View previous topic :: View next topic |
Author |
Message |
davinman
Joined: 11 Sep 2006 Posts: 6
|
Posted: Mon Sep 11, 2006 3:42 pm Post subject: Topology 3 |
|
|
I have FS trial setup in the topology 3 with remote networks. I have two Cisco routers setup with a tunnel between them and FS is supporting the DHCP of the clients. All is working for the users locally but the remote users are not able to get to the web. They can get an IP address and ping the FS Private network card. I have tried with and with out isolation.
Remote client PC
Windows IP Configuration
Host Name . . . . . . . . . . . . : stye190c
Primary Dns Suffix . . . . . . . : ww003.Siemens.net
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : ww003.siemens.net
ptd.siemens.com
siemens.net
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : firstspot.org
Description . . . . . . . . . . . : Xircom CardBus Ethernet 100 + Modem 56 (Ethernet Interface)
Physical Address. . . . . . . . . : 00-10-A4-79-66-72
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 172.30.7.232
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 172.30.7.1
DHCP Class ID . . . . . . . . . . : W2K
DHCP Server . . . . . . . . . . . : 172.30.5.1
DNS Servers . . . . . . . . . . . : 172.30.5.1
Lease Obtained. . . . . . . . . . : Monday, September 11, 2006 10:40:58 AM
Lease Expires . . . . . . . . . . : Wednesday, September 13, 2006 10:40:58 AM
FS Server (running Windows 2003)
Windows IP Configuration
Host Name . . . . . . . . . . . . : portal
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : IBM Netfinity Fault Tolerance PCI Adapter
Physical Address. . . . . . . . . : 00-00-E8-66-BF-1D
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 70.xx.xx.xx
Subnet Mask . . . . . . . . . . . : 255.255.255.248
Default Gateway . . . . . . . . . : 70.xx.xx.xx
DNS Servers . . . . . . . . . . . : 24.xx.xx.xx
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 3Com 3C920 Integrated Fast Ethernet Contr
oller (3C905C-TX Compatible)
Physical Address. . . . . . . . . : 00-06-5B-B0-3E-63
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 172.30.5.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 172.30.5.1
Config.ini (passwords removed)
;
; Description : FirstSpot setting ini file
;
; Filename : config.ini
;
; Note: use a backslash to separate directories and files, those lines starting with
; a semi-colon are considered as comments.
;
; Warning : please don't change this file without supervision of a PatronSoft Engineer
; It is highly recommended that you change the FirstSpot setting in the Web-based Configuration Manager
[version]
version=Trial
versionDesc=4.0.12
[MNS]
; number of return paths
num_return_path=2
return_path0=172.30.7.1 255.255.255.0 172.30.5.2
return_path1=172.30.6.1 255.255.255.0 172.30.5.2
[DHCP]
leasetime=2880
num_ignored_addr=0
ignore_addr0=
[Port Filter]
flt_num=
flt_0=
[QOS]
dl=
ul=
qos_num=
qos_0=
[Client Pass]
num_mac_addr=0
mac_0=
num_ip_addr=0
ip_0=
[proxyARP]
ip_num=
ip_addr0=
;
; Redirect Login Page php file
;
[loginPhp]
Login_enable0=0
Login_php_Num0=
Login_enable1=0
Login_php_Num1=
;
; Gateway Settings
;
[gateway]
;Print Log Table
Datasource_Printlog=printlog
;Shared Secret Table Name
Datasource_Shared_Secret_Tablename=fssecret
;maximum timelimit per session in minutes (global), 0 = never
sessionlimit =
;URL tracking, default off
Trace_URL=0
;URL tracking interval, do not log the same url for particular user in x mins
Trace_URL_Interval=30
;URL tracking table
Datasource_URL_Log_Tablename=fsurl
;extra-information field table name
Datasource_extra_field_table = aexlog
;demo_mode=on, off (default)
;
;This demo_mode parameter is for FirstSpot channel partners demonstration purpose
;If demo_mode=on, FirstSpot DNS Server and Web Server will perform a catch-all on all
;requests. After the user login, the client will always see the "firstspotdemo" page.
demo_mode=off
;redirect user to cart.php when login fails
redirect_cart=1
;Client Isolation, NetBIOS over TCP/IP, Default is Disabled
netbios=1
;Scenario 2 (Distributed Network Topology)
scenario2=0
; Post-Startup Batch File Path Name
batch_filePath =
; lan's subnet mask (please change this through Configuration Manager only)
;
subnet_mask =255.255.255.0
; domain name server IP address
;
DNS =0.0.0.0
; domain name server IP address
;
preferred_DNS =0.0.0.0
; domain name server IP address
;
alternate_DNS =0.0.0.0
; username
;
user ={removed}
; password
;
pass = {removed}
;Number of maximum administrator account
max_admin_account = 10
;Administrator username
admin_username0 ={removed}
admin_username1 =
admin_username2 =
admin_username3 =
admin_username4 =
admin_username5 =
admin_username6 =
admin_username7 =
admin_username8 =
admin_username9 =
;Administrator password
admin_password0 ={removed}
admin_password1 =
admin_password2 =
admin_password3 =
admin_password4 =
admin_password5 =
admin_password6 =
admin_password7 =
admin_password8 =
admin_password9 =
;Administrator parameter
admin_parameter0 =000100000000000001
admin_parameter1 =
admin_parameter2 =
admin_parameter3 =
admin_parameter4 =
admin_parameter5 =
admin_parameter6 =
admin_parameter7 =
admin_parameter8 =
admin_parameter9 =
; network interface card connected to Internet (after modify this, need to restart FirstSpot)
;
publicNIC=Local Area Connection
; network interface card connected Hotspots or visitor-based networks (after modify this, need to bind the FirstHop driver
; to this new card and unbind the FirstHop driver from ALL other cards, then reboot Windows)
;
privateNIC=Local Area Connection 2
; data source for user login
;
Datasource =C:\Program Files\FirstSpot\datasource\firstspot.dsn
; datasource table for user login
;
Datasource_Tablename =fsusr
; datasource table for user login
Datasource_Plans_Tablename =fsplans
; enable session logging into the datasource log table
session_log =ON
; datasource table for user session logging
;
Datasource_Log_Tablename =fsusrlog
; datasource table for PayPal
;
Datasource_PayPal_Table=ppal
; port used by Gateway Service
;
port =5786
; port used by Authentication Server
;
auth_port =5788
; port used by ssl site
;
ssl_port =5789
; Greeting message displayed in login page
;
greeting_msg =Welcome to our Hotspot!
; Enable to show InfoBox
;
show_infobox =off
; Login page picture (filename)
;
loginpage_pic_name=computer.jpg
; authentication server IP address (please change this through Configuration Manager only)
; Note: different from gateway_IP when it is not installed in gateway (not officially supported in this version)
;
auth_IP =172.30.5.1
; login page filename which dispatcher will call
;
loginpage =login_select.php
; login form filename which login_select.php will call
;
loginform =login_form.php
; anonymous login form filename which login_select.php will call
;
a_loginform =alogin_form.php
; authentication form filename which authentication.php will call
;
reauthenticationform =reauth_form.php
; anonymous authentication form filename which authentication.php will call
;
a_reauthenticationform =alogout_form.php
; idle time (minutes) allowed for authenticated users
;
idle_timeout =10
; private network (please change this through Configuration Manager only)
;
private_IP =172.30.5.0
; gateway IP address (please change this through Configuration Manager only)
;
gateway_IP =172.30.5.1
; allow access to config manager from private network?
;
access_from_private =off
; allow access to config manager from public network?
;
access_from_public =ON
; license file path
;
licensepath =C:\Program Files\FirstSpot\
; session handling mode, 0 for MAC-based, 1 for IP-based
session_handling =1
; path for dhcp config
dhcppath =C:\Program Files\FirstSpot\dhcp\dhcpservice.ini
; dhcp mode, 0 = auto, 1 = static, 2 = disabled
dhcpmode =0
; for static dhcp only, path of the Ip MAC mapping list
static_dhcp_path =C:\Program Files\FirstSpot\StaticDHCP.txt
; anonymous login
anonymous_login =on
; secret enable
secret_enable=on
; secret code
secret_code=0aed120c6f7090a5b26a4c93df382b21
; anonymous login user table name
Datasource_Anonymous_Tablename =fsa
; anonymous login log table name
Datasource_Anonymous_Log_Tablename =fsalog
; password offloading mode
pwd_offload =off
; password encryption directory path
encrypt_path =C:\Program Files\FirstSpot\dispatcher\encrypt_pwd.exe
; initial air time in minutes for self signup users
self_sign_up_credit=0
; self signup filtering
self_signup_filter=1
;allow self-signup without an ip/mac, 0=yes, 1=no
self_signup_no_mac=1
; null=no filter, 0 = signup once, >0 after x mins
self_signup_period=
;use 3 party ssl cert 0=yes 1=no
ssl_cert=1
;secure socket layer for authentication
;443 for enabled SSL, auth_port=ssl_auth_port for disabled ssl
ssl_auth_port=5788
;rewrite engine for http to https redirection
rewrite_engine=off
;NAT
nat=0
;maximum fail attempt allowed
max_attempt=
;If user accesses http://10.20.7.1:5788 directly, redirect the request to any non-existing ip,
;so that driver can capture the request properly.
;DO NOT put any unresolvable domain name here
redirect_address=http://70.61.91.2/logged_in.html
;port to handle https request in apache when user is not authenticate
redirect_port=5790
restricted_redirect=0
; Allowed Hosts Settings
;
[allowed hosts]
; allowed hosts keywords file path
;
hosts_keywords_path =C:\Program Files\FirstSpot\AllowedHostsKeywords.txt
; allowed hosts IPs file path
;
hosts_ips_path =C:\Program Files\FirstSpot\AllowedHostsIps.txt
; Bandwidth Throttle Settings
[bw_throttle]
; Bandwidth Throttle Mode
bt_mode =0
; Overall Upload Limit (at least 20KB/s recommended)
bt_ul_limit =0
; Overall Download Limit (at least 20KB/s recommended)
bt_dl_limit =0
; low, medium and high definition
bt_low=100
bt_medium=50
bt_high=20
bt_drop_period=2
[bwreset]
bwresetmethod=
bwresetperiod=
lastresetbw=
[creditcard]
payment_method=ppal
[paypal]
; Business id
;
ppal_business=your_business_id@your_email.com
; URL for successful transactions
;
ppal_return=http://10.20.7.1:5788/cart.php
; URL for cancelled transactions
;
ppal_cancel_return=http://10.20.7.1:5788/cart.php
; trust "Pending"=="Complete"?
;
ppal_pending_release=no
; the settlement currency
;
ppal_base_currency=USD
; URL for notify
;
ppal_notify_url=http://fixed_ip:5789
; Starting number for invoice
;
ppal_invoice_start=1
[worldpay]
; Installation id
;
wpay_instID=your_installation_ID
; the settlement currency
;
wpay_base_currency=USD
; URL for notify
;
wpay_notify_url=http://fixed_ip:5789
; Test Mode
; 100 : test mode - always successful validation
; 101 : test mode - always failed validation
; 0 : test mode - live mode, not testing
;
wpay_testmode=0
[AuthorizeNet]
;login id
aNet_id=
;transaction key
aNet_key=
aNet_hash=
aNet_base_currency=USD
; URL for notify
aNet_notify_url=http://fixed_ip
; Test Mode
; 0 : test mode - live mode, not testing
; 1 : test mode - testing only
aNet_testmode=0
[PrinterOn]
PrintSupport=0
SiteURL=
SiteUID=
SiteAuth=
; show siteURL
show_URL_login=1
show_URL_infobox=1
[lang]
; default language file
default_lang_file=lang.php
default_lang_file_attributes=English;en,en-us;iso-8859-1
; number of other language files
lang_fileNumber=0
; other luguage files
lang_file1=
lang_file1_attributes=
lang_file2=
lang_file2_attributes=
lang_file3=
lang_file3_attributes=
lang_file4=
lang_file4_attributes=
lang_file5=
lang_file5_attributes=
; show character encoding
; 0 : hide
; 1 : show
show_charset=1
lang_pack_file=custom_lang.php
cmlang_pack_file=custom_cmlang.php
last_logout=logout
this_logout=logout
last_info=infobox
this_info=infobox
last_cart=cart
this_cart=cart
key_0=
url_0=
signup01=off
signup02=off
signup03=off
signup04=off
signup05=off
signup06=off
signup07=off
signup08=off
signup09=off
signup10=off
ReqSignUp01=off
ReqSignUp02=off
ReqSignUp03=off
ReqSignUp04=off
ReqSignUp05=off
ReqSignUp06=off
ReqSignUp07=off
ReqSignUp08=off
ReqSignUp09=off
ReqSignUp10=off
; Setting of cart description
[cart]
max_slot_open=0
[radius]
use_radius=false
ServerIP=10.20.7.1
AuthPort=1812
AccPort=1813
Secret=secret
FSVendorID=2004
Datasource=C:\Program Files\FirstSpot\datasource\radius.dsn
Datasource_Tablename=fsRadius
Acc_Start=true
Acc_Stop=true
;Acc_FSLogin=true
;Acc_FSLogout=true
;Acc_FSWriteLog=true
[radiusAuthentication]
NAS_IDENTIFIER=FirstSpot
;NAS_IP_ADDRESS=the private nic ip, this can be edited.
;CALLING_STATION_ID=client nic mac or ip, depends on the Firstspot setting, this can not be edited.
;CALLED_STATION_ID=firstspot private nic mac, this can not be edited.
[radiusCustomAttribute]
;Vendor spec type for Firstspot
;fixed value can not be changed.
;
;FS_AUTH_TIMELEFT=1
;FS_AUTH_ACCUMBW=2
;FS_AUTH_BWQUOTA=3
;FS_AUTH_BWCOUNT=4
;FS_AUTH_ULLIMIT=5
;FS_AUTH_DLLIMIT=6
;FS_AUTH_LOGINTIME=7
;FS_AUTH_LOGOUTTIME=8
;FS_AUTH_TIMEDIFF=9
;FS_AUTH_BWUSAGE=10
;Account Status Type Attributes, can be changed.
;
;default ACCT_STATUS_FSLOGIN=217
;default ACCT_STATUS_FSLOGOUT=218
;default ACCT_STATUS_FSWRITELOG=219
[prepaidCard]
random_usr_prefix=usr_
random_usr_suffix_salt=abcdefghjkmnpqrstuvwxyzABCDEFGHJKMNPQRSTUVWXYZ123456789
random_usr_suffix_length=5
pwd_salt=abcdefghjkmnpqrstuvwxyzABCDEFGHJKMNPQRSTUVWXYZ123456789
pwd_length=7
[ACL]
num_acl=0
[fssmtp]
smtp =false
IspSmtpDomain=
[misc]
show_cart=no
enable_chgpwd=0
block_icmp=off
block_udp=on
_debug=1
pkt_period=20
oem=C:\WINDOWS\INF\oem1.inf
PublicAdapterIP=70.XX.xx.xx
PublicAdapterIpMask=255.255.255.248
PublicAdapterGateway=70.xx.xx.xx
PrivateMAC=00065bb03e63
[DataTransfer]
bwcount_dl=0
bwcount_ul=0 |
|
Back to top |
|
|
alan Forum facilitator
Joined: 26 Sep 2003 Posts: 4435
|
Posted: Tue Sep 12, 2006 4:21 am Post subject: |
|
|
Should be either DNS or routing problem. Please try:
1) issue from the client side:
nslookup
set d2
apple.com
this will confirm DNS is working
2) tracert 70.xx.xx.xx (default gateway of Public Network Interface)
this can verify whether routing is working _________________ ~ Patronsoft Limited ~ |
|
Back to top |
|
|
davinman
Joined: 11 Sep 2006 Posts: 6
|
Posted: Tue Sep 12, 2006 12:46 pm Post subject: Topology 3 |
|
|
Both of these things work and have been working but the remote PCs never get the login page. |
|
Back to top |
|
|
alan Forum facilitator
Joined: 26 Sep 2003 Posts: 4435
|
|
Back to top |
|
|
davinman
Joined: 11 Sep 2006 Posts: 6
|
Posted: Tue Sep 12, 2006 2:59 pm Post subject: |
|
|
I have turned off the offloading RX & TX and have rebooted the system. I can still ping the server from the workstation and I can ping the workstation from the server. I have tried the patronsoft website and it does not work however I can do an nslookup for it and that works.
Any other ideas? |
|
Back to top |
|
|
alan Forum facilitator
Joined: 26 Sep 2003 Posts: 4435
|
Posted: Wed Sep 13, 2006 3:23 am Post subject: |
|
|
In that case, there should be something wrong with the routing.
Since the ping test works between your workstation and FirstSpot, the routing problem should be between FirstSpot and the Internet at large (but not within the multiple network segments Hotspot). As your FirstSpot NAT is on, it is a bit strange to have routing problem "after" FirstSpot. Note that you don't need to set any return route since NAT within FirstSpot is turned on. I suggest you check your network setting using tracert hop-by-hop. _________________ ~ Patronsoft Limited ~ |
|
Back to top |
|
|
mdwilson_00
Joined: 07 May 2007 Posts: 2
|
Posted: Mon May 07, 2007 2:02 pm Post subject: |
|
|
I am doing an evaluation of FirstSpot and am simulating a WAN topology in a lab environment using VLAN routing. I am having the exact same issue as "davinman" posted and I'm wondering what the resolution was.
My remote clients get IP's from the FirstSpot server via DHCP and they can ping each other. nslookup works, I think - I get replies from the FS server anyway - but remote clients are never redirected to the login page. I can even telnet from a remote client to port 5788 on the FS server successfully. It just doesn't work in a browser, even if I enter http://serverIP:5788.
I disabled NIC offloading per the link provided. I have tried using static IP on the remote client, turned NAT off and back on, enabled "redirect PHP" on my remote network segments and everything else I could possibly think of to no avail.
Clients who are on the same subnet as the FS server work properly. Only clients on other network segments, despite the routing working properly between them, cannot get access.
Routing between the FS server and internet is not an issue because I am using it to post this reply.
Please help! I like this product but I can't buy it if I can't get it to work in a lab environment. |
|
Back to top |
|
|
mdwilson_00
Joined: 07 May 2007 Posts: 2
|
Posted: Mon May 07, 2007 6:24 pm Post subject: |
|
|
Okay, I believe I fixed the issue. In retrospect it was so easy I should have thought of it first.
I had routes set up in "Multiple Network Segments" for both of my simulated WAN circuits, but not for the segment that my FS server was actually on. Much packet sniffing and debugging and head scratching lead me to try adding that route and now it seems to work fine for my remote clients.
I guess this is more obvious to your other users since there have been few reports of this issue, but here it is just in case. |
|
Back to top |
|
|
MessWeb
Joined: 09 Apr 2007 Posts: 28 Location: UK
|
Posted: Fri Sep 21, 2007 11:42 am Post subject: |
|
|
Hi,
I'm about to try setting up Topology 3 but am wondering, is all of the remote site traffic sent via the VPN to the FS Server? if so, doesn't that really restrict your bandwidth? If you have a few remote sites that would probably stop your FS Servers connection in its tracks wouldn't it? Also, How many clients can you get onto the whole network at anyone time? If FS Server is allocating DCHP IP addresses, whats the max it can churn out? Both at the remote and local site?
Andy |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|
Powered by phpBB © 2001, 2005 phpBB Group
| |