\83\8b\83X\83N\83\8a\83v\83g\r
-javahtml\81F\83N\83\89\83C\83A\83\93\83gJava Applet\81AHTML\83t\83@\83C\83\8b\r
+javahtml\81F\83N\83\89\83C\83A\83\93\83g\83v\83\8d\83O\83\89\83\80\81AHTML\83t\83@\83C\83\8b\r
opengatesrv\81F\83T\81[\83oCGI\83v\83\8d\83O\83\89\83\80\r
tools: \95t\89Á\83c\81[\83\8b\r
ezxml: XML\83p\81[\83T (copyright Aaron Voisine)\r
</table>\r
<div align="right"><A href="#opengate0">back</A> <A href="#top">top</A></div>\r
\r
-<h4>F.2 \83R\83\93\83p\83C\83\8b<A class=anchor href="#opengate2" name=opengate2>\81õ</A></h4>\r
+<h4>G.2 \83R\83\93\83p\83C\83\8b<A class=anchor href="#opengate2" name=opengate2>\81õ</A></h4>\r
\r
<p>\r
\r
<div align="right"><A href="#opengate0">back</A> <A href="#top">top</A></div>\r
\r
<!-- ************ 3 ************** -->\r
-<h4>F.3 \90Ý\92è\83t\83@\83C\83\8b\82Ì\90Ý\92è<A class=anchor href="#opengate3" name=opengate3>\81õ</A></h4>\r
+<h4>G.3 \90Ý\92è\83t\83@\83C\83\8b\82Ì\90Ý\92è<A class=anchor href="#opengate3" name=opengate3>\81õ</A></h4>\r
\r
<p>\90Ý\92è\83t\83@\83C\83\8b/etc/opengate/opengatesrv.conf.sample\82ª\8dì\90¬\82³\82ê\82Ä\82¢\82é\82Ì\82Å\81A\82±\82ê\82ð/etc/opengate/opengtesrv.conf\82É\83R\83s\81[\82µ\82Ä\95Ï\8dX\82ð\89Á\82¦\82é\81B\95K\90{\95Ï\8dX\89Ó\8f\8a\82Í\88È\89º\82Ì\92Ê\82è\82Å\82 \82é\81B</p>\r
\r
\r
\r
<div align="right"><A href="#opengate0">back</A> <A href="#top">top</A></div>\r
-<hr>\r
\r
<!-- ************ 4 ************** -->\r
-<h4>F.4 ipfw\82Ì\90Ý\92è<A class=anchor href="#opengate4" name=opengate4>\81õ</A></h4>\r
+<h4>G.4 ipfw\82Ì\90Ý\92è<A class=anchor href="#opengate4" name=opengate4>\81õ</A></h4>\r
\r
<p>\r
Opengate\82Ì\93®\8dì\82Ì\82½\82ß\82É\93K\90Ø\82É\83t\83@\83C\83A\83E\83H\81[\83\8b\82Ì\83\8b\81[\83\8b\82ð\8bL\8fq\82µ\82È\82¯\82ê\82Î\82È\82ç\82È\82¢\81B</p>\r
\r
-<p>(FreeBSD6.0\88È\91O\82Ì\8fê\8d\87)</p>\r
-<p>IPv4\82Íipfw\82Å\81AIPv6\82Íip6fw\82Å\90§\8cä\82·\82é\81B\r
-ipfw\82Æip6fw\82Ì\83t\83@\83C\83A\83E\83H\81[\83\8b\82Ì\83\8b\81[\83\8b\90Ý\92è\82Ì\83X\83N\83\8a\83v\83g\97á\82ð\81A"/etc/opengate/rc.firewall4.sample"\82Æ"/etc/opengate/rc.firewall6.sample"\82É\97p\88Ó\82µ\82Ä\82¢\82é\81B</p>\r
-<p>\82±\82ê\82ç\82ð"/etc/opengate/rc.firewall4"\82Æ"/etc/opengate/rc.firewall6"\82É\83R\83s\81[\82µ\82Ä\81AIP\83A\83h\83\8c\83X\93\99\82ð\8fC\90³\82·\82é\81B</p>\r
-\r
-<table><tr><td><pre>\r
-# cd /etc/opengate\r
-# cp rc.firewall4.sample rc.firewall4\r
-# cp rc.firewall6.sample rc.firewall6\r
-# vi rc.firewall4\r
-# vi rc.firewall6\r
-</pre></td></tr></table>\r
-\r
-<p>/erc/rc.conf\93à\82Ì\83t\83@\83C\83A\83E\83H\81[\83\8b\90Ý\92è\82ð\88È\89º\82Ì\82æ\82¤\82É\95Ï\8dX\82·\82é\81B\82±\82Ì\90Ý\92è\8cã\82Í\81A\83t\83@\83C\83A\83E\83H\81[\83\8b\82ª\8c´\91¥\95Â\8d½\82É\82È\82é\82Ì\82Å\92\8d\88Ó\82·\82é\81B</p>\r
-\r
-<table><tr><td><pre>\r
-firewall_enable="YES"\r
-firewall_script="/etc/opengate/rc.firewall4"\r
-\r
-ipv6_firewall_enable="YES"\r
-ipv6_firewall_script="/etc/opengate/rc.firewall6"\r
-</pre></td></tr></table>\r
-\r
-<p>\82³\82ç\82É\81A"/etc/opengatesrv.conf"\92\86\82Ì<Ip6fwPath>/sbin/ipfw</Ip6fwPath>\82ð<Ip6fwPath>/sbin/ip6fw</Ip6fwPath>\82É\95Ï\8dX\82·\82é\81B</p>\r
-\r
-<p>(FreeBSD6.1\88È\8d~\82Ì\8fê\8d\87)</p>\r
-\r
-<p>IPv4/IPv6\82Ì\97¼\8eÒ\82ðipfw\83V\83X\83e\83\80\82¾\82¯\82Å\90§\8cä\82Å\82«\82é\81B\82»\82Ì\83t\83@\83C\83A\83E\83H\81[\83\8b\82Ì\83\8b\81[\83\8b\90Ý\92è\82Ì\83X\83N\83\8a\83v\83g\97á\82ð\81A\r
+<p>IPv4/IPv6\82Ì\97¼\8eÒ\82ðipfw\83V\83X\83e\83\80\82Å\90§\8cä\82·\82é\81B\82»\82Ì\83t\83@\83C\83A\83E\83H\81[\83\8b\82Ì\83\8b\81[\83\8b\90Ý\92è\82Ì\83X\83N\83\8a\83v\83g\97á\82ð\81A\r
"/etc/opengate/rc.firewall.sample"\82É\97p\88Ó\82µ\82Ä\82¢\82é\81B</p>\r
<p>\82±\82ê\82ð"/etc/opengate/rc.firewall"\82É\83R\83s\81[\82µ\82Ä\81AIP\83A\83h\83\8c\83X\93\99\82ð\8fC\90³\82·\82é\81BIPv6\82ð\8eg\82í\82È\82¢\8fê\8d\87\81AIPv6\83A\83h\83\8c\83X\82É\82Ílocalhost(*net6="0", *ip6="::1")\82ð\90Ý\92è\82·\82é\81B</p>\r
\r
Opengate\82Í\81A\94F\8fØ\82ð\92Ê\89ß\82µ\82½\92[\96\96\82É\91Î\82µ\82Ä\81A\8b\96\89Â\83\8b\81[\83\8b(\94Ô\8d\86\81F10000-40000)\82ð\92Ç\89Á\81^\8dí\8f\9c\82·\82é\81B\82Ü\82½\81A\8dÅ\8f\89\82©\82ç\97D\90æ\8f\87\88Ê\82Ì\92á\82¢\88Ê\92u(\94Ô\8d\86\81F60000)\82É\81A\83t\83H\83\8f\81[\83h\83\8b\81[\83\8b\82ª\90Ý\92è\82³\82ê\82Ä\82¢\82é\81B\82æ\82Á\82Ä\81A\8b\96\89Â\92[\96\96\82Ì\83p\83P\83b\83g\82Í\83Q\81[\83g\83E\83F\83C\82ð\92Ê\89ß\82µ\81A\82»\82ê\88È\8aO\82Ì\92[\96\96\82ÌWeb\83A\83N\83Z\83X\82Å\82Í\94F\8fØ\83y\81[\83W\82ª\95\\8e¦\82³\82ê\82é\81B\r
</p>\r
\r
-<p>Opengate adds/removes the allow rule (rule number:10000-40000) for the authenticated terminals. And the forward rule is exists in less priority position(rule number:60000) in the initial setting. Thus the packets for authenticated terminals pass the gateway, and the Web access from other terminals results the authentication page.\r
-</p>\r
-\r
<div align="right"><A href="#opengate0">back</A> <A href="#top">top</A></div>\r
\r
\r
<!-- ************ 5 ************** -->\r
-<h4>F.5 syslog\82Ì\90Ý\92è<A class=anchor href="#opengate5" name=opengate5>\81õ</A></h4>\r
+<h4>G.5 syslog\82Ì\90Ý\92è<A class=anchor href="#opengate5" name=opengate5>\81õ</A></h4>\r
\r
<p>SYSLOG\82É\82æ\82é\83\8d\83O\8bL\98^\82ð\97L\8cø\82É\82·\82é\82½\82ß\82É\81A/etc/syslog.conf\82É\88È\89º\82Ì\90Ý\92è\82ð\8ds\82¤\81B</p>\r
\r
<div align="right"><A href="#opengate0">back</A> <A href="#top">top</A></div>\r
\r
<!-- ************ 6 ************** -->\r
-<h4>F.6 \93®\8dì\8am\94F<A class=anchor href="#opengate6" name=opengate6>\81õ</A></h4>\r
+<h4>G.6 \93®\8dì\8am\94F<A class=anchor href="#opengate6" name=opengate6>\81õ</A></h4>\r
\r
<p>\89º\97¬\91¤\83l\83b\83g\83\8f\81[\83N\82ÉPC\82ð\82Â\82È\82¢\82Å\81A\8fã\97¬\91¤\82ÌWeb\83T\83C\83g\82ð\83A\83N\83Z\83X\82·\82é\81B\93K\90Ø\82É\93®\8dì\82µ\82È\82¢\8fê\8d\87\81A\82Ü\82¸\82Í\81Adoc/progflow.html,doc/protocol.txt\82ð\8c©\82Ä\81A\93®\8dì\82Ì\8aÖ\98A\82ð\97\9d\89ð\82·\82é\82Æ\82Æ\82à\82É\81A\83\8d\83O\83t\83@\83C\83\8b(Opengate, httpd, \83V\83X\83e\83\80\82È\82Ç\81j\82ð\8eQ\8fÆ\82µ\82Ä\97~\82µ\82¢\81B\8fÚ\8d×\82È\83\8d\83O\82ð\8fo\82·\82É\82Í\81Aopengatesrv.conf\93à\82Ì<Debug>\82ð2\82É\90Ý\92è\82·\82é\81B\82Ü\82½\81A\8aÖ\98A\83\\83t\83g\83E\83F\83A\82ª\93Æ\97§\82Å\93®\8dì\82·\82é\82©\82ð\8am\82©\82ß\82Ä\97~\82µ\82¢\81B\82Ü\82½\81A\83G\83\89\81[\83`\83F\83b\83N\83h\83L\83\85\83\81\83\93\83gerrcheck.html\81A\8e¿\96â\89ñ\93\9aqa.html\81AWeb\8fã\82Ìrecentqa.html\82à\8eQ\8dl\82É\82È\82é\82¾\82ë\82¤\81B</p>\r
\r
<div align="right"><A href="#opengate0">back</A> <A href="#top">top</A></div>\r
\r
<!-- ************ 7 ************** -->\r
-<h4>F.7 \83y\81[\83W\82Ì\8fC\90³<A class=anchor href="#opengate7" name=opengate7>\81õ</A></h4>\r
+<h4>G.7 \83y\81[\83W\82Ì\8fC\90³<A class=anchor href="#opengate7" name=opengate7>\81õ</A></h4>\r
\r
<p>\95\\8e¦\83y\81[\83W\82Ì\93à\97e\82ð\95Ï\8dX\82·\82é\82Æ\82«\82É\82Í\81AHTML\83h\83L\83\85\83\81\83\93\83g\83f\83B\83\8c\83N\83g\83\8a\92\86\82Ì\8aY\93\96HTML\83t\83@\83C\83\8b\82ð\8fC\90³\82·\82é\81B\82±\82ê\82ç\82Ì\83t\83@\83C\83\8b\82ÍCGI\82ð\8co\97R\82µ\82Ä\83u\83\89\83E\83U\82É\91\97\82ç\82ê\82é\81B\82È\82¨\81Ahttpkeep.html\93à\82ÌURL\82É\82Í\91\8a\91Î\83p\83X\82Í\8eg\82¦\82È\82¢\81B\83t\83\8b\83p\83X\82Å\8ew\92è\82·\82é\82±\82Æ\82ª\95K\97v\82Å\82 \82é\81B%%XXX%%\82Ì\82æ\82¤\82È\8bL\8fq\82Í\95Ï\90\94\82Å\82 \82è\81ACGI\82É\82¨\82¢\82Ä\93K\90Ø\82È\92l\82É\92u\82«\8a·\82¦\82ç\82ê\82é\81B</p>\r
\r
<div align="right"><A href="#opengate0">back</A> <A href="#top">top</A></div>\r
\r
+<!-- ************ 8 ************** -->\r
+<h4>G.8 SQLite3\82Ì\90Ý\92è<A class=anchor href="#opengate8" name=opengate8>\81õ</A></h4>\r
\r
+<p>\r
+ Opengate\82Í\83Z\83b\83V\83\87\83\93\8fî\95ñ\82ð\95Û\8e\9d\82·\82é\82½\82ß\82ÉSQLite3\83f\81[\83^\83x\81[\83X\82ð\97\98\97p\82·\82é\81B\r
+\83f\81[\83^\83x\81[\83X\83t\83@\83C\83\8b\82Ì\88Ê\92u\82Í\81Aopengatesrv.conf\92\86\82Ì\81A<SqliteDb>\82Å\8ew\92è\82·\82é\81B\r
+default\92l\82©\82ç\81A\82æ\82è\93K\90Ø\82È\83f\83B\83\8c\83N\83g\83\8a\93à\82É\95Ï\82¦\82é\82±\82Æ\82ª\96]\82Ü\82µ\82¢\81B\r
+\82È\82¨\81A\82»\82Ì\83f\83B\83\8c\83N\83g\83\8a\82É\82Í\81A\89º\8bL\82Ì\97á\82Ì\82æ\82¤\82ÉWWW\82©\82ç\82Ì\8f\91\82«\8d\9e\82Ý\8b\96\89Â\82ð\97^\82¦\82é\95K\97v\82ª\82 \82é\81B\r
+</p>\r
+<table><tr><td><pre>\r
+Example:\r
+-- opengatesrv.conf --\r
+<SqliteDb>/home/sqlitedb/opengate.db</SqliteDb>\r
+-- shell commands --\r
+# mkdir /home/sqlitedb\r
+# chown www /home/sqlitedb\r
+</pre></td></tr></table>\r
+<p>\r
+\83f\81[\83^\83x\81[\83X\83t\83@\83C\83\8b\82¨\82æ\82Ñ\83e\81[\83u\83\8b\82Ì\8dì\90¬\82Í\8e©\93®\93I\82É\8ds\82í\82ê\82é\81B\r
+</p>\r
+\r
+<p>\r
+\90Ú\91±\82Ì\82½\82Ñ\82É\83t\83@\83C\83\8b\97e\97Ê\82ª\8f\99\81X\82É\91\9d\89Á\82·\82é\82½\82ß\81Acron\81i\82à\82µ\82\82Í\8eè\8dì\8bÆ\81j\82Å\83t\83@\83C\83\8b\88³\8fk\81i\82à\82µ\82\82Í\8dí\8f\9c\81j\82ð\92è\8aú\93I\82É\8ds\82¤\95K\97v\82ª\82 \82é\81B\88È\89º\82Í\95Â\8d½\82©\82ç\82R\93ú\88È\8fã\8co\89ß\82µ\82½\83\8c\83R\81[\83h\82ð\8dí\8f\9c\82·\82é\83X\83N\83\8a\83v\83g\82Ì\97á\82Å\82 \82é\81B\r
+</p>\r
+\r
+<table>\r
+<tr><td><pre>\r
+#!/bin/sh\r
+echo "delete from session where closeTime < datetime('now','localtime','-3days');" | sqlite3 /tmp/opengate.db\r
+exit 0\r
+</pre></td></tr>\r
+</table>\r
+\r
+\r
+<div align="right"><A href="#opengate0">back</A> <A href="#top">top</A></div>\r
+\r
+<hr>\r
\r
<!-- Start:MRTG\82Ì\83C\83\93\83X\83g\81[\83\8b -->\r
-<h3>G MRTG\82Ì\83C\83\93\83X\83g\81[\83\8b(Optional)<A class=anchor href="#mrtg0" name=mrtg0>\81õ</A></h3>\r
+<h3>H MRTG\82Ì\83C\83\93\83X\83g\81[\83\8b(Optional)<A class=anchor href="#mrtg0" name=mrtg0>\81õ</A></h3>\r
\r
<ul>\r
<li class="list_num"><A href="#mrtg1">\83C\83\93\83X\83g\81[\83\8b\81iports\81j</A></li>\r
\r
<!-- ************ 1 ************** -->\r
\r
-<h4>G.1 MRTG\82Ì\83C\83\93\83X\83g\81[\83\8b<A class=anchor href="#mrtg1" name=mrtg1>\81õ</A></h4>\r
+<h4>H.1 MRTG\82Ì\83C\83\93\83X\83g\81[\83\8b<A class=anchor href="#mrtg1" name=mrtg1>\81õ</A></h4>\r
\r
<p>\82±\82Ì\83C\83\93\83X\83g\81[\83\8b\82Í\94C\88Ó\82Å\82 \82é\81BOpengate \82Ì\97\98\97p\8fó\8bµ\82ð\8aÄ\8e\8b\82·\82é\82½\82ß\82É\81AMRTG\82ð\97p\82¢\82é\82±\82Æ\82ª\89Â\94\\82Å\82 \82é\81B\95K\97v\82É\82È\82Á\82Ä\82©\82ç\83C\83\93\83X\83g\81[\83\8b\82·\82é\82±\82Æ\81B\97\98\97p\8fó\8bµ\82Ì\8aÄ\8e\8b\82ð\8ds\82È\82í\82È\82¢\8fê\8d\87\82Í\81AMRTG\82Ì\83C\83\93\83X\83g\81[\83\8b\82Í\95s\97v\82Å\82 \82é\81B</p>\r
\r
<div align="right"><A href="#mrtg0">back</A> <A href="#top">top</A></div>\r
\r
<!-- ************ 2 ************** -->\r
-<h4>G.2 MRTG\82Ì\90Ý\92è<A class=anchor href="#mrtg2" name=mrtg2>\81õ</A></h4>\r
+<h4>H.2 MRTG\82Ì\90Ý\92è<A class=anchor href="#mrtg2" name=mrtg2>\81õ</A></h4>\r
\r
<p>\r
MRTG\82Ì\83C\83\93\83X\83g\81[\83\8b\82ª\8a®\97¹\82·\82é\82Æ\81A/usr/local/etc/mrtg/\88È\89º\82É\90Ý\92è\83t\83@\83C\83\8b\82ª\97p\88Ó\82³\82ê\82Ä\82¢\82é\81B\93¯\83f\83B\83\8c\83N\83g\83\8a\82É\81Aopengate.cfg\82Æ\82µ\82Ä\90V\82½\82É\90Ý\92è\83t\83@\83C\83\8b\82ð\97p\88Ó\82·\82é\81B</p>\r
<div align="right"><A href="#mrtg0">back</A> <A href="#top">top</A></div>\r
\r
\r
-<h5>F.2.1 Opengate\83T\81[\83o\82Å\8aÄ\8e\8b\82·\82é\8fê\8d\87<A class=anchor href="#mrtg21" name=mrtg21>\81õ</A></h5>\r
+<h5>H.2.1 Opengate\83T\81[\83o\82Å\8aÄ\8e\8b\82·\82é\8fê\8d\87<A class=anchor href="#mrtg21" name=mrtg21>\81õ</A></h5>\r
\r
<p>\88È\89º\82ÉOpengate\82ð\93±\93ü\82µ\82½\83Q\81[\83g\83E\83F\83C\82É\82¨\82¢\82Ä\97\98\97p\8fó\8bµ\82ð\8aÄ\8e\8b\82·\82é\8fê\8d\87\82Ì\83V\83F\83\8b\83X\83N\83\8a\83v\83g\82ð\8bL\82·\81B</p>\r
\r
\r
<div align="right"><A href="#mrtg0">back</A> <A href="#top">top</A></div>\r
\r
-<h5>F.2.2 \8aO\95\94\83T\81[\83o\82Å\8aÄ\8e\8b\82·\82é\8fê\8d\87<A class=anchor href="#mrtg22" name=mrtg22>\81õ</A></h5>\r
+<h5>H.2.2 \8aO\95\94\83T\81[\83o\82Å\8aÄ\8e\8b\82·\82é\8fê\8d\87<A class=anchor href="#mrtg22" name=mrtg22>\81õ</A></h5>\r
\r
<p>\88È\89º\82É\8aO\95\94\83T\81[\83o\82É\82¨\82¢\82Ä\97\98\97p\8fó\8bµ\82ð\8aÄ\8e\8b\82·\82é\8fê\8d\87\82Ì\83V\83F\83\8b\83X\83N\83\8a\83v\83g\82ð\8e¦\82·\81B</p>\r
\r
<div align="right"><A href="#mrtg0">back</A> <A href="#top">top</A></div>\r
\r
<!-- ************ 3 ************** -->\r
-<h4>F.3 MRTG\82Ì\8bN\93®\8am\94F<A class=anchor href="#mrtg3" name=mrtg3>\81õ</A></h4>\r
+<h4>H.3 MRTG\82Ì\8bN\93®\8am\94F<A class=anchor href="#mrtg3" name=mrtg3>\81õ</A></h4>\r
\r
<p>\88È\8fã\82Ì\90Ý\92è\82ª\8a®\97¹\82µ\82½\8cã\82É\81Amrtg\82ð\8eÀ\8ds\82·\82é\82±\82Æ\82ª\89Â\94\\82©\8am\94F\82·\82é\81B</p>\r
\r
<div align="right"><A href="#mrtg0">back</A> <A href="#top">top</A></div>\r
\r
<!-- ************ 4 ************** -->\r
-<h4>F.4 crontab\82Ö\82Ì\93o\98^<A class=anchor href="#mrtg4" name=mrtg4>\81õ</A></h4>\r
+<h4>H.4 crontab\82Ö\82Ì\93o\98^<A class=anchor href="#mrtg4" name=mrtg4>\81õ</A></h4>\r
\r
<p>\88È\8fã\82Ì\90Ý\92è\82ª\8a®\97¹\82µ\82½\82Ì\82¿\82É\81Amrtg\82ðcrontab\82É\82æ\82Á\82Ä\92è\8aú\93I\82É\8eÀ\8ds\82·\82é\81B</p>\r
\r
<hr>\r
\r
<!-- Start:rulechk\82Ì\83C\83\93\83X\83g\81[\83\8b -->\r
-<h3>H. rulechk\82Ì\83C\83\93\83X\83g\81[\83\8b(Optional)<A class=anchor href="#rulechk" name=rulechk>\81õ</A></h3>\r
+<h3>I. rulechk\82Ì\83C\83\93\83X\83g\81[\83\8b(Optional)<A class=anchor href="#rulechk" name=rulechk>\81õ</A></h3>\r
\r
<p>\82±\82Ì\83C\83\93\83X\83g\81[\83\8b\82Í\94C\88Ó\82Å\82 \82é\81BOpengate\82Ì\83v\83\8d\83Z\83X\82ª\88Ù\8fí\8fI\97¹\82µ\82½\82Æ\82«\81A\8bÉ\82ß\82Ä\8bH\82É\82Å\82Í\82 \82é\82ª\81A\83t\83@\83C\83A\83E\83H\81[\83\8b\83\8b\81[\83\8b\82ª\8fÁ\82³\82ê\82¸\82É\8ec\82é\82±\82Æ\82ª\82 \82é\81B\r
\82»\82Ì\82æ\82¤\82È\8fó\8bµ\82É\91Î\89\9e\82·\82é\83X\83N\83\8a\83v\83g\82ð\81Atools/rulechk\82É\97p\88Ó\82µ\82½\81BOpengateVer.1.3.1\88È\8d~\82Ì\83t\83H\81[\83}\83b\83g\82É\82Ì\82Ý\91Î\89\9e\82·\82é\81B\r
<LI>\r
Java\82ª\93®\82©\82È\82¢\92[\96\96\82à\82 \82è\82Ü\82·\82ª\81B\r
<BLOCKQUOTE>\r
-Java\82ª\93®\82©\82È\82¢\82à\82µ\82\82Í\83C\83\93\83X\83g\81[\83\8b\82³\82ê\82Ä\82¢\82È\82¢\92[\96\96\82Å\82à\81A\97\98\97p\8eÒ\82ª\94F\8fØ\83y\81[\83W\82É\82¨\82¢\82Ä\97v\8b\81\82µ\82½\90Ú\91±\8cp\91±\8e\9e\8aÔ\82¾\82¯\83l\83b\83g\83\8f\81[\83N\82ð\8aJ\95ú\82µ\82Ü\82·\81B\82½\82¾\82µ\81A\8fæ\82Á\8eæ\82è\82â\95ú\92u\82É\91Î\89\9e\82·\82é\82½\82ß\81A\88ê\92è\8e\9e\8aÔ\8aÔ\8au\82Å\81AARP\83R\83}\83\93\83h\82Æ\83t\83@\83C\83A\83E\83H\81[\83\8b\92Ê\89ß\83p\83P\83b\83g\90\94\82Å\83`\83F\83b\83N\82µ\82Ü\82·\81B\82Ü\82½\81A\8b\96\89Â\83y\81[\83W\82Ì\97\98\97p\92\86\92f\82Ì\83\8a\83\93\83N\82ð\83N\83\8a\83b\83N\82·\82é\82±\82Æ\82Å\83l\83b\83g\83\8f\81[\83N\82ð\95Â\8d½\82Å\82«\82Ü\82·\81B\r
+Java\82ª\93®\82©\82È\82¢\82à\82µ\82\82Í\83C\83\93\83X\83g\81[\83\8b\82³\82ê\82Ä\82¢\82È\82¢\92[\96\96\82Å\82à\81A\97\98\97p\8eÒ\82ª\94F\8fØ\83y\81[\83W\82É\82¨\82¢\82Ä\97v\8b\81\82µ\82½\90Ú\91±\8cp\91±\8e\9e\8aÔ\82¾\82¯\83l\83b\83g\83\8f\81[\83N\82ð\8aJ\95ú\82µ\82Ü\82·\81B\82½\82¾\82µ\81A\8fæ\82Á\8eæ\82è\82â\95ú\92u\82É\91Î\89\9e\82·\82é\82½\82ß\81A\88ê\92è\8e\9e\8aÔ\8aÔ\8au\82Å\81AARP\83R\83}\83\93\83h\82Æ\83t\83@\83C\83A\83E\83H\81[\83\8b\92Ê\89ß\83p\83P\83b\83g\90\94\82Å\83`\83F\83b\83N\82µ\82Ü\82·\81B\82Ü\82½\81A\8b\96\89Â\83y\81[\83W\82Ì\97\98\97p\92\86\92f\82Ì\83\8a\83\93\83N\82ð\83N\83\8a\83b\83N\82·\82é\82±\82Æ\82Å\83l\83b\83g\83\8f\81[\83N\82ð\95Â\8d½\82Å\82«\82Ü\82·\81B1.4\94Å\82©\82çJava\82ð\97p\82¢\82¸JavaScript\82ð\97p\82¢\82é\82æ\82¤\82É\82µ\82Ü\82µ\82½\81B\r
</BLOCKQUOTE></LI>\r
\r
\r
\89p\8cê\81A\93ú\96{\8cê\88È\8aO\82Ì\95\\8e¦\82É\82µ\82½\82¢\82Ì\82Å\82·\82ª\81B\r
\r
<BLOCKQUOTE>\r
-en,ja\82Ì\83f\83B\83\8c\83N\83g\83\8a\82ª\81A\89p\8cê\82Æ\93ú\96{\8cê\82Ì\8bL\8fq\82Å\82·\81B\82±\82ê\82ð\8eQ\8dl\82É\82µ\82Ä\93¯\82¶\83f\83B\83\8c\83N\83g\83\8a\8d\\90¬\82ÅHTML\83t\83@\83C\83\8b\82ð\8dì\90¬\82µ\82Ä\82\82¾\82³\82¢\81B\82³\82ç\82É\81A\90Ý\92è\83t\83@\83C\83\8b\92\86\82Ì\8c¾\8cê\90Ý\92è\82Æindex.html.var\82ð\92Ç\89Á\95Ï\8dX\82µ\82Ä\82\82¾\82³\82¢\81B\82Ü\82½\81AJavaApplet\82Ì\95\\8e¦\82ð\95Ï\82¦\82é\82½\82ß\82É\83\\81[\83X\92\86\82Ì\83\81\83b\83Z\81[\83W\82ð\92Ç\89Á\95Ï\8dX\82\82¾\82³\82¢\81B\r
+en,ja\82Ì\83f\83B\83\8c\83N\83g\83\8a\82ª\81A\89p\8cê\82Æ\93ú\96{\8cê\82Ì\8bL\8fq\82Å\82·\81B\82±\82ê\82ð\8eQ\8dl\82É\82µ\82Ä\93¯\82¶\83f\83B\83\8c\83N\83g\83\8a\8d\\90¬\82ÅHTML\83t\83@\83C\83\8b\82ð\8dì\90¬\82µ\82Ä\82\82¾\82³\82¢\81B\82³\82ç\82É\81A\90Ý\92è\83t\83@\83C\83\8b\92\86\82Ì\8c¾\8cê\90Ý\92è\82Æindex.html.var\82ð\92Ç\89Á\95Ï\8dX\82µ\82Ä\82\82¾\82³\82¢\81B\r
</BLOCKQUOTE>\r
\r
<LI>\r
<P>\r
\r
<table border=1>\r
-<tr><td>\95K\97v\8fð\8c\8f</td><td>Web\83u\83\89\83E\83U\82ª\89Ò\93®\82·\82é\82±\82Æ\81BAjax\82Ü\82½\82ÍJavaVM\82Ì\89Ò\93®\82ª\96]\82Ü\82µ\82¢\81B</td></tr>\r
+<tr><td>\95K\97v\8fð\8c\8f</td><td>Web\83u\83\89\83E\83U\82ª\89Ò\93®\82·\82é\82±\82Æ\81BAjax\82Ì\89Ò\93®\82ª\96]\82Ü\82µ\82¢\81B</td></tr>\r
<tr><td>\83l\83b\83g\83\8f\81[\83N\8aJ\95ú\8fð\8c\8f</td><td>\94C\88Ó\82ÌURL\82Ö\83A\83N\83Z\83X\82·\82é\82Æ\95Ô\82³\82ê\82é\94F\8fØ\83y\81[\83W\82Ì\97\98\97p\8eÒID\82Æ\83p\83X\83\8f\81[\83h\82ª\94F\8fØ\82ð\92Ê\89ß</td></tr>\r
<tr>\r
<td>\83l\83b\83g\83\8f\81[\83N\95Â\8d½\8fð\8c\8f</td>\r
-<td>Ajax\82Ü\82½\82ÍJavaVM\82ª\89Ò\93®\82µ\82Ä\82¨\82è\81A\97\98\97p\8eÒ\82É\82æ\82é\97\98\97p\8e\9e\8aÔ\8ew\92è\82ª\82È\82¢\8fê\8d\87<BR>\r
+<td>Ajax\82ª\89Ò\93®\82µ\82Ä\82¨\82è\81A\97\98\97p\8eÒ\82É\82æ\82é\97\98\97p\8e\9e\8aÔ\8ew\92è\82ª\82È\82¢\8fê\8d\87<BR>\r
\81@\81EWeb\83u\83\89\83E\83U\82ð\8fI\97¹\82µ\82½<BR>\r
\81@\81E\92è\8aú\90¶\91¶\83`\83F\83b\83N\82ª\8e¸\94s\82µ\82½<BR>\r
\8fã\8bL\88È\8aO\82Ì\8fê\8d\87<BR>\r
</P>
<LI><P STYLE="MARGIN-BOTTOM: 0in">Depending on the watchmode, CGI
reads one of the accept reply pages
- [accept-http.html/accept-java.html/accept-time.html], replaces
- keywords, and sends it to the client. ([<A HREF="http://www.cc.saga-u.ac.jp/opengate/pict/accept-java.jpg">accept-java.html</A>]
- or [<A HREF="http://www.cc.saga-u.ac.jp/opengate/pict/accept-http.jpg">accept-http.html</A>].)
+ [accept-http.html/accept-time.html], replaces
+ keywords, and sends it to the client. ([<A HREF="http://www.cc.saga-u.ac.jp/opengate/pict/accept-http.jpg">accept-http.html</A>].)
</P>
<UL>
<LI><P STYLE="MARGIN-BOTTOM: 0in">In case of accept-http: the
XMLHttpRequests to the opengate port. The periodic request keeps
alive a TCP connection with a watch process.
</P>
- <LI><P STYLE="MARGIN-BOTTOM: 0in">In case of accept-java: the
- description to download the java applet
- [appletcode='Opengate.class'...] is executed. The java applet keeps
- alive a connection with a watch process.
- </P>
<LI><P STYLE="MARGIN-BOTTOM: 0in">In case of accept-time: the
link to terminate network access is displayed.
</P></LI>
exits.
</P>
<LI><P STYLE="MARGIN-BOTTOM: 0in">The watch process waits for the
- java applet or http-keep script to connect.
+ http-keep script to connect.
</P>
<LI><P STYLE="MARGIN-BOTTOM: 0in">If a connection cannot be
established during a specific time period (duration: seconds), CGI
also gets the list of MAC and IP addresses from the ARP command
every “ActiveCheckInterval” seconds. If the correlation has
changed, the watch process removes the firewall rule and terminates.</P>
- <LI><P STYLE="MARGIN-BOTTOM: 0in">If the java applet or http-keep
+ <LI><P STYLE="MARGIN-BOTTOM: 0in">If the http-keep
script is connected, the watch process watches the TCP connection
linked to the client. When the TCP connection is closed, the watch
process removes the firewall rule and terminates. Thus disabling
network access in “real time”.</P>
<LI><P STYLE="MARGIN-BOTTOM: 0in">To check for cable disconnects,
- the watch process ? using the java applet connection - sends a
- 'hello' to the client every “ActiveCheck/Interval” seconds.
- Using the http-keep script connection, the watch process reads 'GET
+ using the http-keep script connection, the watch process reads 'GET
/hello' and sends 'hello' after “ActiveCheck/Interval” seconds.
</P>
<LI><P>When disconnecting from the network, the watch process
|<----------------------|<-------------| | | |
| WebPage(content depends on watchmode)# | | |
| | | |
- [watchmode=Time or before connecting Java/Http]
+ [watchmode=Time or before connecting Http]
| | | |
| |----------->| | ^
| |<-----------| | |
| | del rule | |
| # : :
|
- [watchmode=Java]
- | (Applet) | | |
- |--->| <userID> | | |
- : |---------------------------------->| | |
- |<----------------------------------| | |
- | "accept" | | |
- | | | |
- | "hello" | | | ^
- |<--------------------------------- | | | |
- |---------------------------------->| | | |
- | "hello" | | | |
- | | (ndp) | | | (Check Loop
- | IPv6 address check |---->| | | | in java mode)
- | |<----| | | |
- | Add new IPv6 address|-------------------->| |
- | | add rule | | |
- | Del expired IPv6 address|-------------------->| |
- | | del rule | | v
- | (If no reply, close firewall)| | |
- | (If close TCP, close firewall)| | |
- ---------->|---------------------------------->|----------->| |
- Kill Web | close | del rule | |
- | |-------------------->|
- | | del rule | |
- # # : :
[watchmode=Http]
| "GET /httpkeep-<userid>" | | |
+ezXML 0.8.6
+- fixed a bug in ezxml_add_child() that can occur when adding tags out of order
+- for consistency, ezxml_set_attr() now returns the tag given
+- added ezxml_move() and supporting functions ezxml_cut() and ezxml_insert()
+- fixed a bug where parsing an empty file could cause a segfault
+
ezXML 0.8.5
- fixed ezxml_toxml() to not output siblings of tag being converted
- fixed a segfault when ezxml_set_attr() was used on a new root tag
/* ezxml.c
*
- * Copyright 2004, 2005 Aaron Voisine <aaron@voisine.org>
+ * Copyright 2004-2006 Aaron Voisine <aaron@voisine.org>
*
* Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files (the
int l, i, j;
root->m = s;
- if (! len) return ezxml_err(root, s, "root tag missing");
+ if (! len) return ezxml_err(root, NULL, "root tag missing");
root->u = ezxml_str2utf8(&s, &len); // convert utf-16 to utf-8
root->e = (root->s = s) + len; // record start and end of work area
if (ezxml_close_tag(root, d, s)) return &root->xml;
if (isspace(*s = q)) s += strspn(s, EZXML_WS);
}
- else if (! strncmp(s, "!--", 3)) { // comment
+ else if (! strncmp(s, "!--", 3)) { // xml comment
if (! (s = strstr(s + 3, "--")) || (*(s += 2) != '>' && *s) ||
(! *s && e != '>')) return ezxml_err(root, d, "unclosed <!--");
}
: ezxml_ampencode(txt + off, -1, s, len, max, 0);
}
-// converts an ezxml structure back to xml, returning it as a string that must
-// be freed
+// Converts an ezxml structure back to xml. Returns a string of xml data that
+// must be freed.
char *ezxml_toxml(ezxml_t xml)
{
ezxml_t p = (xml) ? xml->parent : NULL, o = (xml) ? xml->ordered : NULL;
return &root->xml;
}
-// Adds a child tag. off is the offset of the child tag relative to the start
-// of the parent tag's character content. returns the child tag
-ezxml_t ezxml_add_child(ezxml_t xml, const char *name, size_t off)
+// inserts an existing tag into an ezxml structure
+ezxml_t ezxml_insert(ezxml_t xml, ezxml_t dest, size_t off)
{
- ezxml_t cur, head, child;
+ ezxml_t cur, prev, head;
- if (! xml) return NULL;
- child = (ezxml_t)memset(malloc(sizeof(struct ezxml)), '\0',
- sizeof(struct ezxml));
- child->name = (char *)name;
- child->attr = EZXML_NIL;
- child->off = off;
- child->parent = xml;
- child->txt = "";
+ xml->next = xml->sibling = xml->ordered = NULL;
+ xml->off = off;
+ xml->parent = dest;
- if ((head = xml->child)) { // already have sub tags
+ if ((head = dest->child)) { // already have sub tags
if (head->off <= off) { // not first subtag
for (cur = head; cur->ordered && cur->ordered->off <= off;
cur = cur->ordered);
- child->ordered = cur->ordered;
- cur->ordered = child;
+ xml->ordered = cur->ordered;
+ cur->ordered = xml;
}
else { // first subtag
- child->ordered = head;
- xml->child = child;
+ xml->ordered = head;
+ dest->child = xml;
}
- for (cur = head; cur->sibling && strcmp(cur->name, name);
- cur = cur->sibling); // find tag type
- if (! strcmp(cur->name, name) && cur->off <= off) { //not first of type
+ for (cur = head, prev = NULL; cur && strcmp(cur->name, xml->name);
+ prev = cur, cur = cur->sibling); // find tag type
+ if (cur && cur->off <= off) { // not first of type
while (cur->next && cur->next->off <= off) cur = cur->next;
- child->next = cur->next;
- cur->next = child;
+ xml->next = cur->next;
+ cur->next = xml;
}
else { // first tag of this type
- if (cur->off > off) child->next = cur; // not only tag of this type
- for (cur = head; cur->sibling && cur->sibling->off <= off;
- cur = cur->sibling);
- child->sibling = cur->sibling;
- cur->sibling = child;
+ if (prev && cur) prev->sibling = cur->sibling; // remove old first
+ xml->next = cur; // old first tag is now next
+ for (cur = head, prev = NULL; cur && cur->off <= off;
+ prev = cur, cur = cur->sibling); // new sibling insert point
+ xml->sibling = cur;
+ if (prev) prev->sibling = xml;
}
}
- else xml->child = child; // only sub tag
-
- return child;
+ else dest->child = xml; // only sub tag
+
+ return xml;
+}
+
+// Adds a child tag. off is the offset of the child tag relative to the start
+// of the parent tag's character content. Returns the child tag.
+ezxml_t ezxml_add_child(ezxml_t xml, const char *name, size_t off)
+{
+ ezxml_t child;
+
+ if (! xml) return NULL;
+ child = (ezxml_t)memset(malloc(sizeof(struct ezxml)), '\0',
+ sizeof(struct ezxml));
+ child->name = (char *)name;
+ child->attr = EZXML_NIL;
+ child->txt = "";
+
+ return ezxml_insert(child, xml, off);
}
// sets the character content for the given tag and returns the tag
}
// Sets the given tag attribute or adds a new attribute if not found. A value
-// of NULL will remove the specified attribute.
-void ezxml_set_attr(ezxml_t xml, const char *name, const char *value)
+// of NULL will remove the specified attribute. Returns the tag given.
+ezxml_t ezxml_set_attr(ezxml_t xml, const char *name, const char *value)
{
int l = 0, c;
- if (! xml) return;
+ if (! xml) return NULL;
while (xml->attr[l] && strcmp(xml->attr[l], name)) l += 2;
if (! xml->attr[l]) { // not found, add as new attribute
- if (! value) return; // nothing to do
+ if (! value) return xml; // nothing to do
if (xml->attr == EZXML_NIL) { // first attribute
xml->attr = malloc(4 * sizeof(char *));
xml->attr[1] = strdup(""); // empty list of malloced names/vals
(c / 2) - (l / 2)); // fix list of which name/vals are malloced
}
xml->flags &= ~EZXML_DUP; // clear strdup() flag
+ return xml;
}
// sets a flag for the given tag and returns the tag
return xml;
}
-// removes a tag along with all its subtags
-void ezxml_remove(ezxml_t xml)
+// removes a tag along with its subtags without freeing its memory
+ezxml_t ezxml_cut(ezxml_t xml)
{
ezxml_t cur;
- if (! xml) return; // nothing to do
+ if (! xml) return NULL; // nothing to do
if (xml->next) xml->next->sibling = xml->sibling; // patch sibling list
if (xml->parent) { // not root tag
if (cur->next) cur->next = cur->next->next; // patch next list
}
}
- xml->ordered = NULL; // prevent ezxml_free() from clobbering ordered list
- ezxml_free(xml);
+ xml->ordered = xml->sibling = xml->next = NULL;
+ return xml;
}
#ifdef EZXML_TEST // test harness
/* ezxml.h
*
- * Copyright 2004, 2005 Aaron Voisine <aaron@voisine.org>
+ * Copyright 2004-2006 Aaron Voisine <aaron@voisine.org>
*
* Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files (the
ezxml_set_flag(ezxml_set_txt(xml, strdup(txt)), EZXML_TXTM)
// Sets the given tag attribute or adds a new attribute if not found. A value
-// of NULL will remove the specified attribute.
-void ezxml_set_attr(ezxml_t xml, const char *name, const char *value);
+// of NULL will remove the specified attribute. Returns the tag given.
+ezxml_t ezxml_set_attr(ezxml_t xml, const char *name, const char *value);
// Wrapper for ezxml_set_attr() that strdup()s name/value. Value cannot be NULL
#define ezxml_set_attr_d(xml, name, value) \
// sets a flag for the given tag and returns the tag
ezxml_t ezxml_set_flag(ezxml_t xml, short flag);
+// removes a tag along with its subtags without freeing its memory
+ezxml_t ezxml_cut(ezxml_t xml);
+
+// inserts an existing tag into an ezxml structure
+ezxml_t ezxml_insert(ezxml_t xml, ezxml_t dest, size_t off);
+
+// Moves an existing tag to become a subtag of dest at the given offset from
+// the start of dest's character content. Returns the moved tag.
+#define ezxml_move(xml, dest, off) ezxml_insert(ezxml_cut(xml), dest, off)
+
// removes a tag along with all its subtags
-void ezxml_remove(ezxml_t xml);
+#define ezxml_remove(xml) ezxml_free(ezxml_cut(xml))
#ifdef __cplusplus
}
<head><title>ezXML</title></head>
<body>
<h1>ezXML - XML Parsing C Library</h1>
- <h3>version 0.8.5</h3>
+ <h3>version 0.8.6</h3>
<p>
ezXML is a C library for parsing XML documents inspired by
<a href="http://www.php.net/SimpleXML">simpleXML</a> for
configuration files or REST web service responses. It's also fast and
lightweight (less than 20k compiled). The latest version is available
here:
- <a href="http://prdownloads.sf.net/ezxml/ezxml-0.8.5.tar.gz?download"
- >ezxml-0.8.5.tar.gz</a>
+ <a href="http://prdownloads.sf.net/ezxml/ezxml-0.8.6.tar.gz?download"
+ >ezxml-0.8.6.tar.gz</a>
</p>
<b>Example Usage</b>
<driver><br />
<name>Kimi
Raikkonen</name><br />
- <points>45</points><br />
+ <points>112</points><br />
</driver><br />
<driver><br />
- <name>David
- Coultard</name><br />
- <points>24</points><br />
+ <name>Juan Pablo
+ Montoya</name><br />
+ <points>60</points><br />
</driver><br />
</team><br />
</formula1>
As the name implies, it's easy to use. It's ideal for parsing XML configuration
files or REST web service responses. It's also fast and lightweight (less than
20k compiled). The latest verions is available here:
-http://prdownloads.sf.net/ezxml/ezxml-0.8.5.tar.gz?download
+http://prdownloads.sf.net/ezxml/ezxml-0.8.6.tar.gz?download
Example Usage
<team name="McLaren">
<driver>
<name>Kimi Raikkonen</name>
- <points>45</points>
+ <points>112</points>
</driver>
<driver>
- <name>David Coultard</name>
- <points>24</points>
+ <name>Juan Pablo Montoya</name>
+ <points>60</points>
</driver>
</team>
</formula1>
-Copyright 2004, 2005 Aaron Voisine <aaron@voisine.org>
+Copyright 2004-2006 Aaron Voisine <aaron@voisine.org>
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
+++ /dev/null
-/**************************************************/\r
-/* opengate client */\r
-/**************************************************\r
-opengate client\r
- java applet downloaded to client machine \r
-\r
-Copyright (C) 1999-2002 Opengate Project Team\r
-\r
-This program is free software; you can redistribute it and/or\r
-modify it under the terms of the GNU General Public License\r
-as published by the Free Software Foundation; either version 2\r
-of the License, or (at your option) any later version.\r
-\r
-This program is distributed in the hope that it will be useful,\r
-but WITHOUT ANY WARRANTY; without even the implied warranty of\r
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\r
-GNU General Public License for more details.\r
-\r
-You should have received a copy of the GNU General Public License\r
-along with this program; if not, write to the Free Software\r
-Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,\r
-USA.\r
-\r
-Email: watanaby@is.saga-u.ac.jp\r
-\r
-Written by Yoshiaki WATANABE, Saga University\r
-Modified by Shin-ichi TADAKI, Saga University\r
-**************************************************/\r
-import java.awt.*;\r
-import java.applet.*;\r
-import java.net.*;\r
-import java.io.*;\r
- \r
-/** Wrapper to make Applet **/\r
-public class Opengate extends Applet{\r
-\r
- String hostname;\r
- int port;\r
- String userid;\r
- String sessionId;\r
- String language;\r
- int intlang=0;/* if language is japanese, set 1*/\r
- OpengateClient client;\r
- Label headlabel;\r
- Label userlabel;\r
- Label msglabel;\r
-\r
- /* Applet initialize */\r
- public void init(){\r
-\r
- /* Get Applet Parameters */\r
- port=Integer.parseInt(getParameter("port"));\r
- userid=getParameter("user");\r
- sessionId=getParameter("sessionid");\r
- hostname =getCodeBase().getHost();\r
- language = getParameter("lang");\r
- if(language.equals("ja")) intlang=1;\r
- if(language.equals("en")) intlang=2;\r
-\r
- /* Panel Layout */\r
- setLayout(new FlowLayout(FlowLayout.CENTER));\r
- setBackground(Color.yellow);\r
- \r
- /* Make Label */\r
- if(intlang ==1){\r
- add(headlabel=new Label("\83l\83b\83g\83\8f\81[\83N\97\98\97p\8b\96\89Â"));\r
- add(userlabel=new Label("\83\86\81[\83U\96¼="+userid));\r
- add(msglabel=new Label("Java Applet\82ª\8bN\93®\82µ\82Ü\82µ\82½ \81@\81@\81@ \81@\81@\81@\81@\81@ "));\r
- } else {\r
- add(headlabel=new Label("Authenticated for network use"));\r
- add(userlabel=new Label("User name="+userid));\r
- add(msglabel=new Label("Java Applet is running "));\r
- }\r
-\r
- /* Connect to Server */\r
- client=new OpengateClient(hostname, port, userid, sessionId, intlang, this);\r
- client.start();\r
- }\r
- public void msgout(String msg){\r
- /* byte[] code = msg.getBytes("EUCJIS");\r
- String msgj=new String(code,"EUCJIS");\r
- */\r
- /* padding space char to required length */\r
- for(int i=msg.length();i<40;i++) msg+=" ";\r
- msglabel.setText(msg);\r
- repaint();\r
- }\r
- public void stop(){\r
- try{\r
- client.join();\r
- }catch(InterruptedException e){\r
- msgout("Error at Client Join ");\r
- }\r
- }\r
-}\r
-\r
-/** Class for Client to communicate with host **/\r
-class OpengateClient extends Thread{\r
- int port; /* opengate port */\r
- String hostname; /* java download host name */\r
- Socket socket; /* Socket for server */\r
- String userid;\r
- String sessionId;\r
- PrintStream outStream; /* output stream to server */\r
- BufferedReader inStream; /* input stream from server */\r
- String currentReply; /* reserve last reply from server */\r
- boolean onLine; /* Client is connected to server or not */\r
- Opengate main; /* main class */\r
- int intlang;\r
-\r
- /* Instance Creater */\r
- public OpengateClient(String hostname, int port, \r
- String userid, String sessionId, int intlang, Opengate main){\r
- this.hostname=hostname;\r
- this.port=port;\r
- this.userid=userid;\r
- this.sessionId=sessionId;\r
- this.main=main;\r
- this.intlang=intlang;\r
- onLine=false;\r
- }\r
-\r
- /* connect to server */\r
- boolean connect(){\r
- try{\r
- if(intlang==1){\r
- main.msgout("\83z\83X\83g"+hostname+":"+Integer.toString(port)+"\82É\90Ú\91±\92\86\82Å\82·");\r
- } else {\r
- main.msgout("Connecting to host "+hostname+":"+Integer.toString(port));\r
- }\r
- socket=new Socket(hostname, port);\r
- outStream=new PrintStream(socket.getOutputStream());\r
- inStream=new BufferedReader(\r
- new InputStreamReader(\r
- socket.getInputStream()));\r
- }catch(UnknownHostException e){\r
- if(intlang==1)\r
- main.msgout("SocketConnect\92\86\82ÉUnknownHost\97á\8aO\82ª\94\90¶\82µ\82Ü\82µ\82½");\r
- else \r
- main.msgout("UnknownHost exception in SocketConnect");\r
- return false;\r
- }catch(IOException e){\r
- if(intlang==1)\r
- main.msgout("SocketConnect\92\86\82ÉI/O\97á\8aO\82ª\94\90¶\82µ\82Ü\82µ\82½");\r
- else\r
- main.msgout("I/O exception in SocketConnect");\r
- return false;\r
- }\r
- onLine=true;\r
- return true;\r
- }\r
-\r
- /* disconnect from server */\r
- void disconnect(){\r
- if(onLine){\r
- putLine("quit");\r
- }\r
- if(socket!=null){\r
- try{\r
- socket.close();\r
- }catch(IOException e){\r
- if(intlang==1)\r
- main.msgout("SocketClose\92\86\82ÉI/O\97á\8aO\82ª\94\90¶\82µ\82Ü\82µ\82½");\r
- else\r
- main.msgout("I/O exception in SocketClose");\r
- }\r
- }\r
- }\r
-\r
- /* put out one line to server */\r
- void putLine(String string){\r
- outStream.print(string+"\r\n");\r
- }\r
-\r
- /* get one line from server */\r
- String getLine(){\r
- try{\r
- currentReply=inStream.readLine();\r
- }catch(IOException e){\r
- if(intlang==1)\r
- main.msgout("SocketRead\92\86\82ÉI/O\97á\8aO\82ª\94\90¶\82µ\82Ü\82µ\82½");\r
- else\r
- main.msgout("I/O exception in SocketRead");\r
- return "";\r
- }\r
- return currentReply;\r
- }\r
-\r
- /* called back from client.start */\r
- public void run(){\r
- int count=0;\r
- java.text.SimpleDateFormat formatter \r
- =new java.text.SimpleDateFormat("H:mm") ;\r
- if(connect()==false){\r
- disconnect();\r
- return;\r
- }\r
- putLine(userid+"-"+sessionId);\r
- if(getLine().indexOf("accept")==-1){\r
- if(intlang==1)\r
- main.msgout("\83T\81[\83o\82©\82çAccept\82ª\91\97\82ç\82ê\82Ä\97\88\82Ü\82¹\82ñ");\r
- else \r
- main.msgout("Not receive Accept from the server");\r
- disconnect();\r
- return;\r
- }\r
- if(intlang==1)\r
- main.msgout("\90³\8fí\82É\8aJ\8en\82µ\82Ü\82µ\82½");\r
- else\r
- main.msgout("Start Normally");\r
-\r
- while(getLine().indexOf("hello")!=-1){\r
- putLine("hello");\r
- if(intlang==1){\r
- main.msgout("\90Ú\91±\8am\94F="+formatter.format(new java.util.Date()));\r
- } else {\r
- main.msgout("Confirm connection="+formatter.format(new java.util.Date())); \r
- }\r
- }\r
- if(intlang==1)\r
- main.msgout("\83l\83b\83g\83\8f\81[\83N\82Í\95Â\8d½\82³\82ê\82Ü\82µ\82½");\r
- else \r
- main.msgout("Connection closed");\r
- return;\r
- } \r
-}\r
-\r
</head>
<body>
-<p>You can use the network.
-
-<p>When you'd like finish using the network, close your WEB browser. You will
-be disconnected from the network automatically.</p>
+<p align=center>You can use the network.
<script language="JavaScript">
<!--
// usually the page is jumped to httpkeep.html
location.replace(%%HTTPKEEPURL%%);
-
-// if not jumped, process following
-if(!navigator.javaEnabled()){
- document.write("<p><b>Java is disabled. Change it.</b></p>");
-}
//-->
</script>
<noscript>
-<p><b>JavaScript is disabled. Change it.</b></p>
+<p align=center><b>JavaScript is disabled.</b>
+Please enable Javascript and reload the browser.</p>
</noscript>
+<p align=center>If you use the network without enabling JavaScript,
+the network will be closed after <b>%%DURATION%% minutes</b>.</p>
<p>
<TABLE cellSpacing=0 cellPadding=10
align=center bgColor=lightyellow border=1>
<TR><TD>
-<b>
-<P align=center>
-If you use this window for browsing or close this page,
-the network is closed.<p>
-
-<P align=center>
-Click below button to create a new window for browsing.</p>
-
-<p align=center><a href="%%STARTURL%%" target=_blank>START BROWSING</a></p>
-
-<P align=center>
-Or, minimize this page and load other network programs.</p>
-</b>
+<p align=center><a href="%%STARTURL%%" target=_blank>
+<b>NEXT ></b></a></p>
</TD></TR>
</TABLE>
-</p>
-<hr />
-<div align="center">
- <applet code="Opengate.class" archive="Opengate.jar"
- codebase="%%OPENGATEDIR%%" width="600" height="30" >
- <param name=port value="%%OPENGATEPORT%%">
- <param name=user value="%%USERID%%">
- <param name=sessionid value="%%SESSIONID%%">
- <param name=lang value="%%LANGUAGE%%">
- </applet>
-</div>
+<p>
+<TABLE borderColor=red cellSpacing=0 cellPadding=10
+align=center bgColor=lightyellow border=3>
+<TR><TD>
-<hr />
+<p align=center>
+<font color=red>WARNING</font>
+</p>
-<p>If yellow bar is not displayed between above two lines,
-please click <a href="%%TERMINATEURL%%"><b>TERMINATE</b></a>
-and close your browser. If authentication page is not displayed,
-access to other web page.</p>
+<p align=center>
+The network is kept open for %%DURATION%% minutes. </p>
+<p align=center>
+This will keep your session open for the indicated time period.
+If you leave without closing your session, others could use it illegally!
+To avoid trouble with hijacking, click the TERMINATE link on the accept page
+when you want to stop using the network.
+</p>
-<SCRIPT LANGUAGE="JavaScript">
-<!--
- window.open("%%STARTURL%%","window1");
-//-->
-</SCRIPT>
+<p align=center><a href="%%TERMINATEURL%%">TERMINATE</a></p>
+</TD></TR>
+</TABLE>
+</p>
</BODY>
</HTML>
+++ /dev/null
-<html>
-<head>
-<link rel="shortcut icon" href="%%OPENGATEDIR%%/favicon.ico" type="image/x-icon">
-<link rel="icon" href="%%OPENGATEDIR%%/favicon.ico" type="image/x-icon">
-<meta http-equiv="Content-Type" content="text/html;charset=iso-8859-1">
-<title>Opengatemain</title>
-</head>
-<body>
-
-<p>You can use the network.
-
-<p>When you'd like to finish using the network, close your WEB browser.
-You will be disconnected from the network automatically.</p>
-
-<script language="JavaScript">
-<!--
-if(!navigator.javaEnabled()){
- document.write("<p><b>Java is disabled. Change it.</b></p>");
-}
-//-->
-</script>
-<noscript>
-<p><b>JavaScript is disabled. Change it.</b></p>
-</noscript>
-
-
-<p>
-<TABLE cellSpacing=0 cellPadding=10
-align=center bgColor=lightyellow border=1>
-<TR><TD>
-<b>
-<P align=center>
-f you use this window for browsing or close this page,
-network access will be denied.<p>
-
-<P align=center>
-Click below button to create a new window for browsing.</p>
-
-<FORM onclick='window.open("%%STARTURL%%")'>
-<div align=center><INPUT TYPE="button" VALUE=" START BROWSING "></div>
-</FORM>
-
-<noscript>
-<p align=center><a href="%%STARTURL%%" target=_blank>START BROWSING</a></p>
-</noscript>
-
-<P align=center>
-Or, minimize this page and load other network programs.</p>
-</b>
-</TD></TR>
-</TABLE>
-</p>
-
-<hr />
-<div align="center">
- <applet code="Opengate.class" archive="Opengate.jar"
- codebase="%%OPENGATEDIR%%" width="600" height="30" >
- <param name=port value="%%OPENGATEPORT%%">
- <param name=user value="%%USERID%%">
- <param name=sessionid value="%%SESSIONID%%">
- <param name=lang value="%%LANGUAGE%%">
- </applet>
-</div>
-
-<hr />
-
-<p>If yellow bar is not displayed between above two lines, Java is not running.
-In this case, please click <a href="%%TERMINATEURL%%"><b>TERMINATE</b></a>,
- and close your browser.
-Or you can run Java, if you download JavaPlugIn from
-<a href=http://java.com/ja/index.jsp><b>java.com</b></a>, and enable it.
-If authentication page is not displayed, access to other web page.</p>
-
-
-<script language="JavaScript">
-<!--
- window.open("%%STARTURL%%","window1");
-//-->
-</script>
-
-</body>
-</html>
-
<b>%%DURATION%% minutes</b>.</p>
<noscript>
-<p align=center><b>JavaScript is disabled in your browser. Please enable it.</b></p>
+<p align=center><b>JavaScript is disabled. Change it.</b></p>
</noscript>
<p>
+<TABLE cellSpacing=0 cellPadding=10
+align=center bgColor=lightyellow border=1>
+<TR><TD>
+<p align=center><a href="%%STARTURL%%" target=_blank>NEXT ></a></p>
+</TD></TR>
+</TABLE>
+</p>
+
+<p>
<TABLE borderColor=red cellSpacing=0 cellPadding=10
align=center bgColor=lightyellow border=3>
<TR><TD>
when you want to stop using the network.
</p>
-
-<FORM onclick='location.replace("%%TERMINATEURL%%")'>
-<div align=center><INPUT TYPE="button" VALUE=" TERMINATE "></div>
-</FORM>
-
-<noscript>
<p align=center><a href="%%TERMINATEURL%%">TERMINATE</a></p>
-</noscript>
-
-<p align=center>
-If possible, use the system without entering the duration value.</p>
-
</TD></TR>
</TABLE>
</p>
-<p>
-<TABLE cellSpacing=0 cellPadding=10
-align=center bgColor=lightyellow border=1>
-<TR><TD >
-
-<P align=center>
-Click below button to create a new window for browsing.</p>
-
-<FORM onclick='window.open("%%STARTURL%%")'>
-<div align=center><INPUT TYPE="button" VALUE=" START BROWSING "></div>
-</FORM>
-
-<noscript>
-<p align=center><a href="%%STARTURL%%" target=_blank>START BROWSING</a></p>
-</noscript>
-
-<P align=center>
-Or, minimize this page and load other network programs.</p>
-
-</TD></TR>
-</TABLE>
-</p>
-
-<p align=center>This page can be closed, though premature terminate is disabled. If authentication page is not displayed, access to other web page.</p>
-
-
<script language="JavaScript">
<!--
window.open("%%STARTURL%%","window1");
You are authenticated. You can use the network.
<P>
<P>
-Your session is valid until you quit your browser.
+Your authentication is valid until you quit your browser.
Do not forget to close your WEB brower when you're finished using the network.
</P>
+++ /dev/null
-<HTML>
-<link rel="shortcut icon" href="%%OPENGATEDIR%%/favicon.ico" type="image/x-icon">
-<link rel="icon" href="%%OPENGATEDIR%%/favicon.ico" type="image/x-icon">
-<META HTTP-EQUIV="Content-Type" CONTENT="text/html;charset=iso-8859-1">
-<HEAD>
-<TITLE>Opengatedeny</TITLE>
-</HEAD>
-<BODY>
-<P>
-Network authentication failed. Please retry again.
-</P>
-<A HREF="https://%%AUTHCGIURL%%?addr=%%ADDR4%%&lang=en"><h3>BACK</h3></A>
-</BODY>
-</HTML>
<P>
Network authentication failed. Please retry again.
</P>
-<A HREF="http://%%AUTHCGIURL%%?addr=%%ADDR4%%&lang=en"><h3>BACK</h3></A>
+<A HREF="%%PROTOCOL%%://%%AUTHCGIURL%%?addr=%%ADDR4%%&lang=%%LANGUAGE%%"><h3>BACK</h3></A>
</BODY>
</HTML>
</head>
-<body onunload="endHttpkeep();alert('[The End of Network Use]\n\nThe network is closed when the page with a yellow bar is closed.\nDo not close the page during the network use.')">
+<body onunload="endHttpkeep();">
<p>You can use the network.</p>
Click below button to create a new window for browsing.</p>
<FORM onclick='window.open("%%STARTURL%%")'>
-<div align=center><INPUT TYPE="button" VALUE=" START BROWSING "></div>
+<div align=center><INPUT TYPE="button" VALUE=" NEXT > "></div>
</FORM>
<noscript>
-<p align=center><a href="%%STARTURL%%" target=_blank>START BROWSING</a></p>
+<p align=center><a href="%%STARTURL%%" target=_blank>NEXT></a></p>
</noscript>
<P align=center>
<hr />
-<p>If yellow bar is not displayed between above two lines
-or other malfunction is occured,
-click <a href="%%TERMINATEURL%%"><b>TERMINATE</b></a>,
- and close your browser.
-If authentication page is not displayed, access to other web page.</p>
+<p>If [Error!] is shown between above two lines or other malfunction is occured, please access from Home or other site. If not normal, please terminate the browser and retry. If you enter a value in duration field of authentication page, the network can be used for the duration.</p>
<script type="text/JavaScript">
//<!--
window.open("%%STARTURL%%","window1");
- applet =' <applet code="Opengate.class" archive="Opengate.jar" ';
- applet +=' codebase="http://%%OPENGATESERVERNAME%%%%OPENGATEDIR%%" width="600" height="30" > ';
- applet +=' <param name=port value="%%OPENGATEPORT%%"> ';
- applet +=' <param name=user value="%%USERID%%"> ';
- applet +=' <param name=sessionid value="%%SESSIONID%%"> ';
- applet +=' <param name=lang value="%%LANGUAGE%%"> ';
- applet +=' </applet> ';
-
- initHttpkeep("%%HTTPHELLOURL%%",applet, "%%SESSIONID%%");
+ initHttpkeep("%%HTTPHELLOURL%%","%%SESSIONID%%");
//-->
</script>
<P>
<FORM METHOD="POST" ACTION="https://%%CGIURL%%">
-<INPUT TYPE="HIDDEN" NAME="language" VALUE="en">
+<INPUT TYPE="HIDDEN" NAME="language" VALUE="%%LANGUAGE%%">
<INPUT TYPE="HIDDEN" NAME="remote_addr" VALUE="%%ADDR4%%">
+<INPUT TYPE="HIDDEN" NAME="redirected_url" VALUE="%%REDIRECTEDURL%%">
<TABLE BORDER=0>
<TR NOWRAP>
</center>
-<p><font size=+1>If you have some questions, please contact the network administrator.
+<p><font size=+1>If you have some questions,
+please contact the network administrator.
<div align=right>Saga University</div>
[<a href="http://%%AUTHCGIURL%%?addr=%%ADDR4%%&lang=ja">Japanese version</a>]
<hr>
<div align=center>
-<P><font size=+1>You are requested to be authenticated before before network access is granted.
+<P><font size=+1>You are requested to be authenticated
+before before network access is granted.
</font></P>
<P><font size=+1>You will be authenticated with your user ID and
Please enter your user ID and password in the box below, then press SEND.
Please use SSL Authentication as far as possible to prevent wiretapping.
</P>
-<P><A HREF="https://%%AUTHCGIURL%%?addr=%%ADDR4%%&lang=en">SSL Authentication</A></P>
+<P><A HREF="https://%%AUTHCGIURL%%?addr=%%ADDR4%%&lang=%%LANGUAGE%%">SSL Authentication</A></P>
<P>
<FORM METHOD="POST" ACTION="http://%%CGIURL%%">
-<INPUT TYPE="HIDDEN" NAME="language" VALUE="en">
+<INPUT TYPE="HIDDEN" NAME="language" VALUE="%%LANGUAGE%%">
<INPUT TYPE="HIDDEN" NAME="remote_addr" VALUE="%%ADDR4%%">
+<INPUT TYPE="HIDDEN" NAME="redirected_url" VALUE="%%REDIRECTEDURL%%">
<TABLE BORDER=0>
<TR NOWRAP>
Required Usage Duration:
<INPUT TYPE="TEXT" SIZE="4" NAME="duration" VALUE="Auto">
minutes(range: 1-%%DURATIONMAX%% minutes).
-This will keep your session open for the indicated time period.
-If you leave without closing your session, others could use it illegally!
-To avoid trouble with hijacking, click the TERMINATE link on the accept page
-when you want to stop using the network.
+The network is kept in open state during this time as your session.
+After you go away, others may do an illegal use of your session.
+To avoid trouble in hijacking, click the TERMINATE link on the accept page
+at the end of your network use.
<hr>
</form>
</p>
</center>
-<p><font size=+1>If you have questions, please contact the network administrator.
+<p><font size=+1>If you have some questions,
+please contact network administrator.
<div align=right>Saga University</div>
This page is displayed when the access key is not fresh.
Please use as follows.
<UL>
-<LI>Do not try to access this site by entering its URL manually.</LI>
-<LI>Do not try to access this site using bookmarks/favorites.</LI>
-<LI>Do not change the string in the URL</LI>
+<LI>Do not access by pointing this site manually.</LI>
+<LI>Do not access by the saved URL of this site.</LI>
+<LI>Do not change the string in URL</LI>
</UL>
</P>
-<P>Please try to access any external site.
-The authentication page will then be displayed automatically.</P>
+<P>Please access to any external site.
+Then the authentication page is displayed automatically.</P>
<P>
<A HREF=%%EXTERNALURL%%><H3>Retry from external site</H3></A>
</P>
<HR>
<SMALL>
-<P>You can use one of the following links.
- In this case, the system will only control either IPv4 or IPv6.</P>
+<P>If you do not need IPv4/IPv6 dual stack support, enter from following pages. In this case, the system only controls one of IPv4 or IPv6.
+</P>
<P>
<a href="https://%%AUTHCGIURL%%?0-0-0&en">Network Authentication</a>
<a href="http://%%AUTHCGIURL%%?0-0-0&en">Network Authentication(Unuse SSL)</a>
--- /dev/null
+<html>
+<head>
+<link rel="shortcut icon" href="%%OPENGATEDIR%%/favicon.ico" type="image/x-icon">
+<link rel="icon" href="%%OPENGATEDIR%%/favicon.ico" type="image/x-icon">
+<META HTTP-EQUIV="Content-Type" CONTENT="text/html;charset=iso-8859-1">
+<meta http-equiv="Pragma" content="no-cache">
+<META HTTP-EQUIV="Refresh" CONTENT="1; URL=%%PROTOCOL%%://%%CGIURL%%?addr=%%ADDR4%%&lang=%%LANGUAGE%%&redirectedurl=%%REDIRECTEDURL%%">
+
+<TITLE>OpengateStart</TITLE>
+</HEAD>
+<BODY onload="document.form1.submit();">
+
+<P align=CENTER>
+The network is closed. You will automatically re-check continuation. <BR>
+If you cannot move automatically, click the following.
+</P>
+
+<TABLE align=CENTER>
+<TR><TD>
+<FORM NAME="form1" METHOD="POST" ACTION="%%PROTOCOL%%://%%CGIURL%%">
+<INPUT TYPE="HIDDEN" NAME="language" VALUE="%%LANGUAGE%%">
+<INPUT TYPE="HIDDEN" NAME="remote_addr" VALUE="%%ADDR4%%">
+<INPUT TYPE="HIDDEN" NAME="redirected_url" VALUE="%%REDIRECTEDURL%%">
+
+<INPUT TYPE="SUBMIT" VALUE=" NEXT > ">
+</FORM>
+</TD></TR>
+</TABLE>
+
+
+</BODY>
+</HTML>
+
+
+
+
+
+
+
+
+
+
<META HTTP-EQUIV="Content-Type" CONTENT="text/html;charset=iso-8859-1">
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
-<META HTTP-EQUIV="Refresh" CONTENT="1; URL=https://%%AUTHCGIURL%%?addr=%%ADDR4%%&lang=en">
+<META HTTP-EQUIV="Refresh" CONTENT="1; URL=https://%%AUTHCGIURL%%?addr=%%ADDR4%%&lang=en&redirectedurl=%%REDIRECTEDURL%%">
<TITLE>OpengateStart</TITLE>
</HEAD>
<BODY>
-You will be redirected to the Opengate <i>Network Authentication</i> page momentarily.
+You will automatically enter to the page for <i>Network Authentication</i>
+by Opengate.
<P>
-If you are not redirected within a few seconds, please use one of the following links:
+If you cannot move to the page automatically, click the following.
<P>
<a href="https://%%AUTHCGIURL%%?addr=%%ADDR4%%&lang=en">Network Authentication</a><br>
<a href="http://%%AUTHCGIURL%%?addr=%%ADDR4%%&lang=en">Network Authentication(Unuse SSL)</a>
rand=Math.random();
nextKey=hex_md5(String(rand));
}catch(e){
- document.getElementById("watchdog").innerHTML = appletDescription;
+ document.getElementById("watchdog").innerHTML = "Error!:1";
}
}
- // java communication
else{
- document.getElementById("watchdog").innerHTML = appletDescription;
+ document.getElementById("watchdog").innerHTML = "Error!:2";
}
}
document.getElementById("dispmsg").innerHTML = hh+':'+mm;
if(httpObj.responseText=="hello") sendHello();
}else{
- document.getElementById("dispmsg").innerHTML = "Error!";
+ document.getElementById("dispmsg").innerHTML = "Error!:3";
}
}
}catch(e){
- document.getElementById("watchdog").innerHTML = "Error!";
+ document.getElementById("watchdog").innerHTML = "Error!:4";
}
}
}
}
-function initHttpkeep(urlArg, appletArg, sid)
+function initHttpkeep(urlArg, sid)
{
// save arguments
httpkeepUrl=urlArg;
- appletDescription=appletArg;
nowKey=hex_md5(sid);
sessionId=sid;
rand=Math.random();
</head>
<body>
<p>
-<p>\e$B%M%C%H%o!<%/$rMxMQ$G$-$^$9!#\e(B</p>
-<p>\e$BMxMQ$,=*$C$?$iI,$:\e(BWeb\e$B%V%i%&%6$r=*N;$7$F$/$@$5$$!#%M%C%H%o!<%/MxMQ5v2D$b<+F0E*$K<h$j>C$5$l$^$9!#\e(B
-</p>
+<p align=center>\e$B%M%C%H%o!<%/$rMxMQ$G$-$^$9!#\e(B</p>
<script language="JavaScript">
<!--
// usually the page is jumped to httpkeep.html
location.replace(%%HTTPKEEPURL%%);
-
-// if not jumped, process following
-if(!navigator.javaEnabled()){
- document.write("<p><b>Java\e$B$,L58z$K@_Dj$5$l$F$$$^$9!#@_Dj$rJQ99$7$F2<$5$$!#\e(B</b></p>");
-}
//-->
</script>
<noscript>
-<p><b>JavaScript\e$B$,L58z$K@_Dj$5$l$F$$$^$9!#@_Dj$rJQ99$7$F2<$5$$!#\e(B</b></p>
+<p align=center><b>JavaScript\e$B$,L58z$K@_Dj$5$l$F$$$^$9!#@_Dj$rJQ99$7$F$+$i!"%V%i%&%6$r:F5/F0$7$F$/$@$5$$!#\e(B</b></p>
</noscript>
+<p align=center>\e$B$3$N$^$^$G$bMxMQ$G$-$^$9$,!"%M%C%H%o!<%/$O\e(B<b>%%DURATION%%\e$BJ,\e(B</b>
+\e$B7P2a8e$KJD:?$H$J$j$^$9!#\e(B</p>
+
<p>
<TABLE cellSpacing=0 cellPadding=10
align=center bgColor=lightyellow border=1>
-<TR><TD >
-<b>
-<P align=center>
-\e$B$3$N%Z!<%8$r0\F0$7$?$jJD$8$?$j$9$k$H!"%M%C%H%o!<%/$,JD:?$5$l$^$9!#\e(B<p>
-</p>
-
-<P align=center>
-Web\e$B$NMxMQ$K$O2<$N%j%s%/$r2!$7$FI=<($5$l$kJL%&%$%s%I%&$r;H$C$F$/$@$5$$!#\e(B</p>
+<TR><TD>
+<p align=center><a href="%%STARTURL%%" target=_blank>
+<b>\e$B<!$X\e(B ></b></a></p>
+</TD></TR>
+</TABLE>
-<p align=center><a href="%%STARTURL%%" target=_blank>\e$BMxMQ3+;O\e(B</a></p>
+<p>
+<TABLE borderColor=red cellSpacing=0 cellPadding=10
+align=center bgColor=lightyellow border=3>
+<TR><TD>
+<p align=center>
+<font color=red>\e$B7Y9p\e(B</font>
+</p>
+<p align=center>
+\e$B%M%C%H%o!<%/$O!"\e(B<b>%%DURATION%%\e$BJ,\e(B</b>\e$B$,7P2a$9$k$^$G!"\e(B
+\e$B$"$J$?$N;q3J$G3+J|$7$F$7$^$9!#\e(B
+</p>
<P align=center>
-\e$B$^$?$O!"$3$N%Z!<%8$r:G>.2=$7$F$*$$$F!"JL%W%m%0%i%`$G%M%C%H%o!<%/$rMxMQ$7$F$/$@$5$$!#\e(B
+\e$B$"$J$?$,5n$C$?8e$G!"B>?M$,IT@5MxMQ$9$k$H!"\e(B
+\e$B$=$l$KH<$&%H%i%V%k$K4,$-9~$^$l$^$9!#\e(B<br>
+\e$BIT@5MxMQ$rKI$0$?$a!"Aa4|$NMxMQ=*N;;~$K$O!"\e(B
+\e$B2<$N%j%s%/$r%/%j%C%/$7$F$/$@$5$$!#\e(B
</p>
-</b>
+
+<p align=center><a href="%%TERMINATEURL%%">\e$BMxMQ=*N;\e(B</a></p>
</TD></TR>
</TABLE>
</p>
-<hr />
-<div align="center">
- <applet code="Opengate.class" archive="Opengate.jar"
- codebase="%%OPENGATEDIR%%" width="600" height="30" >
- <param name=port value="%%OPENGATEPORT%%">
- <param name=user value="%%USERID%%">
- <param name=sessionid value="%%SESSIONID%%">
- <param name=lang value="%%LANGUAGE%%">
- </applet>
-</div>
-<hr />
-
-<p>\e$B>e$N\e(B2\e$BK\$N@~$N4V$K2+?'$N%P!<$,I=<($5$l$J$$>l9g!"\e(B
-<a href="%%TERMINATEURL%%"><b>\e$BMxMQCfCG\e(B</b></a>\e$B$r%/%j%C%/$7$F$+$i\e(B
-\e$B%V%i%&%6$r=*N;$7$F$/$@$5$$!#G'>Z%Z!<%8$,I=<($5$l$J$$>l9g$O!"\e(B
-\e$BDL>o$H$OJL$N%Z!<%8$r%"%/%;%9$7$F$_$F$/$@$5$$!#\e(B
-</p>
-
-<script language="JavaScript">
-<!--
- window.open("%%STARTURL%%","window1");
-//-->
-</script>
-
</body>
</html>
+++ /dev/null
-<html>
-<head>
-<link rel="shortcut icon" href="%%OPENGATEDIR%%/favicon.ico" type="image/x-icon">
-<link rel="icon" href="%%OPENGATEDIR%%/favicon.ico" type="image/x-icon">
-<meta http-equiv="Content-Type" content="text/html;charset=iso-2022-jp">
-<title>Opengatemain</title>
-</head>
-<body>
-
-<p>\e$B%M%C%H%o!<%/$rMxMQ$G$-$^$9!#\e(B</p>
-<p>\e$BMxMQ$,=*$C$?$iI,$:\e(BWeb\e$B%V%i%&%6$r=*N;$7$F$/$@$5$$!#%M%C%H%o!<%/MxMQ5v2D$b<+F0E*$K<h$j>C$5$l$^$9!#\e(B
-</p>
-
-<script language="JavaScript">
-<!--
-if(!navigator.javaEnabled()){
- document.write("<p><b>Java\e$B$,L58z$K@_Dj$5$l$F$$$^$9!#JQ99$7$F2<$5$$!#\e(B</b></p>");
-}
-//-->
-</script>
-<noscript>
-<p><b>JavaScript\e$B$,L58z$K@_Dj$5$l$F$$$^$9!#JQ99$7$F2<$5$$!#\e(B</b></p>
-</noscript>
-
-<p>
-<TABLE cellSpacing=0 cellPadding=10
-align=center bgColor=lightyellow border=1>
-<TR><TD >
-<b>
-
-<P align=center>
-\e$B$3$N%Z!<%8$r0\F0$7$?$jJD$8$?$j$9$k$H!"%M%C%H%o!<%/$,JD:?$5$l$^$9!#\e(B<p>
-
-<P align=center>
-Web\e$B$NMxMQ$K$O2<$N%\%?%s$r2!$7$FI=<($5$l$kJL%&%$%s%I%&$r;H$C$F$/$@$5$$!#\e(B</p>
-
-<FORM onclick='window.open("%%STARTURL%%")'>
-<div align=center><INPUT TYPE="button" VALUE=" \e$BMx\e(B \e$BMQ\e(B \e$B3+\e(B \e$B;O\e(B "></div>
-</FORM>
-
-<noscript>
-<p align=center><a href="%%STARTURL%%" target=_blank>\e$BMxMQ3+;O\e(B</a></p>
-</noscript>
-
-<P align=center>
-\e$B$^$?$O!"$3$N%Z!<%8$r:G>.2=$7$F$*$$$F!"JL%W%m%0%i%`$G%M%C%H%o!<%/$rMxMQ$7$F$/$@$5$$!#\e(B
-</p>
-</b>
-</TD></TR>
-</TABLE>
-</p>
-
-
-<hr />
-<div align="center">
- <applet code="Opengate.class" archive="Opengate.jar"
- codebase="%%OPENGATEDIR%%" width="600" height="30" >
- <param name=port value="%%OPENGATEPORT%%">
- <param name=user value="%%USERID%%">
- <param name=sessionid value="%%SESSIONID%%">
- <param name=lang value="%%LANGUAGE%%">
- </applet>
-</div>
-<hr />
-
-<p>\e$B>e$N\e(B2\e$BK\$N@~$N4V$K2+?'$N%P!<$,I=<($5$l$J$$>l9g!"\e(BJava\e$B$,F0$$$F$$$^$;$s!#\e(B
-<a href="%%TERMINATEURL%%"><b>\e$BMxMQCfCG\e(B</b></a>\e$B$r%/%j%C%/$7$F\e(B
-\e$B%V%i%&%6$r=*N;$7$F$/$@$5$$!#\e(B
-\e$B$^$?$O!"\e(B<a href=http://java.com/ja/index.jsp><b>java.com</b></a>
-\e$B$+$i\e(BJavaPlugIn\e$B$r%@%&%s%m!<%I$7$F!"@_Dj$rM-8z$K$9$l$P!"\e(B
-Java\e$B$rF0$+$9$3$H$,$G$-$^$9!#\e(B
-\e$BG'>Z%Z!<%8$,I=<($5$l$J$$>l9g$O!"\e(B
-\e$BDL>o$H$OJL$N%Z!<%8$r%"%/%;%9$7$F$_$F$/$@$5$$!#\e(B
-</p>
-<script language="JavaScript">
-<!--
- window.open("%%STARTURL%%","window1");
-//-->
-</script>
-
-</body>
-</html>
-
-
-
-
<body>
-<p align=center>\e$B%M%C%H%o!<%/$rMxMQ$G$-$^$9!#%M%C%H%o!<%/$O\e(B<b>%%DURATION%%\e$BJ,\e(B</b>\e$B7P2a8e$KJD:?$H$J$j$^$9!#\e(B</p>
+<p align=center>\e$B%M%C%H%o!<%/$rMxMQ$G$-$^$9!#\e(B
+\e$B%M%C%H%o!<%/$O\e(B<b>%%DURATION%%\e$BJ,\e(B</b>\e$B7P2a8e$KJD:?$H$J$j$^$9!#\e(B</p>
-
-<noscript>
-<p align=center><b>JavaScript\e$B$,L58z$G$9!#@_Dj$rJQ$($F$/$@$5$$!#\e(B</b></p>
-</noscript>
+<p>
+<TABLE cellSpacing=0 cellPadding=10
+align=center bgColor=lightyellow border=1>
+<TR><TD>
+<p align=center><a href="%%STARTURL%%" target=_blank>\e$B<!$X\e(B ></a></p>
+</TD></TR>
+</TABLE>
+</p>
<p>
<TABLE borderColor=red cellSpacing=0 cellPadding=10
<font color=red>\e$B7Y9p\e(B</font>
</p>
<p align=center>
-\e$B%M%C%H%o!<%/$O!"\e(B%%DURATION%%\e$BJ,$,7P2a$9$k$^$G!"$"$J$?$N;q3J$G3+J|$7$F$7$^$9!#\e(B
+\e$B%M%C%H%o!<%/$O!"\e(B<b>%%DURATION%%\e$BJ,\e(B</b>\e$B$,7P2a$9$k$^$G!"\e(B
+\e$B$"$J$?$N;q3J$G3+J|$7$F$7$^$9!#\e(B
</p>
<P align=center>
-\e$B$"$J$?$,5n$C$?8e$G!"B>?M$,IT@5MxMQ$9$k$H!"$=$l$KH<$&%H%i%V%k$K4,$-9~$^$l$^$9!#\e(B<br>
-\e$BIT@5MxMQ$rKI$0$?$a!"Aa4|$NMxMQ=*N;;~$K$O!"2<$N%\%?%s$r%/%j%C%/$7$F$/$@$5$$!#\e(B
+\e$B$"$J$?$,5n$C$?8e$G!"B>?M$,IT@5MxMQ$9$k$H!"\e(B
+\e$B$=$l$KH<$&%H%i%V%k$K4,$-9~$^$l$^$9!#\e(B<br>
+\e$BIT@5MxMQ$rKI$0$?$a!"Aa4|$NMxMQ=*N;;~$K$O!"\e(B
+\e$B2<$N%j%s%/$r%/%j%C%/$7$F$/$@$5$$!#\e(B
</p>
-
-<FORM onclick='location.replace("%%TERMINATEURL%%")'>
-<div align=center><INPUT TYPE="button" VALUE=" \e$BMx\e(B \e$BMQ\e(B \e$B=*\e(B \e$BN;\e(B "></div>
-</FORM>
-
-<noscript>
<p align=center><a href="%%TERMINATEURL%%">\e$BMxMQ=*N;\e(B</a></p>
-</noscript>
-
-<p align=center>
-\e$BMxMQ;~4V;XDj$O?d>)$5$l$^$;$s!#2DG=$J8B$jMxMQ;~4V$rF~NO$7$J$$$G$/$@$5$$!#\e(B</p>
-
-</TD></TR>
-</TABLE>
-</p>
-
-
-<p>
-<TABLE cellSpacing=0 cellPadding=10
-align=center bgColor=lightyellow border=1>
-<TR><TD >
-
-<P align=center>
-Web\e$B$NMxMQ$K$O2<$N%\%?%s$r2!$7$FI=<($5$l$kJL%&%$%s%I%&$r;H$C$F$/$@$5$$!#\e(B</p>
-
-<FORM onclick='window.open("%%STARTURL%%")'>
-<div align=center><INPUT TYPE="button" VALUE=" \e$BMx\e(B \e$BMQ\e(B \e$B3+\e(B \e$B;O\e(B "></div>
-</FORM>
-
-<noscript>
-<p align=center><a href="%%STARTURL%%" target=_blank>\e$BMxMQ3+;O\e(B</a></p>
-</noscript>
-
-<P align=center>
-\e$B$^$?$O!"$3$N%Z!<%8$r:G>.2=$7$F$*$$$F!"JL%W%m%0%i%`$G%M%C%H%o!<%/$rMxMQ$7$F$/$@$5$$!#\e(B
-</p>
-
</TD></TR>
</TABLE>
</p>
-
-<p align=center>\e$B$3$N%Z!<%8$OJD$8$F$b9=$$$^$;$s$,!"Aa4|$NMxMQ=*N;$,$G$-$J$/$J$j$^$9!#$J$*!"G'>Z%Z!<%8$,I=<($5$l$J$$>l9g$O!"DL>o$H$OJL$N%Z!<%8$r%"%/%;%9$7$F$_$F$/$@$5$$!#\e(B</p>
-
<script language="JavaScript">
<!--
window.open("%%STARTURL%%","window1");
//-->
</script>
-
</body>
</html>
+++ /dev/null
-<HTML>
-<link rel="shortcut icon" href="%%OPENGATEDIR%%/favicon.ico" type="image/x-icon">
-<link rel="icon" href="%%OPENGATEDIR%%/favicon.ico" type="image/x-icon">
-<META HTTP-EQUIV="Content-Type" CONTENT="text/html;charset=iso-2022-jp">
-<HEAD>
-<TITLE>Opengatedeny</TITLE>
-</HEAD>
-<BODY>
-<P>
-\e$B%M%C%H%o!<%/MxMQG'>Z$K<:GT$7$^$7$?!#$b$&0lEY$d$jD>$7$F2<$5$$!#\e(B
-</P>
-<A HREF="https://%%AUTHCGIURL%%?addr=%%ADDR4%%&lang=ja"><H3>\e$BLa$k\e(B</H3></A>
-</BODY>
-</HTML>
<P>
\e$B%M%C%H%o!<%/MxMQG'>Z$K<:GT$7$^$7$?!#$b$&0lEY$d$jD>$7$F2<$5$$!#\e(B
</P>
-<A HREF="http://%%AUTHCGIURL%%?addr=%%ADDR4%%&lang=ja"><H3>\e$BLa$k\e(B</H3></A>
+<A HREF="%%PROTOCOL%%://%%AUTHCGIURL%%?addr=%%ADDR4%%&lang=%%LANGUAGE%%"><H3>\e$BLa$k\e(B</H3></A>
</BODY>
</HTML>
</head>
-<body onunload="endHttpkeep();alert('[\e$B%M%C%H%o!<%/MxMQ=*N;\e(B]\n\n\e$B2+?'%P!<I=<($N%Z!<%8$rJD$8$k$H%M%C%H%o!<%/$,JD:?$7$^$9!#\e(B\n\e$BMxMQ7QB3Cf$O2+?'%P!<I=<($N%Z!<%8$rJD$8$J$$$G$/$@$5$$!#\e(B');">
+<body onunload="endHttpkeep();">
<p>\e$B%M%C%H%o!<%/$rMxMQ$G$-$^$9!#\e(B<br>
<FORM onclick='window.open("%%STARTURL%%")'>
-<div align=center><INPUT TYPE="button" VALUE=" \e$BMx\e(B \e$BMQ\e(B \e$B3+\e(B \e$B;O\e(B "></div>
+ <div align=center><INPUT TYPE="button" VALUE=" \e$B<!\e(B \e$B$X\e(B > "></div>
</FORM>
</p>
<noscript>
-<p align=center><a href="%%STARTURL%%" target=_blank>\e$BMxMQ3+;O\e(B</a></p>
+<p align=center><a href="%%STARTURL%%" target=_blank>\e$B<!$X\e(B></a></p>
</noscript>
<P align=center>
</p>
<hr />
-<p>\e$B>e$N\e(B2\e$BK\$N@~$N4V$K2+?'$N%P!<$,I=<($5$l$J$+$C$?$j%M%C%H%o!<%/$,JD:?$5$l$k\e(B
-\e$B$J$IF0:n$,$*$+$7$$>l9g$O!"\e(B<a href="%%TERMINATEURL%%"><b>\e$BMxMQCfCG\e(B
-</b></a>\e$B$r%/%j%C%/$7$F$+$i%V%i%&%6$r=*N;$7$F$/$@$5$$!#\e(B
-\e$B$^$?G'>Z%Z!<%8$,I=<($5$l$J$$>l9g$O!"\e(B
-\e$BDL>o$H$OJL$N%Z!<%8$r%"%/%;%9$7$F$_$F$/$@$5$$!#\e(B
+<p>\e$B>e$N\e(B2\e$BK\$N@~$N4V$K\e(B[Error!]\e$B$,I=<($5$l$k$H$-$d$=$NB>$NIT6q9g$,$"$k;~$O!"%[!<%`$d$=$NB>$N%5%$%H$+$i%"%/%;%9$7$J$*$7$F$/$@$5$$!#$=$l$G$b2~A1$7$J$$>l9g$O%V%i%&%6$r=*N;$7$F$+$i:F;n9T$7$F$/$@$5$$!#$^$?G'>Z2hLL$NMxMQ;~4V%U%#!<%k%I$KCM$r$$$l$k$H!"$=$N;~4V$@$1;HMQ$9$k$3$H$,$G$-$^$9!#\e(B
</p>
+
<script type="text/JavaScript">
//<!--
window.open("%%STARTURL%%","window1");
- applet =' <applet code="Opengate.class" archive="Opengate.jar" ';
- applet +=' codebase="http://%%OPENGATESERVERNAME%%%%OPENGATEDIR%%" width="600" height="30" > ';
- applet +=' <param name=port value="%%OPENGATEPORT%%"> ';
- applet +=' <param name=user value="%%USERID%%"> ';
- applet +=' <param name=sessionid value="%%SESSIONID%%"> ';
- applet +=' <param name=lang value="%%LANGUAGE%%"> ';
- applet +=' </applet> ';
-
- initHttpkeep("%%HTTPHELLOURL%%",applet,"%%SESSIONID%%");
+ initHttpkeep("%%HTTPHELLOURL%%","%%SESSIONID%%");
//-->
</script>
-
</body>
</html>
<p>
<form method="POST" action="https://%%CGIURL%%">
-<input type="HIDDEN" name="language" value="ja">
+<input type="HIDDEN" name="language" value="%%LANGUAGE%%">
<input type="HIDDEN" name="remote_addr" value="%%ADDR4%%">
+<INPUT TYPE="HIDDEN" NAME="redirected_url" VALUE="%%REDIRECTEDURL%%">
<table border=0>
<tr nowrap>
\e$B%Q%9%o!<%I$NEpD0$rKI$0$?$a$K!"$G$-$k$@$1\e(BSSL\e$BBP1~G'>Z$rMxMQ$7$F2<$5$$!#\e(B
</P>
-<P><A HREF="https://%%AUTHCGIURL%%?addr=%%ADDR4%%&lang=ja">SSL\e$BBP1~G'>Z\e(B</A></P>
+<P><A HREF="https://%%AUTHCGIURL%%?addr=%%ADDR4%%&lang=%%LANGUAGE%%">
+SSL\e$BBP1~G'>Z\e(B</A></P>
<P>
<FORM METHOD="POST" ACTION="http://%%CGIURL%%">
-<INPUT TYPE="HIDDEN" NAME="language" VALUE="ja">
+<INPUT TYPE="HIDDEN" NAME="language" VALUE="%%LANGUAGE%%">
<INPUT TYPE="HIDDEN" NAME="remote_addr" VALUE="%%ADDR4%%">
+<INPUT TYPE="HIDDEN" NAME="redirected_url" VALUE="%%REDIRECTEDURL%%">
<TABLE BORDER=0>
<TR NOWRAP>
<HR>
<SMALL>
<P>
-IPv4/IPv6\e$B%G%e%"%k%9%?%C%/$N%5%]!<%H$,ITMW$N>l9g$K$O0J2<$rMxMQ2<$5$$!#\e(BIPv4\e$B$H\e(BIPv6\e$B$N$I$A$i$+0lJ}$N$_$r@)8f$7$^$9!#\e(B
+\e$B0J2<$N%j%s%/$b;HMQ$G$-$^$9$,!"\e(BIPv4\e$B$H\e(BIPv6\e$B$N$I$A$i$+0lJ}$N$_$r@)8f$7$^$9!#\e(B
</P>
<P>
<a href="https://%%AUTHCGIURL%%?0-0-0&ja">\e$B%M%C%H%o!<%/MxMQ<TG'>Z\e(B</a> <a href="http://%%AUTHCGIURL%%?0-0-0&ja">\e$B%M%C%H%o!<%/MxMQ<TG'>Z!J\e(BSSL\e$BHsBP1~!K\e(B</a>
--- /dev/null
+<html>
+<head>
+<link rel="shortcut icon" href="%%OPENGATEDIR%%/favicon.ico" type="image/x-icon">
+<link rel="icon" href="%%OPENGATEDIR%%/favicon.ico" type="image/x-icon">
+<meta http-equiv="Content-Type" content="text/html;charset=iso-2022-jp">
+<meta http-equiv="Pragma" content="no-cache">
+<META HTTP-EQUIV="Refresh" CONTENT="1; URL=%%PROTOCOL%%://%%CGIURL%%?addr=%%ADDR4%%&lang=%%LANGUAGE%%&redirectedurl=%%REDIRECTEDURL%%">
+
+<TITLE>OpengateStart</TITLE>
+</HEAD>
+<BODY onload="document.form1.submit();">
+
+<P align=CENTER>
+\e$B%M%C%H%o!<%/$,JD:?$7$^$7$?!#:F3+J|$r3NG'$7$^$9!#\e(B<BR>
+\e$B<+F00\F0$G$-$J$$J}$O2<$N%\%?%s$r%/%j%C%/$7$F2<$5$$!#\e(B
+</P>
+
+<TABLE align=CENTER>
+<TR><TD>
+<FORM NAME="form1" METHOD="POST" ACTION="%%PROTOCOL%%://%%CGIURL%%">
+<INPUT TYPE="HIDDEN" NAME="language" VALUE="%%LANGUAGE%%">
+<INPUT TYPE="HIDDEN" NAME="remote_addr" VALUE="%%ADDR4%%">
+<INPUT TYPE="HIDDEN" NAME="redirected_url" VALUE="%%REDIRECTEDURL%%">
+<INPUT TYPE="SUBMIT" VALUE=" \e$B<!$X\e(B > ">
+</FORM>
+</TD></TR>
+</TABLE>
+
+</BODY>
+</HTML>
+
+
+
+
+
+
+
+
+
+
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html;charset=iso-2022-jp">
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
-<META HTTP-EQUIV="Refresh" CONTENT="1; URL=https://%%AUTHCGIURL%%?addr=%%ADDR4%%&lang=ja">
+<META HTTP-EQUIV="Refresh" CONTENT="1; URL=https://%%AUTHCGIURL%%?addr=%%ADDR4%%&lang=ja&redirectedurl=%%REDIRECTEDURL%%">
<TITLE>OpengateStart</TITLE>
</HEAD>
INSTALLDOCPATH = ${WWWTOP}${DOCDIR}${OPENGATEDIR}
INSTALLCGIPATH = ${WWWTOP}${CGIDIR}${OPENGATEDIR}
-CFLAGS= -g -O4 -Wall
+CFLAGS= -g -O4 -Wall -I/usr/local/include
.if exists(/usr/local/include/ldap.h)
-LIBS = -lssl -lcrypto -lradius -lpam -lezxml -L../ezxml -lldap -llber -L/usr/local/lib
-.else
-LIBS = -lssl -lcrypto -lradius -lpam -lezxml -L../ezxml
+LIBLDAP = -lldap -llber
.endif
+.if exists(/usr/local/include/sqlite3.h)
+LIBSQLITE = -lsqlite3
+.endif
+
+LIBS = -lssl -lcrypto -lradius -lpam -lezxml ${LIBLDAP} ${LIBSQLITE} -L../ezxml -L/usr/local/lib
+
+
OBJS = utilities.o comm-auth.o comm-cgi.o watch-client.o comm-ipfw.o comm-ip6fw.c comm-arp.o comm-ndp.o error.o tcp_connect.o sock_ntop_host.o wrapper.o signal.o auth-pam.o auth-rad.o auth-pop3s.o comm-userdb.o get-param.o auth-ftps.o auth-ldap.o htmltemplate.o addr-convert.o get-mac.o ctrl-firewall.o ctrl-alarms.o
MAINPROGO = main.o
HDRS = opengatesrv.h
#
install-html:
- ## Copy HTML documents and java ##
+ ## Copy HTML documents and etc ##
.if !exists(${INSTALLDOCPATH})
mkdir ${INSTALLDOCPATH}
.endif
.endif
cp ../conf/opengatesrv.conf.sample ${CONFIGPATH}
cp ../conf/rc.firewall.sample ${CONFIGPATH}
- cp ../conf/rc.firewall4.sample ${CONFIGPATH}
- cp ../conf/rc.firewall6.sample ${CONFIGPATH}
cp ../conf/ipfwctrl.pl.sample ${CONFIGPATH}
sed 's|<DocumentRoot>.*</DocumentRoot>|<DocumentRoot>${DOCUMENTROOT}</DocumentRoot>|' ../conf/opengatesrv.conf.sample | sed 's|<CgiDir>.*</CgiDir>|<CgiDir>${CGIDIR}</CgiDir>|' | sed 's|<OpengateDir>.*</OpengateDir>|<OpengateDir>${OPENGATEDIR}</OpengateDir>|' | sed 's|<LockFile>.*</LockFile>|<LockFile>${LOCKFILE}</LockFile>|' > ${CONFIGPATH}/opengatesrv.conf.sample
#
comm-ndp.o: ${HDRS}
comm-userdb.o: ${HDRS}
-
+.if !exists(/usr/local/include/sqlite3.h)
+ ${CC} ${CFLAGS} -DSQLITE3_NOT_INSTALLED -c $<
+.endif
ctrl-firewall.o: ${HDRS}
ctrl-alarms.o: ${HDRS}
auth-ftps.o: ${HDRS}
auth-ldap.o: ${HDRS}
-.if exists(/usr/local/include/ldap.h)
- ${CC} ${CFLAGS} -I/usr/local/include -c $<
-.else
+.if !exists(/usr/local/include/ldap.h)
${CC} ${CFLAGS} -DLDAP_NOT_INSTALLED -c $<
.endif
int timeout;
/* if no userid or no passwd, then deny */
- if(userid[0]=='\0')return DENY;
- if(passwd[0]=='\0')return DENY;
+ //if(userid[0]=='\0')return DENY;
+ //if(passwd[0]=='\0')return DENY;
/* authserver get timeout value */
timeout=atoi(GetConfValue("AuthServer/Timeout"));
#define hex2num(x) ((x)>='A' ? ((x) & 0XDF) - 'A' +10 : ((x) - '0'))
int isHttpWatchEnableClient(void);
-int isJavaWatchEnableClient(void);
void split(char content[], char *name[], char *value[], char *next[]);
void decode(char *string);
-char language[WORDMAXLN]; /* message language in java applet */
-
/*******************************/
/* get the client addr */
/*******************************/
/********************************************/
/* get Post data from the client */
/********************************************/
-int getPostData(char *userid, char *password, char *clientAddr4, int *durationPtr, int *durationEntered)
+int getPostData(char *userid, char *password, char *clientAddr4, int *durationPtr, int *durationEntered, char *language, char *redirectedUrl)
{
- int contentLen;
- char content[BUFFMAXLN];
+ int contentLen=0;
+ int queryStrLen=0;
+ char content[BUFFMAXLN]="";
+ char queryStr[BUFFMAXLN]="";
char *name[1];
char *value[1];
char *next[1];
char *ptr;
- char durationStr[WORDMAXLN];
- char langList[BUFFMAXLN];
- char encodeAddr4[ADDRMAXLN];
- char accessAddr[ADDRMAXLN];
+ char durationStr[WORDMAXLN]="";
+ char langList[BUFFMAXLN]="";
+ char encodeAddr4[ADDRMAXLN]="";
+ char accessAddr[ADDRMAXLN]="";
/* get content sent from web input */
- if(getenv("CONTENT_LENGTH")==NULL){
- err_msg("ERR at %s#%d: CONTENT_LENGTH is not defined",__FILE__,__LINE__);
- return FALSE;
- }
-
- contentLen=atoi(getenv("CONTENT_LENGTH"));
- if(contentLen==0){
- err_msg("ERR at %s#%d: CONTENT_LENGTH is zero",__FILE__,__LINE__);
- return FALSE;
+ if(getenv("CONTENT_LENGTH")!=NULL
+ &&(contentLen=atoi(getenv("CONTENT_LENGTH")))!=0){
+
+ contentLen++; /* for terminate ch */
+ if(contentLen > BUFFMAXLN) contentLen=BUFFMAXLN;
+ if(fgets(content, contentLen, stdin) == NULL){
+ content[0]='\0';
+ }
+
+ /* get items from string */
+ userid[0]='\0';
+ password[0]='\0';
+ encodeAddr4[0]='\0';
+ language[0]='\0';
+ durationStr[0]='\0';
+ redirectedUrl[0]='\0';
+
+ ptr=content;
+
+ while(ptr!=NULL){
+ split(ptr, name, value, next);
+
+ if(strstr(name[0], "userid")!=NULL){
+ strncpy(userid, value[0], USERMAXLN);
+ }else if(strstr(name[0], "password")!=NULL){
+ strncpy(password, value[0], PASSMAXLN);
+ }else if(strstr(name[0],"remote_addr")!=NULL){
+ strncpy(encodeAddr4,value[0],ADDRMAXLN);
+ }else if(strstr(name[0], "language")!=NULL){
+ strncpy(language, value[0], WORDMAXLN);
+ }else if(strstr(name[0], "duration")!=NULL){
+ strncpy(durationStr, value[0], WORDMAXLN);
+ }else if(strstr(name[0], "redirected_url")!=NULL){
+ strncpy(redirectedUrl, value[0], BUFFMAXLN);
+ }
+ ptr=next[0];
+ }
}
- contentLen++; /* for terminate ch */
- if(contentLen > BUFFMAXLN) contentLen=BUFFMAXLN;
- if(fgets(content, contentLen, stdin) == NULL){
- content[0]='\0';
+ /* get paremeters from query string (not post but in url) */
+ if(getenv("QUERY_STRING")!=NULL
+ &&(queryStrLen=strlen(getenv("QUERY_STRING")))!=0){
+
+ /* get html access parameter string */
+ strncpy(queryStr, getenv("QUERY_STRING"), BUFFMAXLN);
+
+ /* split language and address in content
+ [addr=0-0-0&lang=ja&redirectedurl=xxxx] */
+ ptr=queryStr;
+ while(ptr!=NULL){
+ split(ptr, name, value, next);
+ if(strstr(name[0], "addr")!=NULL){
+ strncpy(encodeAddr4,value[0],ADDRMAXLN);
+ }else if(strstr(name[0], "lang")!=NULL){
+ strncpy(language, value[0], WORDMAXLN);
+ }else if(strstr(name[0], "redirectedurl")!=NULL){
+ strncpy(redirectedUrl, value[0], BUFFMAXLN);
+ }
+ ptr=next[0];
+ }
}
- /* get items from string */
- userid[0]='\0';
- password[0]='\0';
- encodeAddr4[0]='\0';
- language[0]='\0';
- durationStr[0]='\0';
-
- ptr=content;
-
- while(ptr!=NULL){
- split(ptr, name, value, next);
-
- if(strstr(name[0], "userid")!=NULL){
- strncpy(userid, value[0], USERMAXLN);
- }else if(strstr(name[0], "password")!=NULL){
- strncpy(password, value[0], PASSMAXLN);
- }else if(strstr(name[0],"remote_addr")!=NULL){
- strncpy(encodeAddr4,value[0],ADDRMAXLN);
- }else if(strstr(name[0], "language")!=NULL){
- strncpy(language, value[0], WORDMAXLN);
- }else if(strstr(name[0], "duration")!=NULL){
- strncpy(durationStr, value[0], WORDMAXLN);
- }
- ptr=next[0];
+ /* no content and no query string */
+ if(contentLen==0 && queryStrLen==0){
+ err_msg("ERR at %s#%d: no parameter is aquired",__FILE__,__LINE__);
+ return FALSE;
}
/* decode the HTTP encoding */
decode(encodeAddr4);
decode(language);
decode(durationStr);
+ decode(redirectedUrl);
/* if not available language, use first lang */
strncpy(langList, GetConfValue("HtmlLangs"), BUFFMAXLN); /* list of available languages */
&& strncmp(accessAddr, clientAddr4, ADDRMAXLN)!=0){ /* and not same */
strncpy(clientAddr4, accessAddr, ADDRMAXLN);
}
+
+ /* if no userid, set useid="?" */
+ if(isNull(userid)){
+ userid[0]='?';
+ userid[1]='\0';
+ }
+
return TRUE;
}
+/********************************************/
+/* get data related to cookie from client */
+/********************************************/
+int getCookieData(char *userid, char *clientAddr4, int *duration, int *durationEntered, char *language)
+{
+ char cookie[SIDMAXLN]=""; /* md5 session key from cookie */
+ char useridInCookie[USERMAXLN]=""; /* userid from cookie */
+ char macAddr[ADDRMAXLN]=""; /* mac address from arp */
+ char macAddrInDb[ADDRMAXLN]=""; /* mac address in DB */
+
+ /* get cookie values */
+ if(!GetAuthCookie(cookie,useridInCookie)) return FALSE;
+
+ /* get related info from DB */
+ if(!GetSessionInfoFromDb(cookie, userid, clientAddr4, macAddrInDb,
+ duration, durationEntered, language)) return FALSE;
+
+ /* if userid is changed, cookie auth is failed */
+ if(strcmp(useridInCookie, userid)!=0) return FALSE;
+
+ /* if mac addr is changed, cookie auth is failed */
+ GetMacAddrFromArp(clientAddr4, macAddr);
+ if(strcmp(macAddr, macAddrInDb)!=0) return FALSE;
+
+ return TRUE;
+}
+
+/*********************************************/
+/* get HTTP-Cookie for OpengateAuth */
+/*********************************************/
+int getAuthCookie(char *cookie, char *userid){
+ char content[BUFFMAXLN];
+ char *name[1];
+ char *value[1];
+ char *next[1];
+ char *ptr;
+
+ /* reset buffer */
+ cookie[0]='\0';
+ userid[0]='\0';
+
+ /* if exist cookie, copy it to work area */
+ if(isNull(getenv("HTTP_COOKIE"))) return FALSE;
+ strncpy(content, getenv("HTTP_COOKIE"), BUFFMAXLN);
+ ptr=content;
+
+
+ /* get valuses of cookie */
+ while(ptr!=NULL){
+ split(ptr, name, value, next);
+
+ if(strstr(name[0], "OpengateAuth")!=NULL){
+ strncpy(cookie, value[0], SIDMAXLN);
+ }else if(strstr(name[0], "Userid")!=NULL){
+ strncpy(userid, value[0], USERMAXLN);
+ }
+ ptr=next[0];
+ }
+
+ if(isNull(cookie)) return FALSE;
+ else return TRUE;
+}
+
/*********************************************/
/* deny message to the client */
/*********************************************/
-void putClientDeny(char *clientAddr4)
+void putClientDeny(char *clientAddr4, char *language)
{
- char denydoc[BUFFMAXLN];
- char authCgiUrl[BUFFMAXLN];
- char encodeAddr[ADDRMAXLN];
- char opengateDir[BUFFMAXLN];
+ char denydoc[BUFFMAXLN]="";
+ char authCgiUrl[BUFFMAXLN]="";
+ char encodeAddr[ADDRMAXLN]="";
+ char opengateDir[BUFFMAXLN]="";
+ char protocol[WORDMAXLN]="";
/* keyword pairs */
/* the left key is replaced by the right value */
{"%%OPENGATEDIR%%", opengateDir},
{"%%AUTHCGIURL%%", authCgiUrl},
{"%%ADDR4%%", encodeAddr},
+ {"%%LANGUAGE%%", language},
+ {"%%PROTOCOL%%", protocol},
{"",""} /* DON'T REMOVE THIS LINE */
};
encodeAddr[0]='\0';
}
- /* make path to the denydoc for ssl or non-ssl */
+ /* protocol is ssl or non-ssl */
if(strcmp(getenv("SERVER_PORT"),GetServicePortStr("https"))==0){
- snprintf(denydoc, BUFFMAXLN, "%s%s/%s/%s",GetConfValue("DocumentRoot"),
- GetConfValue("OpengateDir"),language,GetConfValue("DenyDocSsl"));
+ strncpy(protocol, "https",WORDMAXLN);
}else{
- snprintf(denydoc, BUFFMAXLN, "%s%s/%s/%s",GetConfValue("DocumentRoot"),
- GetConfValue("OpengateDir"),language,GetConfValue("DenyDoc"));
+ strncpy(protocol, "http",WORDMAXLN);
}
+ /* document path to deny doc */
+ snprintf(denydoc, BUFFMAXLN, "%s%s/%s/%s",GetConfValue("DocumentRoot"),
+ GetConfValue("OpengateDir"),language,GetConfValue("DenyDoc"));
+
/* replace keyword and send out the file */
- printf("Content-type: text/html\r\n\r\n\r\n");
+ printf("Content-type: text/html\r\n\r\n");
HtmlTemplate(denydoc, keys);
return;
/*********************************************/
/* deny message to the client */
/*********************************************/
-void putClientRetry(char *lang)
+void putClientRetry(char *language)
{
char retrydoc[BUFFMAXLN];
char externalUrl[BUFFMAXLN];
{"%%OPENGATEDIR%%", opengateDir},
{"%%EXTERNALURL%%", externalUrl},
{"%%AUTHCGIURL%%", authCgiUrl},
+ {"%%LANGUAGE%%", language},
{"",""} /* DON'T REMOVE THIS LINE */
};
/* make read in path to the retry document */
snprintf(retrydoc, BUFFMAXLN, "%s%s/%s/%s",GetConfValue("DocumentRoot"),
- opengateDir,lang,GetConfValue("RetryDoc"));
+ opengateDir,language,GetConfValue("RetryDoc"));
/* replace keyword and send out the file */
printf("Content-type: text/html\r\n\r\n\r\n");
/*********************************************/
void putClientMsg(char *message)
{
- printf("Content-type: text/html\r\n\r\n\r\n");
+ printf("Content-type: text/html\r\n\r\n");
printf("<HTML><HEAD><TITLE>OpengateMsg</TITLE></HEAD> \r\n");
printf("<BODY> \r\n");
printf("%s\r\n", message);
}
+
/*********************************************/
-/* put accept message and java to the client */
+/* put accept message and javascript to the client */
/*********************************************/
-void putClientAccept(char *userid, char *sessionId, int port, int pid, char *clientAddr4, char *clientAddr6, int ipStatus, int duration, int durationEntered)
+void putClientAccept(char *userid, char *sessionId, int port, int pid, char *clientAddr4, char *clientAddr6, int ipStatus, int duration, int durationEntered, char *language, char *cookie, int cookieAuth, char *redirectedUrl)
{
+
FILE *fp;
char buff[BUFFMAXLN];
- char acceptdoc[BUFFMAXLN];
- char acceptdoc2url[BUFFMAXLN];
- char terminateurl[BUFFMAXLN];
+ char acceptDocPath[BUFFMAXLN];
+ char acceptDoc2Url[BUFFMAXLN];
+ char terminateUrl[BUFFMAXLN];
char httpkeepUrl[BUFFMAXLN];
char portStr[WORDMAXLN];
char durationStr[WORDMAXLN];
- char *acceptDoc;
-
- char *startPageUrl=GetConfValue("StartPage/Url");
- int startPageType=atoi(GetConfValue("StartPage/Type"));
+ char *pAcceptDoc;
char *opengateDir=GetConfValue("OpengateDir");
char *opengateServerName=GetConfValue("OpengateServerName");
+ char *startPageUrl="";
+ int startPageType=atoi(GetConfValue("StartPage/Type"));
/* select proper accept doc */
switch(toupper(*GetConfValue("WatchMode"))){
case 'H':
default:
if(isHttpWatchEnableClient()){
- acceptDoc=GetConfValue("AcceptDocHttp");
- }else if(isJavaWatchEnableClient()){
- acceptDoc=GetConfValue("AcceptDocJava");
+ pAcceptDoc=GetConfValue("AcceptDocHttp");
}else{
- acceptDoc=GetConfValue("AcceptDocTime");
- }
- break;
-
- /* JAVA watch mode */
- case 'J':
- if(isJavaWatchEnableClient()){
- acceptDoc=GetConfValue("AcceptDocJava");
- }else if(isHttpWatchEnableClient()){
- acceptDoc=GetConfValue("AcceptDocHttp");
- }else{
- acceptDoc=GetConfValue("AcceptDocTime");
+ pAcceptDoc=GetConfValue("AcceptDocTime");
}
break;
/* TIMEOUT watch mode */
case 'T':
- acceptDoc=GetConfValue("AcceptDocTime");
+ pAcceptDoc=GetConfValue("AcceptDocTime");
break;
}
/* if positive value is set in duration, TIME watch mode is selected */
- if(durationEntered) acceptDoc=GetConfValue("AcceptDocTime");
+ if(durationEntered) pAcceptDoc=GetConfValue("AcceptDocTime");
/* create path to acceptdoc */
- snprintf(acceptdoc, BUFFMAXLN, "%s%s/%s/%s",GetConfValue("DocumentRoot"),
- GetConfValue("OpengateDir"),language,acceptDoc);
+ snprintf(acceptDocPath, BUFFMAXLN, "%s%s/%s/%s",GetConfValue("DocumentRoot"),
+ GetConfValue("OpengateDir"),language,pAcceptDoc);
- snprintf(acceptdoc2url, BUFFMAXLN,
+ snprintf(acceptDoc2Url, BUFFMAXLN,
"http://%s%s/%s/%s",GetConfValue("OpengateServerName"),
GetConfValue("OpengateDir"),language,GetConfValue("AcceptDoc2"));
/* create terminate url [http://<servaddr>:<port>/terminate-<pid>] */
- snprintf(terminateurl, BUFFMAXLN, "http://%s:%d/terminate-%d",
+ snprintf(terminateUrl, BUFFMAXLN, "http://%s:%d/terminate-%d",
GetConfValue("OpengateServerName"), port, getpid());
/* create httpkeep page url
snprintf(durationStr, WORDMAXLN, "%d", duration/60);
/* open acceptdoc */
- if((fp=fopen(acceptdoc, "r"))==NULL){
- err_msg("ERR at %s#%d: cannot open %s",__FILE__,__LINE__,acceptdoc);
+ if((fp=fopen(acceptDocPath, "r"))==NULL){
+ err_msg("ERR at %s#%d: cannot open %s",__FILE__,__LINE__,acceptDocPath);
PutClientMsg("Cannot find html document");
return;
}
+ /* create start page url to put information */
+ if(cookieAuth==1) startPageUrl=redirectedUrl;
+ else if(startPageType==0) startPageUrl=acceptDoc2Url;
+ else if(startPageType==1) startPageUrl=GetConfValue("StartPage/Url");
+ else if(startPageType==2) startPageUrl=redirectedUrl;
+ else startPageUrl=acceptDoc2Url;
+
+ /* write out html headers */
+ printf("Content-type: text/html\r\n");
+ printf("Set-Cookie: OpengateAuth=%s&Userid=%s;\r\n\r\n", cookie, userid);
+
/* read html document from file and send to web */
- printf("Content-type: text/html\r\n\r\n\r\n");
while(fgets(buff, BUFFMAXLN, fp)!=NULL){
/* length check */
if(strlen(buff)>=BUFFMAXLN-1){
- err_msg("ERR at %s#%d: too long line in %s",__FILE__,__LINE__,acceptdoc);
+ err_msg("ERR at %s#%d: too long line in %s",__FILE__,__LINE__,acceptDocPath);
}
/* replace mark */
htmlReplace(buff, "%%USERID%%", userid);
htmlReplace(buff, "%%SESSIONID%%", sessionId);
htmlReplace(buff, "%%LANGUAGE%%", language);
-
- htmlReplace(buff, "%%TERMINATEURL%%", terminateurl);
+ htmlReplace(buff, "%%TERMINATEURL%%", terminateUrl);
htmlReplace(buff, "%%HTTPKEEPURL%%", httpkeepUrl);
-
- /* replace information url mark */
- if( startPageType==1 ){
- htmlReplace(buff, "%%STARTURL%%", startPageUrl);
- }else{
- htmlReplace(buff, "%%STARTURL%%", acceptdoc2url);
- }
-
+ htmlReplace(buff, "%%STARTURL%%", startPageUrl);
+
/* write out */
printf("%s",buff);
}
+
/* write end */
fputs("\r\n\r\n",stdout);
fclose(fp);
return TRUE;
}
-/********************************************/
-/* is the client enable to load Java Applet */
-/********************************************/
-int isJavaWatchEnableClient(void)
-{
- /* some user agent does not support Java Applet */
- if(RegExMatch(getenv("HTTP_USER_AGENT"),
- GetConfValue("JavaWatch/SkipAgentPattern"))) return FALSE;
-
- return TRUE;
-}
-
/************************************/
/* split value for indicated name */
/* in content "name=value&..." */
}
-int GetPostData(char *userid, char *password, char *clientAddr4, int *durationPtr, int *durationEntered)
+int GetPostData(char *userid, char *password, char *clientAddr4, int *durationPtr, int *durationEntered, char *language, char *redirectedUrl)
{
int ret;
if(debug>1) err_msg("DEBUG:=>getPostData( )");
- ret=getPostData(userid,password,clientAddr4,durationPtr,durationEntered);
- if(debug>1) err_msg("DEBUG:%d<=getPostData(%s,passwd,%s,%d,%d)",ret,userid,clientAddr4,*durationPtr,durationEntered);
+ ret=getPostData(userid,password,clientAddr4,durationPtr,durationEntered,language,redirectedUrl);
+ if(debug>1) err_msg("DEBUG:%d<=getPostData(%s,%s,%d,%d,%s)",ret,userid,clientAddr4,*durationPtr,durationEntered,language,redirectedUrl);
return ret;
}
-void PutClientAccept(char *userid, char *sessionId, int port, int pid, char *clientAddr4, char *clientAddr6, int ipStatus, int duration, int durationEntered)
+void PutClientAccept(char *userid, char *sessionId, int port, int pid, char *clientAddr4, char *clientAddr6, int ipStatus, int duration, int durationEntered, char *language, char *cookie, int cookieAuth, char *redirectedUrl)
{
- if(debug>1) err_msg("DEBUG:=>putClientAccept(%s,%s,%d,%d,%s,%s,%d,%d,%d)",userid,sessionId,port,pid,clientAddr4,clientAddr6,ipStatus, duration, durationEntered);
- putClientAccept(userid,sessionId,port,pid,clientAddr4,clientAddr6,ipStatus,duration, durationEntered);
+ if(debug>1) err_msg("DEBUG:=>putClientAccept(%s,%s,%d,%d,%s,%s,%d,%d,%d,%s,%s,%d,%s)",userid,sessionId,port,pid,clientAddr4,clientAddr6,ipStatus, duration, durationEntered, language, cookie, cookieAuth, redirectedUrl);
+ putClientAccept(userid,sessionId,port,pid,clientAddr4,clientAddr6,ipStatus,duration, durationEntered, language, cookie, cookieAuth,redirectedUrl);
if(debug>1) err_msg("DEBUG:<=putClientAccept( )");
}
-void PutClientDeny(char *clientAddr4)
+void PutClientDeny(char *clientAddr4, char *language)
{
- if(debug>1) err_msg("DEBUG:=>putClientDeny(&s)",clientAddr4);
- putClientDeny(clientAddr4);
+ if(debug>1) err_msg("DEBUG:=>putClientDeny(%s,%s)",clientAddr4,language);
+ putClientDeny(clientAddr4,language);
if(debug>1) err_msg("DEBUG:<=putClientDeny( )");
}
if(debug>1) err_msg("DEBUG:(%d)<=checkReferer( )",ret);
return ret;
}
+
+int GetAuthCookie(char *cookie, char *userid){
+ int ret;
+
+ if(debug>1) err_msg("DEBUG:=>getAuthCookie( )");
+ ret=getAuthCookie(cookie, userid);
+ if(debug>1) err_msg("DEBUG:%d<=getAuthCookie(%s,%s)",
+ ret,cookie,userid);
+ return ret;
+}
+
+int GetCookieData(char *userid, char *clientAddr4, int *duration, int *durationEntered, char *language){
+ int ret;
+
+ if(debug>1) err_msg("DEBUG:=>getCookieData( )");
+ ret=getCookieData(userid,clientAddr4,duration,durationEntered,language);
+ if(debug>1) err_msg("DEBUG:%d<=getCookieData(%s,passwd,%s,%d,%d,%s)",ret,userid,clientAddr4,*duration,*durationEntered,language);
+ return ret;
+}
/**************************************************\r
opengate server\r
- module for Controling ip6fw \r
+ module for Controling ipfw for IPv6 address \r
\r
Copyright (C) 2005 Opengate Project Team\r
Written by Katsuhiko Eguchi, 2005 \r
\r
#include "opengatesrv.h"\r
\r
-char ruleNumber6[WORDMAXLN]; /* ip6fw rule number in string form */\r
+char ruleNumber6[WORDMAXLN]; /* ipfw rule number in string form */\r
\r
int getRuleNumber6(char *clientAddr6);\r
int GetRuleNumber6(char *clientAddr6);\r
\r
Sigfunc *defaultSigFunc;\r
\r
- /* exclusive exec of ip6fw to avoid overlapped rule number */\r
+ /* exclusive exec of ipfw to avoid overlapped rule number */\r
\r
/**** prepare ****/\r
/* open lockfile */\r
}\r
\r
/**** write rules ****/\r
- if(atoi(GetConfValue("Ip6fwScript/Enable"))){\r
+ if(atoi(GetConfValue("IpfwScript/Enable"))){\r
/********** use perl script to control firewall ************/\r
\r
- if(Systeml(1, GetConfValue("Ip6fwScript/Path"),GetConfValue("Ip6fwPath"),\r
+ if(Systeml(1, GetConfValue("IpfwScript/Path"),GetConfValue("IpfwPath"),\r
ruleNumber6,clientAddr6,\r
- userid,macAddr6,userProperty,(char *)0) != 0){\r
- err_msg("ERR at %s#%d: exec ip6fw script error",__FILE__,__LINE__);\r
+ userid,macAddr6,userProperty,\r
+ GetConfValue("IpfwTagNumber"),(char *)0) != 0){\r
+ err_msg("ERR at %s#%d: exec ipfw script error",__FILE__,__LINE__);\r
ret=1; /* abmormal */\r
}\r
\r
\r
}else{\r
/********** direct control of firewall **********************/\r
- /********** add outgoing ip6fw rule for the client *************/\r
- if(Systeml(1, GetConfValue("Ip6fwPath"),"-q","add",ruleNumber6,"allow","all",\r
- "from",clientAddr6,"to","any",(char *)0) != 0){\r
- err_msg("ERR at %s#%d: exec ip6fw add error",__FILE__,__LINE__);\r
+ /********** add outgoing ipfw rule for the client *************/\r
+ if(Systeml(1, GetConfValue("IpfwPath"),"-q","add",ruleNumber6,\r
+ "count","tag",GetConfValue("IpfwTagNumber"),\r
+ "ip","from",clientAddr6,"to","any",(char *)0) != 0){\r
+ err_msg("ERR at %s#%d: exec ipfw add error",__FILE__,__LINE__);\r
ret=1;\r
}\r
\r
Unlock(fd);\r
Close(fd); /* because reserved number is used */\r
\r
- /********** add incoming ip6fw rule for the client *************/\r
- if(Systeml(1, GetConfValue("Ip6fwPath"),"-q","add",ruleNumber6,"allow","all",\r
- "from","any","to",clientAddr6,(char *)0) != 0){\r
- err_msg("ERR at %s#%d: exec ip6fw add error",__FILE__,__LINE__);\r
+ /********** add incoming ipfw rule for the client *************/\r
+ if(Systeml(1, GetConfValue("IpfwPath"),"-q","add",ruleNumber6,\r
+ "count","tag",GetConfValue("IpfwTagNumber"),\r
+ "ip","from","any","to",clientAddr6,(char *)0) != 0){\r
+ err_msg("ERR at %s#%d: exec ipfw add error",__FILE__,__LINE__);\r
ret=1; /* abnormal */\r
}\r
}\r
int hour, min, sec;\r
time_t timeOut;\r
\r
- /********** del ip6fw rule for the client *************/\r
+ /********** del ipfw rule for the client *************/\r
DelIp6fwRule(pClientAddr->ruleNumber);\r
\r
timeOut = time(NULL);\r
\r
\r
/***********************************************/\r
-/* delete ip6fw rule */\r
+/* delete ipfw rule */\r
/***********************************************/\r
void delIp6fwRule(char *ruleNumber)\r
{\r
int ruleCount;\r
- int i;\r
\r
/* get rule count */\r
ruleCount = CountRuleNumber6(ruleNumber);\r
\r
/* delete rule */\r
- /* [ip6fw del num] deletes one rule registered in the rule number */\r
- for(i=0;i<ruleCount;i++){\r
- if(Systeml(1, GetConfValue("Ip6fwPath"),"delete",ruleNumber,(char *)0) != 0){\r
- /* ip6fw deletes one rule but ipfw deletes all rules for the number */\r
- /* thus this error occurs at ipfw del. it is normal. */\r
- /* err_msg("ERR at %s#%d: exec ip6fw del error",__FILE__,__LINE__);*/\r
- }\r
+ if(Systeml(1, GetConfValue("IpfwPath"),"delete",ruleNumber,(char *)0) != 0){\r
+ err_msg("ERR at %s#%d: exec ipfw del error",__FILE__,__LINE__);\r
}\r
}\r
\r
/**************************************/\r
-/* get unused ip6fw rule number */\r
+/* get unused ipfw rule number */\r
/* error if addr is already in rules */ \r
/* return value ret>0: acquired rule number that can be used */\r
/* ret=-1: no rule number available */\r
int fileStatus;\r
enum status {NORMAL, ABNORMAL, FOUND, NOTFOUND, DUPLICATED};\r
\r
- if((fpipe=Popenl(1, "r", GetConfValue("Ip6fwPath"),"list",(char *)0)) == NULL){ \r
- err_msg("ERR at %s#%d: exec ip6fw list error",__FILE__,__LINE__);\r
+ if((fpipe=Popenl(1, "r", GetConfValue("IpfwPath"),"list",(char *)0)) == NULL){ \r
+ err_msg("ERR at %s#%d: exec ipfw list error",__FILE__,__LINE__);\r
}\r
\r
/* search unused rule number in the list read from pipe */\r
fileStatus=NORMAL;\r
\r
/* get rule range from config */\r
- ip6fwmin=atoi(GetConfValue("Ip6fwRule/Min"));\r
- ip6fwmax=atoi(GetConfValue("Ip6fwRule/Max"));\r
- ip6fwinterval=atoi(GetConfValue("Ip6fwRule/Interval"));\r
+ ip6fwmin=atoi(GetConfValue("IpfwRule/Min"));\r
+ ip6fwmax=atoi(GetConfValue("IpfwRule/Max"));\r
+ ip6fwinterval=atoi(GetConfValue("IpfwRule/Interval"));\r
\r
/* each port is checked whether it can be used for new rule or not */\r
for(num=ip6fwmin;num<=ip6fwmax;num+=ip6fwinterval){\r
break;\r
}\r
if( sscanf(buf, "%d", &readinNum) !=1 ){\r
- err_msg("ERR at %s#%d: abnormal ip6fw response[ %s ]",\r
+ err_msg("ERR at %s#%d: abnormal ipfw response[ %s ]",\r
__FILE__,__LINE__,buf);\r
fileStatus=ABNORMAL; /* abnormal responsem exit internal loop */\r
break;\r
Pclose(fpipe);\r
\r
if(fileStatus==ABNORMAL){\r
- err_msg("ERR at %s#%d: abnormal ip6fw response ",__FILE__,__LINE__);\r
+ err_msg("ERR at %s#%d: abnormal ipfw response ",__FILE__,__LINE__);\r
return -2;\r
}\r
if(portStatus==NOTFOUND){\r
- err_msg("ERR at %s#%d: cannot get unused ip6fw number",__FILE__,__LINE__);\r
+ err_msg("ERR at %s#%d: cannot get unused ipfw number",__FILE__,__LINE__);\r
return -1;\r
}\r
if(portStatus==DUPLICATED){\r
}\r
\r
/*******************************/\r
-/* get packet count from ip6fw */\r
+/* get packet count from ipfw */\r
/*******************************/\r
int getPacketCount6(char *ruleNumber)\r
{\r
int packets,packetsSum;\r
\r
/* exec proc */\r
- if((fpipe=Popenl(1, "r", GetConfValue("Ip6fwPath"),"-a","list",ruleNumber,(char *)0)) == NULL){ \r
- err_msg("ERR at %s#%d: exec ip6fw -a list error",__FILE__,__LINE__);\r
+ if((fpipe=Popenl(1, "r", GetConfValue("IpfwPath"),"-a","list",ruleNumber,(char *)0)) == NULL){ \r
+ err_msg("ERR at %s#%d: exec ipfw -a list error",__FILE__,__LINE__);\r
return 0; /* abnormal */\r
}\r
\r
int ruleCount;\r
\r
/* exec proc */\r
- if((fpipe=Popenl(1, "r", GetConfValue("Ip6fwPath"),"list",ruleNumber,(char *)0)) == NULL){ \r
- err_msg("ERR at %s#%d: exec ip6fw list error",__FILE__,__LINE__);\r
+ if((fpipe=Popenl(1, "r", GetConfValue("IpfwPath"),"list",ruleNumber,(char *)0)) == NULL){ \r
+ err_msg("ERR at %s#%d: exec ipfw list error",__FILE__,__LINE__);\r
}\r
\r
/* count line read from pipe */\r
if(Systeml(1, GetConfValue("IpfwScript/Path"),GetConfValue("IpfwPath"),
ruleNumber4,clientAddr4,
- userid,macAddr4,userProperty,(char *)0) != 0){
+ userid,macAddr4,userProperty,
+ GetConfValue("IpfwTagNumber"),(char *)0) != 0){
err_msg("ERR at %s#%d: exec script error",__FILE__,__LINE__);
ret=1; /* abnormal */
}
}else{
/********** direct control of firewall **********************/
/********** add outgoing ipfw rule for the client *************/
- if(Systeml(1, GetConfValue("IpfwPath"),"-q","add",ruleNumber4,"allow","ip",
- "from",clientAddr4,"to","any",(char *)0) != 0){
+ if(Systeml(1, GetConfValue("IpfwPath"),"-q","add",ruleNumber4,
+ "count","tag",GetConfValue("IpfwTagNumber"),
+ "ip","from",clientAddr4,"to","any",(char *)0) != 0){
err_msg("ERR at %s#%d: exec ipfw add error",__FILE__,__LINE__);
ret=1; /* abnormal */
}
Unlock(fd);
Close(fd); /* because reserved number is used */
- if(Systeml(1, GetConfValue("IpfwPath"),"-q","add",ruleNumber4,"allow","ip",
- "from","any","to",clientAddr4,(char *)0) != 0){
+ if(Systeml(1, GetConfValue("IpfwPath"),"-q","add",ruleNumber4,
+ "count","tag",GetConfValue("IpfwTagNumber"),
+ "ip","from","any","to",clientAddr4,(char *)0) != 0){
err_msg("ERR at %s#%d: exec ipfw add error",__FILE__,__LINE__);
ret=1; /* abnormal */
}
/*************************************************
opengate server
- module for Controling user DB
+ module for Controlling user DB
- *** Edit this file to set user property ***
**************************************************/
#include "opengatesrv.h"
+#include <sqlite3.h>
+
+
+/**************************************************************/
+/* write session info to session control database at start */
+/**************************************************************/
+int putSessionBeginToDb(char* cookie, char* userid,
+ char* clientAddr4, char* clientAddr6,
+ char* macAddr4,
+ char* ruleNumber4, char* ruleNumber6,
+ int duration, int durationEntered,
+ int cookieAuth, char *language){
+
+ int rc;
+ sqlite3 *db;
+ char *pErrMsg;
+ /* SQL CREATE COMMAND */
+ char *createCmd="CREATE TABLE session (cookie TEXT PRIMARY KEY,\
+ userid TEXT, pid INTEGER, openTime TEXT, closeTime TEXT,\
+ clientAddr4 TEXT, clientAddr6 TEXT, macAddr TEXT,\
+ ruleNumber4 INTEGER, ruleNumber6 INTEGER,duration INTEGER,\
+ durationEntered INTEGER, cookieAuth INTEGER, language TEXT, watchMode TEXT)";
+
+ /* SQL INSERT COMMAND, where %x is replaced in snprintf */
+ char *insertFormat="INSERT INTO session\
+ (cookie, userid, pid, openTime, closeTime,\
+ clientAddr4, clientAddr6, macAddr, ruleNumber4, ruleNumber6,\
+ duration, durationEntered, cookieAuth, language, watchMode)\
+ values ('%s','%s',%d,\
+ datetime(%d,'unixepoch','localtime'),\
+ '-','%s','%s','%s', '%s', '%s', %d, %d, %d, '%s', '-')";
+ char *insertCmd;
+ int resultFlag=TRUE;
+
+ /* Open sqlite */
+ if(sqlite3_open(GetConfValue("SqliteDb"),&db)!=SQLITE_OK){
+ err_msg("ERR at %s#%d: sqlite3_open",__FILE__,__LINE__);
+ sqlite3_close(db);
+ return FALSE;
+ }
+
+ /* Prepare insert command */
+ insertCmd=sqlite3_mprintf(insertFormat,cookie,userid,
+ getpid(),time(NULL),clientAddr4,clientAddr6,
+ macAddr4,ruleNumber4,ruleNumber6,
+ duration,durationEntered,cookieAuth,language);
+
+ /* Execute insert to sqlite */
+ if((rc=sqlite3_exec(db, insertCmd, NULL, NULL, &pErrMsg))!=SQLITE_OK){
+
+ /* If the error is 'no such table' It might be initial state */
+ if(rc==SQLITE_ERROR && strstr(pErrMsg, "no such table:")!=NULL){
+
+ /* retry from create */
+ if(sqlite3_exec(db, createCmd, NULL, NULL, &pErrMsg)!=SQLITE_OK){
+ resultFlag=FALSE;
+ err_msg("ERR at %s#%d: sqlite3_exec: %s",__FILE__,__LINE__,pErrMsg);
+ }
+ if(sqlite3_exec(db, insertCmd, NULL, NULL, &pErrMsg)!=SQLITE_OK){
+ resultFlag=FALSE;
+ err_msg("ERR at %s#%d: sqlite3_exec: %s",__FILE__,__LINE__,pErrMsg);
+ }
+ }
+
+ /* If the error is 'table session has no column named xxx' */
+ /* It might be adding column in varsion up */
+ else if(rc==SQLITE_ERROR && strstr(pErrMsg, "has no column named")!=NULL){
+ err_msg("ERR at %s#%d: DB format is changed in version up, remove '%s' and retry",__FILE__,__LINE__,GetConfValue("SqliteDb"));
+ resultFlag=FALSE;
+ }
+
+ /* Other errors */
+ else{
+ resultFlag=FALSE;
+ err_msg("ERR at %s#%d: sqlite3_exec: %s",__FILE__,__LINE__,pErrMsg);
+ }
+ }
+
+ /*Memory free for sqlite3 string */
+ sqlite3_free(insertCmd);
+
+ /* Sqlite close */
+ sqlite3_close(db);
+
+ return resultFlag;
+}
+
+/**************************************************************/
+/* write session info to session control database at stop */
+/**************************************************************/
+int putSessionEndToDb(char* cookie, char* watchMode){
+
+ sqlite3 *db;
+ char *pErrMsg;
+
+ /* SQL UPDATE COMMAND, where %x is replaced in mprintf */
+ char *updateFormat="UPDATE session SET closeTime=\
+ datetime(%d,'unixepoch','localtime'), watchMode='%s' WHERE cookie='%s'";
+ char *updateCmd;
+ int resultFlag=TRUE;
+
+ /* open sqlite */
+ if(sqlite3_open(GetConfValue("SqliteDb"),&db)!=SQLITE_OK){
+ err_msg("ERR at %s#%d: sqlite3_open",__FILE__,__LINE__);
+ sqlite3_close(db);
+ return FALSE;
+ }
+
+ /* prepare command */
+ updateCmd=sqlite3_mprintf(updateFormat, time(NULL), watchMode, cookie);
+
+ /* execute replace to sqlite */
+ if(sqlite3_exec(db, updateCmd, NULL, NULL, &pErrMsg)!=SQLITE_OK){
+ resultFlag=FALSE;
+ err_msg("ERR at %s#%d: sqlite3_exec: %s",__FILE__,__LINE__,pErrMsg);
+ }
+
+ /*memory free for sqlite3 string */
+ sqlite3_free(updateCmd);
+
+ /* sqlite close */
+ sqlite3_close(db);
+
+ return resultFlag;
+}
+
+/*************************************************/
+/* read userid and others from session database */
+/*************************************************/
+int getSessionInfoFromDb(char* cookie, char* userid,
+ char* clientAddr4, char *macAddr,
+ int *duration, int *durationEntered, char *language){
+
+ sqlite3 *db;
+ sqlite3_stmt *stmt;
+
+ /* SQL UPDATE COMMAND, where %x is replaced in snprintf */
+ char *selectFormat="SELECT userid, clientAddr4, macAddr,\
+ duration, durationEntered,language FROM session WHERE cookie='%s'";
+ char *selectCmd;
+ int resultFlag=TRUE;
+
+ /* open sqlite */
+ if(sqlite3_open(GetConfValue("SqliteDb"),&db)!=SQLITE_OK){
+ err_msg("ERR at %s#%d: sqlite3_open",__FILE__,__LINE__);
+ sqlite3_close(db);
+ return FALSE;
+ }
+
+ /* prepare command string */
+ selectCmd=sqlite3_mprintf(selectFormat, cookie);
+
+ /* compile to internal statement */
+ if(sqlite3_prepare(db, selectCmd, BUFFMAXLN, &stmt, NULL)!=SQLITE_OK){
+ resultFlag=FALSE;
+ err_msg("ERR at %s#%d: sqlite3_prepare:%s",__FILE__,__LINE__,
+ sqlite3_errmsg(db));
+
+ /* finalize */
+ sqlite3_free(selectCmd);
+ sqlite3_finalize(stmt);
+ sqlite3_close(db);
+ return FALSE;
+ }
+
+ /* get first match item */
+ if(sqlite3_step(stmt)==SQLITE_ROW){
+ strncpy(userid, (char*)sqlite3_column_text(stmt, 0), USERMAXLN);
+ strncpy(clientAddr4, (char*)sqlite3_column_text(stmt, 1), USERMAXLN);
+ strncpy(macAddr, (char*)sqlite3_column_text(stmt, 2), USERMAXLN);
+ *duration=(int)sqlite3_column_int(stmt, 3);
+ *durationEntered=(int)sqlite3_column_int(stmt, 4);
+ strncpy(language, (char*)sqlite3_column_text(stmt, 5), WORDMAXLN);
+ resultFlag=TRUE;
+ }else{
+ resultFlag=FALSE;
+ }
+
+ /* finalize */
+ sqlite3_free(selectCmd);
+ sqlite3_finalize(stmt);
+ sqlite3_close(db);
+
+ return resultFlag;
+}
/********************************************************/
-/* get user property from user db */
+/* get user property from property db (NOT implemented) */
/********************************************************/
int getUserProperty(char userid[USERMAXLN], char userProperty[BUFFMAXLN])
{
/*****************************************************/
/* REPLACE THE FOLLOWING WITH YOUR DATABASE ACCESS ROUTINE */
+ userProperty[0]='\0'; /* The User has No Property */
+ return ACCEPT; /* The User is Accepted */
+}
+/* debug write routine */
+int PutSessionBeginToDb(char* cookie, char* userid,
+ char* clientAddr4, char* clientAddr6,
+ char* macAddr4,
+ char* ruleNumber4, char* ruleNumber6,
+ int duration, int durationEntered,
+ int cookieAuth, char *language){
+ int ret;
- userProperty[0]='\0'; /* The User has No Property */
- return ACCEPT; /* The User is Accepted */
+ if(debug>1) err_msg("DEBUG:=>putSessionBeginToDb(%s,%s,%s,%s,%s,%s,%s,%d,%d,%d,%s)",
+ cookie,userid,clientAddr4,clientAddr6,
+ macAddr4,ruleNumber4,ruleNumber6,
+ duration,durationEntered,cookieAuth,language);
+ ret=putSessionBeginToDb(cookie,userid,clientAddr4,clientAddr6,
+ macAddr4,ruleNumber4,ruleNumber6,
+ duration,durationEntered,cookieAuth,language);
+ if(debug>1) err_msg("DEBUG:(%d)<=putSessionBeginToDb()",ret);
+ return ret;
+}
+
+int PutSessionEndToDb(char* cookie, char* watchMode){
+ int ret;
+ if(debug>1) err_msg("DEBUG:=>putSessionEndToDb(%s,%s)",cookie, watchMode);
+ ret=putSessionEndToDb(cookie,watchMode);
+ if(debug>1) err_msg("DEBUG:(%d)<=putSessionEndToDb()",ret);
+ return ret;
+}
+
+int GetSessionInfoFromDb(char* cookie, char* userid, char* clientAddr4,
+ char *macAddr, int *duration, int *durationEntered,
+ char *language){
+ int ret;
+
+ if(debug>1) err_msg("DEBUG:=>getInfoFromDb(%s)",cookie);
+ ret=getSessionInfoFromDb(cookie,userid,clientAddr4, macAddr,
+ duration,durationEntered,language);
+ if(debug>1) err_msg("DEBUG:(%d)<=getInfoFromDb(%s,%s,%s,%s,%d,%d,%s)",
+ ret,cookie,userid,clientAddr4, macAddr,
+ *duration,*durationEntered,language);
+ return ret;
}
-/* debug write routine */
int GetUserProperty(char *userid, char *userProperty)
{
int ret;
return ret;
}
+
#include "opengatesrv.h"
#include "../ezxml/ezxml.h"
-#define CONFIG_VERSION "1.4.23"
+#define CONFIG_VERSION "1.5.0"
#define SEPARATOR "/"
int debug=0;
extern char ruleNumber4[WORDMAXLN]; /* ipfw rule number in string form */
extern char ruleNumber6[WORDMAXLN]; /* ip6fw rule number in string form */
-extern char language[WORDMAXLN];
+char language[WORDMAXLN];
char clientAddr4[ADDRMAXLN]=""; /* client addr (nnn.nnn.nnn.nnn) */
char clientAddr6[ADDRMAXLN]=""; /* client addr (nnnn:nnnn:xxxx::xxxx) 128bit */
time_t timeIn, timeOut;
int ipStatus; /* flag for IPV4ONLY,IPV6ONLY or IPV46DUAL */
int connectionMode; /* client connect mode */
+char *mode[3]={"NONE","HTTP","TIME"};
+
/* variable to measuring processing time (in msec) */
struct timeval timeBeginCgi, timeBeginWait, timeConnect, timeDisconnect;
-char sessionId[BUFFMAXLN]; /* session ID */
+char sessionId[SIDMAXLN]=""; /* session ID */
+char cookie[SIDMAXLN]=""; /* cookie */
+char redirectedUrl[BUFFMAXLN]=""; /* redirected URL (requested URL before fwd) */
void PutCloseMsg(time_t timeOut, time_t timeIn);
void SetProcessTitle(char *useridshort, char *clientAddr4, char * ruleNumber4, char *clientAddr6, char * ruleNumber6, int ipStatus);
/***************************************************/
int main(int argc, char **argv)
{
- char password[PASSMAXLN];
+ char password[PASSMAXLN]="";
int port;
int dummyfd[2];
int pid;
int parentpid;
- int duration; /* requested usage duration */
- int durationEntered; /* the duration value is entered or not */
+ int duration=0; /* requested usage duration */
+ int durationEntered=0; /* the duration value is entered or not */
int authResult=DENY;
int authNum=1; /* present authserver number to check user */
+ int cookieAuth=FALSE; /* Auth with HTTP-Cookie is enabled */
/* drop root privilege */
seteuid(getuid());
/* get default language at the top of lang list */
sscanf(GetConfValue("HtmlLangs"), "%s", language);
- /* check referer */
+ /* check referer */
if(CheckReferer()==FALSE){
PutClientRetry(language);
return 0;
}
- /* get POST data */
- if(GetPostData(userid, password, clientAddr4, &duration, &durationEntered)==FALSE){
+ /* get POST data from HTTP request */
+ if(GetPostData(userid, password, clientAddr4,
+ &duration, &durationEntered, language, redirectedUrl)==FALSE){
PutClientRetry(language);
return 0;
}
+ /* Try to authentication with cookie data */
+ cookieAuth=GetCookieData(userid, clientAddr4,
+ &duration,&durationEntered,language);
+
/* split user@server to user and server */
SplitId(userid, useridshort, extraId);
/* get MAC address from arp and ndp */
GetMacAddr(clientAddr4, macAddr4, clientAddr6, macAddr6,ipStatus);
-
/* check user by authenticate servers */
- while(SelectNextAuthServer()){
-
- /* authenticate the user with authentication servers */
- authResult=AuthenticateUser(useridshort, password);
-
- /* if pass, exit the loop */
- if(authResult==ACCEPT) break;
-
- /* else continue the loop */
- err_msg("DENY:(auth%d) user %s from %s at %s",
- authNum, userid, clientAddr4, macAddr4);
- authNum++;
+ if(cookieAuth) authResult=ACCEPT;
+ else{
+ while(SelectNextAuthServer()){
+
+ /* authenticate the user with authentication servers */
+ authResult=AuthenticateUser(useridshort, password);
+
+ /* if success, exit loop */
+ if(authResult==ACCEPT) break;
+
+ /* else put out error message */
+ err_msg("DENY:(auth%d) user %s from %s at %s",
+ authNum, userid, clientAddr4, macAddr4);
+ authNum++;
+ }
}
/* if not authenticate, send deny to the client and exit */
if(authResult!=ACCEPT){
- PutClientDeny(clientAddr4);
+ PutClientDeny(clientAddr4, language);
return 0;
}
return 0;
}
- /* create session ID */
+ /* create sessionID(for hello check) and HTTP-Cookie(for auth) */
CreateSessionId(sessionId);
+ CreateCookie(cookie);
/* set terminate signal handler */
if(Signal(SIGTERM, closeExit)==SIG_ERR){
timeIn=time(NULL);
/* set (ruleNumber,userid,clientAddr) in process title */
- SetProcessTitle(useridshort,clientAddr4,ruleNumber4,clientAddr6,ruleNumber6,ipStatus);
+ SetProcessTitle(userid,clientAddr4,ruleNumber4,clientAddr6,ruleNumber6,ipStatus);
/* get temporary port for server-listen */
port=GetListenPort();
if(pid!=0){
/** parent process **/
- /* send accept page with java */
- PutClientAccept(userid, sessionId, port, pid, clientAddr4, clientAddr6, ipStatus, duration, durationEntered);
+ /* send accept page with javascript */
+ PutClientAccept(userid, sessionId, port, pid, clientAddr4, clientAddr6,
+ ipStatus, duration, durationEntered, language,
+ cookie, cookieAuth, redirectedUrl);
/* detach from Web server */
return 0;
}
+
/** child process **/
/* detach from Web server */
Pipe(dummyfd); /* connect dummy pipe for stdin and out */
+ /* write the opening information to database */
+ /* this should be in child process as to save watch-process PID */
+ PutSessionBeginToDb(cookie, userid, clientAddr4, clientAddr6,
+ macAddr4, ruleNumber4, ruleNumber6,
+ duration, durationEntered, cookieAuth, language);
+
/* get time at the client wait start (in msec) */
gettimeofday(&timeBeginWait, NULL) ;
/* wait connection from the client */
/* if no connection, close gate when duration is passed */
/* or ipaddr for the macAddr4 is changed */
- connectionMode=WaitClientConnect(userid, userProperty, sessionId, clientAddr4, clientAddr6, duration, macAddr4, macAddr6, ipStatus, pClientAddr, language, port, parentpid);
+ connectionMode=WaitClientConnect(userid, userProperty, sessionId,
+ clientAddr4, clientAddr6, duration,
+ macAddr4, macAddr6, ipStatus,
+ pClientAddr, language, port, parentpid,
+ cookieAuth,redirectedUrl);
/* get time at the client connection (in msec) */
gettimeofday(&timeConnect, NULL) ;
- if(connectionMode==JAVACONNECT){
-
- /* wait until the java applet quit */
- /* close gate when no reply to temporal hello or end of TCP connection */
- /* macAddr6 is used for NDP to search addition ipaddr */
- WaitJavaClose(pClientAddr, userid, userProperty, macAddr4, macAddr6, ipStatus);
- }
- else if(connectionMode==HTTPCONNECT){
+ if(connectionMode==HTTPCONNECT){
/* wait until the http keep alive is closed */
- WaitHttpClose(pClientAddr, userid, userProperty, macAddr4, macAddr6, ipStatus, sessionId, port);
+ WaitHttpClose(pClientAddr, userid, userProperty, macAddr4, macAddr6,
+ ipStatus, sessionId, port);
}
/* close firewall and exit */
/* save the connect mode */
logConnectMode();
+ /* write closing information to database */
+ PutSessionEndToDb(cookie, mode[connectionMode]);
+
/* signal is disabled */
Signal(SIGTERM, SIG_DFL);
/*****************************************/
void logConnectMode()
{
- char *mode[4]={"NONE","JAVA","HTTP","TIME"};
long time1sec,time2sec,time3sec;
long time1usec,time2usec,time3usec;
/* set value on failure */
- if(connectionMode<0 || connectionMode>3) connectionMode=NOCONNECT;
+ if(connectionMode<0 || connectionMode>2) connectionMode=NOCONNECT;
if(connectionMode==NOCONNECT){
gettimeofday(&timeBeginWait, NULL) ;
gettimeofday(&timeConnect, NULL) ;
int main(int argc, char **argv)
{
-
+
char htmlFile[BUFFMAXLN]=""; /* html file */
char lang[WORDMAXLN]=""; /* language */
char clientAddr[ADDRMAXLN]=""; /* client ip address */
char paramString[BUFFMAXLN]=""; /* parameters in html access */
- char* pLang; /* pointer to language string */
- char* pAddr4; /* pointer to addr4 string */
+ char* pLang=""; /* pointer to language string */
+ char* pAddr4=""; /* pointer to addr4 string */
+ char* pUrl=""; /* potinter to redirected URL string */
char authCgiUrl[BUFFMAXLN]; /* url of opengateauth.cgi */
char mainCgiUrl[BUFFMAXLN]; /* url of opengatesrv.cgi */
char durationMax[WORDMAXLN]; /* usage duration maximum */
char opengateServerName[BUFFMAXLN]; /* opengate server domain name */
char opengateDir[BUFFMAXLN]; /* opengate doc directory in httpd doc */
+ char userid[USERMAXLN]; /* userid value */
+ char cookie[SIDMAXLN]; /* HTTP-Cookie value */
+ char protocol[WORDMAXLN]; /* http or https */
+ char redirectedUrl[BUFFMAXLN]; /* redirected(requested before fwd) URL */
+ char *name[1];
+ char *value[1];
+ char *next[1];
+ char *ptr;
/* keyword pairs */
/* the left key is replaced by the right value */
{"%%CGIURL%%", mainCgiUrl},
{"%%ADDR4%%", clientAddr},
{"%%DURATIONMAX%%",durationMax},
+ {"%%PROTOCOL%%",protocol},
+ {"%%REDIRECTEDURL%%",redirectedUrl},
+ {"%%LANGUAGE%%",lang},
{"",""} /* DON'T REMOVE THIS LINE */
};
/* get paremeters, */
if(!isNull(getenv("QUERY_STRING"))){
- /* get html access parameter string (xx.cgi?addr4&lang) */
+
+ /* get html access parameter string (attached at the end of url) */
strncpy(paramString, getenv("QUERY_STRING"), BUFFMAXLN);
}
- /* split language and address in paramString[addr=0-0-0&lang=ja] */
- pAddr4=paramString;
- if((pLang=strnstr(paramString, "&", BUFFMAXLN))!=NULL){
- *pLang='\0'; pLang++;
- }else{
- pLang=paramString;
+ /* split language and address in paramString
+ [addr=0-0-0&lang=ja&redirectedurl=xxxx] */
+ ptr=paramString;
+ while(ptr!=NULL){
+ split(ptr, name, value, next);
+ if(strstr(name[0], "addr")!=NULL){
+ pAddr4=value[0];
+ }else if(strstr(name[0], "lang")!=NULL){
+ pLang=value[0];
+ }else if(strstr(name[0], "redirectedurl")!=NULL){
+ pUrl=value[0];
+ }
+ ptr=next[0];
}
- if(strnstr(pAddr4, "addr=", BUFFMAXLN)==pAddr4) pAddr4+=5;
- if(strnstr(pLang, "lang=", BUFFMAXLN)==pLang) pLang+=5;
-
/* copy clientAddr(encoded) */
if(isNull(pAddr4)){
clientAddr[0]='\0';
sscanf(GetConfValue("HtmlLangs"), "%s", lang);
}
+ /* copy redirected URL */
+ strncpy(redirectedUrl, pUrl, BUFFMAXLN);
+
/* send out header */
- printf("Content-Type: text/html\r\n\r\n\r\n");
+ printf("Content-Type: text/html\r\n\r\n");
/* construct html file path */
sprintf(htmlFile, "%s%s/%s/", GetConfValue("DocumentRoot"),
opengateDir, lang);
- /* ssl or non-ssl file */
- if(!isNull(getenv("SERVER_PORT"))
- && strcmp(getenv("SERVER_PORT"),GetServicePortStr("https"))==0) {
- strncat(htmlFile, GetConfValue("AuthDocSsl"), BUFFMAXLN);
- }else{
- strncat(htmlFile, GetConfValue("AuthDoc"), BUFFMAXLN);
+ /*** if http-cookie for opengate authentication exist */
+ /* skip authenticaion */
+ if(GetAuthCookie(cookie,userid)){
+ strncat(htmlFile, GetConfValue("SkipAuthDoc"), BUFFMAXLN);
+
+ /* ssl or non-ssl protocol */
+ if(!isNull(getenv("SERVER_PORT"))
+ && strcmp(getenv("SERVER_PORT"),GetServicePortStr("https"))==0) {
+ strncpy(protocol, "https", WORDMAXLN);
+ }else{
+ strncpy(protocol, "http", WORDMAXLN);
+ }
+ }
+
+ /*** if cookie does not exist, request userid and password */
+ else{
+ /* ssl or non-ssl file */
+ if(!isNull(getenv("SERVER_PORT"))
+ && strcmp(getenv("SERVER_PORT"),GetServicePortStr("https"))==0) {
+ strncat(htmlFile, GetConfValue("AuthDocSsl"), BUFFMAXLN);
+ }else{
+ strncat(htmlFile, GetConfValue("AuthDoc"), BUFFMAXLN);
+ }
}
/* replace keywords and send out */
char encodeAddr[ADDRMAXLN]=""; /* encoded ip address */
char lang[ADDRMAXLN]=""; /* client language */
char authCgiUrl[BUFFMAXLN]; /* url of opengateauth.cgi */
+ char redirectedUrl[BUFFMAXLN]; /* url of redirected(requested) page */
+ char *protocol;
+ char *httpHost;
+ char *requestUri;
/* keyword pairs */
/* the left key is replaced by the right value */
{
{"%%ADDR4%%", encodeAddr},
{"%%AUTHCGIURL%%", authCgiUrl},
+ {"%%REDIRECTEDURL%%", redirectedUrl},
{"",""} /* DON'T REMOVE THIS LINE */
};
encodeAddr[0]='\0';
}
+ /* construct redirected(requested) URL */
+ /* protocol */
+ if(!isNull(getenv("SERVER_PORT"))
+ && strcmp(getenv("SERVER_PORT"),GetServicePortStr("https"))==0) {
+ protocol="https";
+ }else{
+ protocol="http";
+ }
+ /* http-host */
+ if(!isNull(getenv("HTTP_HOST"))) httpHost=getenv("HTTP_HOST");
+ else httpHost="";
+
+ /* request-uri */
+ if(!isNull(getenv("REQUEST_URI"))) requestUri=getenv("REQUEST_URI");
+ else requestUri="";
+
+ /* concat above items to make redirect URL */
+ if(!isNull(httpHost)){
+ snprintf(redirectedUrl,BUFFMAXLN,"%s://%s%s", protocol,httpHost,requestUri);
+ }else redirectedUrl[0]='\0';
+
/* construct readin html file path */
snprintf(htmlFile, BUFFMAXLN, "%s%s/%s/%s",
GetConfValue("DocumentRoot"),
#define USERMAXLN 64 /* maximum userid string length */
#define BUFFMAXLN 1024 /* maximum buffer string length */
#define WORDMAXLN 64 /* maximum word length */
+#define SIDMAXLN 64 /* maximum sessionID length */
#define TRUE 1
#define FALSE 0
#define DENY 0
#define ACCEPT 1
#define NOCONNECT 0 /* the client is not connected yet. */
-#define JAVACONNECT 1 /* the client is connected by using Java Applet */
-#define HTTPCONNECT 2 /* the client is connected by HTTP Keep-Alive */
-#define ENDCONNECT 3 /* the client is now terminating */
+#define HTTPCONNECT 1 /* the client is connected by HTTP Keep-Alive */
+#define ENDCONNECT 2 /* the client is now terminating */
#define IPV4ONLY 4
#define IPV46DUAL 46
/* cgi interface */
void GetClientAddr(char *clientAddr);
-int GetPostData(char *userid, char *password, char *clientAddr4, int *durationPtr, int *durationEntered);
-int GetUserProperty(char *userid, char *userProperty);
+int GetPostData(char *userid, char *password, char *clientAddr4, int *durationPtr, int *durationEntered,char *language, char *redirectedUrl);
+int GetCookieData(char *userid, char *clientAddr4, int *durationPtr, int *durationEntered,char *language);
+int GetAuthCookie(char *cookie, char *userid);
void SplitId(char* userid, char* useridshort, char* extraId);
int CheckReferer(void);
-void PutClientDeny(char *clientAddr4);
+void PutClientDeny(char *clientAddr4, char *language);
void PutClientRetry(char *lang);
void PutClientMsg(char *message);
-void PutClientAccept(char *userid, char *sessionId, int port, int pid, char *clientAddr4, char *clientAddr6, int ipStatus, int duration, int durationEntered);
-
+void PutClientAccept(char *userid, char *sessionId, int port, int pid, char *clientAddr4, char *clientAddr6, int ipStatus, int duration, int durationEntered, char *language, char *cookie, int cookieAuth, char *redirectedUrl);
+void split(char content[], char *name[], char *value[], char *next[]);
+
+/* db interface*/
+int PutSessionBeginToDb(char* cookie, char* userid,
+ char* clientAddr4, char* clientAddr6,
+ char* macAddr4,
+ char* ruleNumber4, char* ruleNumber6,
+ int duration, int durationEntered, int cookieAuth,
+ char *language);
+int PutSessionEndToDb(char* cookie, char* watchMode);
+int GetSessionInfoFromDb(char* cookie, char* userid, char* clientAddr4,
+ char *macAddr, int *duration, int *durationEntered, char *language);
+int GetUserProperty(char *userid, char *userProperty);
/* TCP communication with client */
-void WaitJavaClose(struct clientAddr *pClientAddr, char *userid, char *userProperty, char *macAddr4, char *macAddr6, int ipStatus);
int GetListenPort(void);
-int WaitClientConnect(char *userid, char *userProperty, char *sessionId, char *clientAddr4, char *clientAddr6, int duration, char *macAddr4, char *macAddr6, int ipStatus, struct clientAddr *pClientAddr, char *language, int port, int pid);
+int WaitClientConnect(char *userid, char *userProperty, char *sessionId, char *clientAddr4, char *clientAddr6, int duration, char *macAddr4, char *macAddr6, int ipStatus, struct clientAddr *pClientAddr, char *language, int port, int pid, int cookieAuth, char *redirectedUrl);
void WaitHttpClose(struct clientAddr *pClientAddr, char *userid, char *userProperty, char *macAddr4, char *macAddr6, int ipStatus, char *sessionid, int port);
/* utilities */
int isNull(const char *pStr);
char *GetServicePortStr(char *servName);
void CreateSessionId(char *sessionId);
+void CreateCookie(char *cookie);
char *md5hex(char *hexdigest, int len, char *str);
void ReFormatMacAddr(char* macAddr4, char* macAddr6);
/* guide for connecting */
printf("Waiting connection for %d seconds\n",duration);
printf("\n");
- printf(" ### Try to connect from other window as ###\n");
- printf(" Simulate Java connection \n");
- printf("===============================================\n");
- printf("PUT> telnet %s %d\n", clientAddr4, port);
- printf("PUT> %s\n",userID);
- printf("GET> accept\n");
- printf(" waiting ActiveCheckInterval \n");
- printf("GET> hello \n");
- printf("PUT> hello \n");
- printf("PUT> quit \n");
+ printf(" ### Try to connect from other window ###\n");
printf("===============================================\n\n");
printf(" Simulate Http connection \n");
printf("===============================================\n");
/* connection wait */
connMode=WaitClientConnect(userID, "", "999",clientAddr4,clientAddr6,
- duration,"?","?",4,pClientAddr, language, port, 99);
+ duration,"?","?",4,pClientAddr, language, port,
+ 99,1,"http://www.yahoo.com");
switch(connMode){
- case JAVACONNECT:
- WaitJavaClose(pClientAddr, userID, "", "?", "?", 4);
- break;
-
case HTTPCONNECT:
WaitHttpClose(pClientAddr, userID, "", "?", "?", 4, "999", port);
break;
+
+ default:
+ printf("Connection failed\n");
}
return 0;
void createSessionId(char *sessionId)
{
srandom(getpid()+time(NULL));
- snprintf(sessionId, BUFFMAXLN, "%ld", random() );
+ snprintf(sessionId, SIDMAXLN, "%ld", random() );
}
+
/*************************************************/
/* calc MD5 in hex form */
/* str: plain text to convert */
return hexdigest;
}
+/*******************************************/
+/* create random session cookie */
+/*******************************************/
+void createCookie(char *cookie)
+{
+ char str[BUFFMAXLN];
+
+ /* make Http-cookie from pid&time */
+ snprintf(str, BUFFMAXLN, "%d%d", getpid(),time(NULL));
+ md5hex(cookie, SIDMAXLN, str);
+}
+
/****************************************/
/****************************************/
int Pclose(FILE *stream)
createSessionId(sessionId);
if(debug>1) err_msg("DEBUG:<=createSessionId(%s)",sessionId);
}
+void CreateCookie(char *cookie){
+ if(debug>1) err_msg("DEBUG:=>createCookie( )");
+ createCookie(cookie);
+ if(debug>1) err_msg("DEBUG:<=createCookie(%s)",cookie);
+}
/*************************************************
Opengate server
- module for communication with client program (java/javascript)
+ module for communication with client program (javascript)
Copyright (C) 1999 Opengate Project Team
Written by Yoshiaki Watanabe 1999-2006
void SendTerminateReply(void);
void ReadHttpHeaders(void);
void SendReplyToGetHello(void);
-void SendHttpKeepPage(char *userid, char *sessionId, char *language, int port);
+void SendHttpKeepPage(char *userid, char *sessionId, char *language, int port, int cookieAuth, char *redirectedUrl);
int SelectAccept(void);
void AcceptHttpReConnect(void);
int MacAddrCheck(int ipStatus,char *clientAddr4, char *clientAddr6, char *macAddr4, char *macAddr6);
void OnUsageTimeLimitAlarm(int signo);
void OnCheckBasicAlarm(int signo);
-void OnCheckJavaAlarm(int signo);
void OnCheckHttpAlarm(int signo);
void OnReadWaitAlarm(int signo);
void OnAjaxWaitAlarm(int signo);
/************************************/
/* wait for connection of client side program */
/************************************/
-int waitClientConnect(char *userid, char *userProperty, char *sessionId, char *clientAddr4, char *clientAddr6, int duration, char *macAddr4, char *macAddr6, int ipStatus, struct clientAddr *pClientAddr, char *language, int port, int pid)
+int waitClientConnect(char *userid, char *userProperty, char *sessionId, char *clientAddr4, char *clientAddr6, int duration, char *macAddr4, char *macAddr6, int ipStatus, struct clientAddr *pClientAddr, char *language, int port, int pid, int cookieAuth, char *redirectedUrl)
{
char buff[BUFFMAXLN]; /* read in buffer */
char connectAddr[ADDRMAXLN]; /* connected client address */
char httpStr[BUFFMAXLN]; /* HTTP GET string at terminate */
- char useridAndSessionId[BUFFMAXLN]; /* comcat userid and sessionid */
int timeSendHttpkeep=0;
int timeStart;
}
RemoveAlarm("ReadWaitAlarm");
- /* is it the correct request from java applet */
- /* the request is [<userid>:<sessionId>] */
- snprintf(useridAndSessionId, BUFFMAXLN, "%s-%s", userid,sessionId);
- if(strcmp(buff, useridAndSessionId)==0){
-
- /* if too late request, ingore */
- if((time(NULL)-timeStart) > atoi(GetConfValue("JavaWaitTimeout"))){
- Close(connfd);
- continue;
- }
-
- /* enter to the Java watch mode on the connection keeped */
- connectMode=JAVACONNECT;
- break;
- }
-
/* is it the httpkeep page download request */
/* the request is [GET /httpkeep.html ....] */
snprintf(httpStr, BUFFMAXLN, "GET /httpkeep-%s-%s", userid,sessionId);
/* read out the remained headers and send the page */
ReadHttpHeaders();
- SendHttpKeepPage(userid, sessionId, language, port);
+ SendHttpKeepPage(userid, sessionId, language, port, cookieAuth,
+ redirectedUrl);
timeSendHttpkeep=time(NULL);
/* return to wait next request (that night be GET /hello) */
void onUsageTimeLimitAlarm(int signo)
{
connectMode=ENDCONNECT;
- err_msg("ERR at %s#%d: duration time out",__FILE__,__LINE__);
+ err_msg("ERR at %s#%d: duration timeout",__FILE__,__LINE__);
}
/***************************************/
return;
}
-/***************************************************/
-/* wait for close connection of java */
-/***************************************************/
-void waitJavaClose(struct clientAddr *pClientAddr, char *userid, char *userProperty, char *macAddr4, char *macAddr6, int ipStatus)
-{
- char buff[BUFFMAXLN];
- int ret;
-
- /* set alarm function arguments */
- alarmArg.pClientAddr=pClientAddr;
- alarmArg.macAddr4=macAddr4;
- alarmArg.macAddr6=macAddr6;
- alarmArg.userid=userid;
- alarmArg.userProperty=userProperty;
- alarmArg.ipStatus=ipStatus;
-
- Writefmt(connfd,"accept\r\n");
-
- /* TCP read/write loop */
- /* this loop implement following logic */
- /* repeat until receiving 'quit' or EOF from client */
- /* say 'hello' to client */
- /* receive 'hello' from client. if no reply, then quit. */
- /* get packet count for client after short delay. */
- /* long interval */
- /* get packet count again. if no packet, then quit. */
-
- /* set the alarm for periodic check */
- AddAlarm("CheckJavaAlarm", alarmArg.checkInterval, FALSE, OnCheckJavaAlarm);
- EnableAlarm();
-
- while(1){
- /* set default to terminate */
- connectMode=ENDCONNECT;
- ret=readln(connfd, buff, BUFFMAXLN);
-
- /* stop alarm */
- DisableAlarm();
-
- if(ret>=0){
- /* normal read */
- connectMode=JAVACONNECT;
- /* read quit, then quit */
- if(strstr(buff,"quit") != NULL){
- break;
- }
-
- /* read hello reply to the hello message in periodic check */
- /* see onCheckJavaAlarm for timeout alarm setting */
- else if((helloWait)&&(strstr(buff,"hello") !=NULL)){
- helloWait=FALSE;
- RemoveAlarm("ReplyTimeoutAlarm");
- }
- /* read other string */
- else{
- }
- }
-
- /* connection terminated */
- if(connectMode==ENDCONNECT) break;
-
- /* restart alarm */
- EnableAlarm();
- }
-
- /* reset alarm */
- RemoveAlarm(NULL);
-
- SendQuitClient();
-
- return;
- }
-
-
-/***************************************/
-/* called at periodic java alive check */
-/***************************************/
-void onReplyTimeoutAlarm(int signo)
-{
- /* no reply */
- err_msg("ERR at %s#%d: no reply to hello",__FILE__,__LINE__);
- connectMode=ENDCONNECT;
-}
-
-/***************************************/
-/* called at periodic java alive check */
-/***************************************/
-void onCheckJavaAlarm(int signo)
-{
- /* search new IPv6 addresses */
- ScanNdpEntry(alarmArg.pClientAddr, alarmArg.userid,
- alarmArg.macAddr6, alarmArg.userProperty);
-
- /* send hello and wait the reply */
- Writefmt(connfd,"hello\r\n");
- helloWait=TRUE;
-
- /* mac address check */
- if(MacAddrCheck(alarmArg.ipStatus,
- alarmArg.clientAddr4, alarmArg.clientAddr6,
- alarmArg.macAddr4, alarmArg.macAddr6)==FALSE){
- connectMode=ENDCONNECT;
- return;
- }
-
- /* set the alarm for next periodic check */
- AddAlarm("CheckJavaAlarm", alarmArg.checkInterval, FALSE, OnCheckJavaAlarm);
- /* EnableAlarm is called automatically in alarm function */
-
- connectMode=JAVACONNECT;
- return;
-}
/***************************************************/
/* send reply to terminate access via connfd(not stdout) */
/***************************************************/
/* send httpkeep page to client via connfd */
/***************************************************/
-void sendHttpKeepPage(char *userid, char *sessionId, char *language, int port)
+void sendHttpKeepPage(char *userid, char *sessionId, char *language, int port, int cookieAuth, char *redirectedUrl)
{
char buff[BUFFMAXLN]; /* read in buffer */
FILE *fp;
char acceptDoc2Url[BUFFMAXLN];
char httpkeepJsUrl[BUFFMAXLN];
char md5JsUrl[BUFFMAXLN];
- char *startPageUrl=GetConfValue("StartPage/Url");
- int startPageType=atoi(GetConfValue("StartPage/Type"));
char portStr[WORDMAXLN];
+ char *startPageUrl="";
+ int startPageType=atoi(GetConfValue("StartPage/Type"));
char *opengateServerName=GetConfValue("OpengateServerName");
char *opengateDir=GetConfValue("OpengateDir");
return;
}
+ /* create start page url to put information */
+ if(cookieAuth==1) startPageUrl=redirectedUrl;
+ else if(startPageType==0) startPageUrl=acceptDoc2Url;
+ else if(startPageType==1) startPageUrl=GetConfValue("StartPage/Url");
+ else if(startPageType==2) startPageUrl=redirectedUrl;
+ else startPageUrl=acceptDoc2Url;
+
/* send HTTP headers */
Writefmt(connfd,"HTTP/1.1 200 OK\r\n");
Writefmt(connfd,"Transfer-Encoding: chunked\r\n");
/* length check */
if(strlen(buff)>=BUFFMAXLN-1){
- err_msg("ERR at %s#%d: too long line in %s",__FILE__,__LINE__,httpKeepDoc);
+ err_msg("ERR at %s#%d: too long line in %s",__FILE__,__LINE__,
+ httpKeepDoc);
}
/* replace mark */
htmlReplace(buff, "%%OPENGATEDIR%%", opengateDir);
htmlReplace(buff, "%%OPENGATEPORT%%", portStr);
htmlReplace(buff, "%%LANGUAGE%%", language);
-
- /* replace start url mark */
- if( startPageType==1 ){
- htmlReplace(buff, "%%STARTURL%%", startPageUrl);
- }else{
- htmlReplace(buff, "%%STARTURL%%", acceptDoc2Url);
- }
+ htmlReplace(buff, "%%STARTURL%%", startPageUrl);
/* length of chunk in hex */
Writefmt(connfd, "%x\r\n", strlen(buff));
return ret;
}
-int WaitClientConnect(char *userid, char *userProperty, char *sessionId, char *clientAddr4, char *clientAddr6, int duration, char *macAddr4, char *macAddr6, int ipStatus, struct clientAddr *pClientAddr, char *language, int port, int pid)
+int WaitClientConnect(char *userid, char *userProperty, char *sessionId, char *clientAddr4, char *clientAddr6, int duration, char *macAddr4, char *macAddr6, int ipStatus, struct clientAddr *pClientAddr, char *language, int port, int pid, int cookieAuth, char *redirectedUrl)
{
int ret;
- if(debug>1) err_msg("DEBUG:=>waitClientConnect(%s,%s,%s,%s,%s,%d,%s,%s,%d,%s,%d,%d)",userid,userProperty,sessionId,clientAddr4,clientAddr6,duration,macAddr4,macAddr6,ipStatus,language,port,pid);
- ret=waitClientConnect(userid,userProperty,sessionId,clientAddr4,clientAddr6,duration,macAddr4,macAddr6,ipStatus,pClientAddr,language,port,pid);
+ if(debug>1) err_msg("DEBUG:=>waitClientConnect(%s,%s,%s,%s,%s,%d,%s,%s,%d,%s,%d,%d,%d,%s)",userid,userProperty,sessionId,clientAddr4,clientAddr6,duration,macAddr4,macAddr6,ipStatus,language,port,pid,cookieAuth,redirectedUrl);
+ ret=waitClientConnect(userid,userProperty,sessionId,clientAddr4,clientAddr6,duration,macAddr4,macAddr6,ipStatus,pClientAddr,language,port,pid,cookieAuth,redirectedUrl);
if(debug>1) err_msg("DEBUG:(%d)<=waitClientConnect( )",ret);
return ret;
}
-void WaitJavaClose(struct clientAddr *pClientAddr, char *userid, char *userProperty, char *macAddr4, char *macAddr6, int ipStatus)
-{
- if(debug>1) err_msg("DEBUG:=>waitJavaClose(%p,%s,userProperty,%s,%s,%d)",pClientAddr,userid,macAddr4,macAddr6,ipStatus);
- waitJavaClose(pClientAddr,userid,userProperty,macAddr4,macAddr6,ipStatus);
- if(debug>1) err_msg("DEBUG:<=waitJavaClose( )");
-}
-
void SendQuitClient(void)
{
if(debug>1) err_msg("DEBUG:=>sendQuitClient( )");
if(debug>1) err_msg("DEBUG:<=sendReplyToGetHello( )");
}
-void SendHttpKeepPage(char *userid, char *sessionId, char *language, int port)
+void SendHttpKeepPage(char *userid, char *sessionId, char *language, int port, int cookieAuth, char *redirectedUrl)
{
- if(debug>1) err_msg("DEBUG:=>sendHttpKeepPage(%s,%s,%s,%d)", userid, sessionId, language, port);
- sendHttpKeepPage(userid, sessionId, language, port);
+ if(debug>1) err_msg("DEBUG:=>sendHttpKeepPage(%s,%s,%s,%d,%d,%s)", userid, sessionId, language, port, cookieAuth, redirectedUrl);
+ sendHttpKeepPage(userid, sessionId, language, port, cookieAuth, redirectedUrl);
if(debug>1) err_msg("DEBUG:<=sendHttpKeepPage( )");
}
if(debug>1) err_msg("DEBUG:<=onCheckBasicAlarm()");
}
-void OnCheckJavaAlarm(int signo){
-
- if(debug>1) err_msg("DEBUG:=>onCheckJavaAlarm()");
- onCheckJavaAlarm(signo);
- if(debug>1) err_msg("DEBUG:<=onCheckJavaAlarm()");
-}
-
void OnCheckHttpAlarm(int signo){
if(debug>1) err_msg("DEBUG:=>onCheckHttpAlarm()");
sendHttpNotFound();
if(debug>1) err_msg("DEBUG:<=sendHttpNotFound()");
}
-
-