Preparing your system

Before we proceed to the installation, its very important to know how the ChilliSpot works.

A little background about ChilliSpot

As of mid 2007, ChilliSpot appears to be dead. The developer Jens Jacobsen had vanished, and the domain lapsed, but is a copy (with ads inserted) of the original site. You can download the rpm version of ChilliSpot directly from this website.

How does ChilliSpot Works?

ChilliSpot runs a program called 'chilli' which takes control of the internal interface (eth1) using a vtun kernel module to bring up a virtual interface (tun0). In fact the vtun kernel module is used to move IP packets from the kernel to user mode, in such a way that ChilliSpot can function without any non-standard kernel modules. ChilliSpot then sets up a DHCP server (this can be disabled from the ChilliSpot conf file) on the tun0 interface.

A client connecting to this interface has all packets rejected until it is authorized though the ChilliSpot login page (acting as a supplicant for authentication). When a non-authenticated client tries to connect to a web-page (on port 80 or 443) the request is intercepted by chilli and redirected to a perl-script called 'hotspotlogin.cgi' (served by Apache over https).

The "hotspotlogin.cgi" serves a page to the end-user with a username and password field. These authentication data are then forwarded to the Free Radius server, which matches them with information in it's backend (using either PAP or CHAP). The backend in this case is MySQL, but could be any number of services such as LDAP, Kerberos, unix passwd files or even Active Directory (probably).

A user is then either rejected or authenticated by Free Radius, prompting hotspotlogin.cgi to present either a rejection message or a page with a success message and a logout link to the user.


Network Configuration

As per the requirements of ChilliSpot, the machine we are using should have 2 network interface (we will use eth0 and eth1 in our example).

eth0 is connected to the internet (WAN)
eth1 is the internal interface through which the clients machine will connect to the internet (LAN).
We can connect a switch to eth1. To this switch we can attach a number of other machines or wireless Access Points.

Disable SE Linux

SE Linux is enabled by default on Fedora systems, first thing we need to do is to disable it to avoid problems. Edit the file /etc/sysconfig/selinux

vi /etc/sysconfig/selinux

and change the directive from enforcing to disabled.

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#       enforcing - SELinux security policy is enforced.
#       permissive - SELinux prints warnings instead of enforcing.
#       disabled - No SELinux policy is loaded.
# SELINUXTYPE= can take one of these two values:
#       targeted - Targeted processes are protected,
#       mls - Multi Level Security protection.

and reboot your system.

Configure your network card

Open up your terminal and type the command below to configure your WAN interface:

vi /etc/sysconfig/network-scripts/ifcfg-eth0

Put the IP ADDRESS/SUBNET MASK and GATEWAY provided by your ISP.


Configure your LAN interface by typing this command:

vi /etc/sysconfig/network-scripts/ifcfg-eth1

Disable DHCP and don't configure any IP Address on it. Your LAN configuration should look exactly like this:


Please note that you need to configure your LAN IP Address in the ChilliSpot main configuration file and we will do it later.

Enable IP Forwarding

You should also need to enable IP packet forwarding by editing the /etc/sysctl.conf file.

vi /etc/sysctl.conf

and uncomment the below line:

net.ipv4.ip_forward = 1

We will configure the firewall later after we finish install and configure everything. Lets proceed to the installation of the required software.