Configure captive portal having multiple VLAN with ebtable - iptables

http://s16.postimg.org/e5nu6g1md/bridgevlancaptive.png
The above image is based on my project about captive portal. As you can see on the image i have a diagram on LEFT side which is WORKING without a problem on a normal scenario without any vlan.
On RIGHT side however, it is similar to the setup on left side but it is with multiple VLAN.
I am having difficulties on finding the solution on this. need your input.
Currently im looking at ebtables form the link
http://ebtables.netfilter.org/misc/ebtables-man.html#lbBD
Basically the idea is to intercept the packet that flows to bridge interface from whatever vlan is tagged and create the same rule as the iptables to mark packet and redirect to login page.
I welcome your possible solutions in this.

This is mark as SOLVED. ebtables is not required on this. Works only using pure IPTABLES. thanks.

Related

Sonos API sends too short auth code in return?

Turning to all you smart people out there for help, tips and trix :)
I want to connect my NodeRed instance to the Sonos API to control my speakers in various ways. During the OAUTH process however, after logging in with my username and password for my account, the auth code being sent back to me through my redirect_uri seems to be too short? In the developers' guide the example auth code looks like this:
f10072fa6-2134-4fe1-93fd-ca5b9cffa738
where in my case, I just receive the first part up until the first dash sign. Eg.:f10072fa6
At first I ran the connection through a NetScaler, then I changed to using a Nginx Reverse Proxy thinking that the Netscaler might have truncated the URL (for some very odd reason), but the result turned out the same..
Ideas anyone?
The Authorization code you received is correct. The Authorization code format was recently changed and the documentation needs to be updated to reflect this. This question was also answered in Authorization code has different structure than example code.
Thanks!
-Mark
You can also use nodered-sonos to control your speakers. No need to setup oauth2 and using the cloud based api, if you can also have super fast local control of your speakers.
I'm using a combination of the following tools for total control of the speakers:
MQTT server of your choice in Docker (I'm using emqx)
Sonos2mqtt, my own app to connect sonos to mqtt in docker
Node red with normal mqtt in/out flows.
My Favorite flows:
Join playbar to group if group starts playing
Pause group is playbar leaves group (it leaves if I turn on the TV, that should stop the music)
Play ring sound (on all speakers) if someone presses the doorbell
Announce (text-to-speech) when the backdoor is opened

APN authentication detection method

I am working on a project involving GPRS. In particular I use u-blox Lisa-U200 GPRS/GSM chip. Ran into a problem with the PDP contexts when I started testing it out with different carriers. And after spending days on Google I don't seem to find the answer anywhere.
Why do some phones/devices require APN Authentication (PAP/CHAP/None) and some don't? Or as I have titled the question - how do mobile devices (smartphones) detect APN Authentication method automatically? Or do they at all?
The way I test it is this - Linux box, running pppd with a chat script. The chat script defines the context (AT+CGDCONT=1,"IP", and so on) and starts the connection.
The symptoms - if I don't specify the authentication method in the PDP context explicitly it does not even activate (or LCP negotiation fails in the ppp). From the little I understand about GPRS networks this makes sense - I suppose because the gateway node refuses the context if it does not indicate there will be authentication to follow.
Tested with few operators and here comes the most weird part - some of the operators I tested work ONLY if I set it to either PAP or CHAP (and provide correct username and password). And some work whatever I specify (NOAUTH, wrong user/password, etc).
The ideas I have come up with so far are:
1) Provide option to the user to select authentication type. (Not the approach I am fond of because I prefer the user to enter as little as possible.)
2) If the user has set a username/password for the APN - set the auth method to CHAP (I have noticed most operators support both CHAP and PAP). If not - use None as method. (Sounds reasonable?)
3) Brute force - set to CHAP, activate - watch for error; if failed - set to PAP and activate, etc... (Can't say I am too happy about it)
Please excuse me if I answer a very dumb and common question with a well known answer in the mobile industry or if I am completely off track in my logic here, but I am a software developer and that just doesn't make any sense to me :)
Thanks to anyone who shares some experience and knowledge on the topic!

How to get notifications when I reach internet enabled area (wifi circle)?

Presently I'm working on a Windows Phone application that will work in both online and offline mode. So that if the net is available means I need to sync my offline data to the respective server. My requirement is if my app is working and when I reach a wifi-enabled circle (area) I need to get a notification. Otherwise need to race an event.
How can I achieve this? Is there any notification channel present in WP7 to inform about this? If yes please demonstrate some code to achieve the goal.
You can determine if you are connected to a network, you can get the connection type and the phone informs you when it goes on/offline:
NetworkInterface.GetIsNetworkAvailable() checks if you are online or offline
DeviceNetworkInformation tells you more about the network type (Wifi, ...)
NetworkChange.NetworkAddressChanged += new NetworkAddressChangedEventHandler(OnNetworkChangeHandler); registers a listener to listen for changes
Click here for an example on how to listen for changes. Also very good is this tutorial from MSDN, demonstrating all the goodies mentioned above!
I also recommend reading this blog post as it contains much valuable information about the different APIs.
PS: It is not possible to get a list of all available WLANs around the phone. You can only see the WLAN you are connected to (if). That is a limitation of the Windows Phone API.
The platform does not include support for the "GeoFencing" scenario you describe.
The best solution currently available is to periodically (using a Background Task) check to see if a connection is available and to begin the sync then.

How to get Range of Pan/Tilt/Zoom in PTZ Cameras?

I have to write APIs for Panasonic WV-SC385 Network IP Camera. I searched a lot for getting Ranges of Pan/tilt/zoom, But I did not find any useful material. I will appreciate if somebody here provides me cgi command lists for WV-SC385. Thanks
You need to requests the API from Panasonic, as far as I remember they had developer portal and they do have these APIs documented. Another option is to use network sniffer to intercept and identify those commands and then check camera's web server JavaScript code in order to see the ranges of interest.

How to build a simple 2-player game, communicating over the internet, with no custom code on any server?

How can I build a simple 2-player game, that communicates over the internet?
I need to solve the problems of:
lookup or rendezvous - two players want to find each other.
ongoing communications. Either player can initiate an action that requires delivering information to the other side, in a reasonbly quick timeframe (IM-type latency, not email-type latency).
In this regard, I suppose it is equivalent to a 2-way chat, where people want to be able to find each other, and then also, once paired up, intercommunicate.
Further requirements:
for now, assume the endpoints are Windows OS, relatively recent.
assume neither endpoint machine is directly accessible from the internet. Assume they are client machines, hidden behind firewalls that block incoming requests. The machines can make outbound requests. (say, over HTTP, but TCP is also fine)
communication should be private. For simplicity, let's say there's a shared secret already in place, and the endpoints are able to do AES. I guess what I mean by this is, any intermediary should not need to decrypt the message packets. The decryption will happen only at the endpoints.
all custom code should run only on the client PCs.
Assume there is no server in the internet that is under my control.
I'm happy to use third-party servers to facilitate intercommunication, like an IM server or something, as long as it's free, and I am not required to install custom code on it.
What APIs are available to facilitate this design?
Can I do this with IM APIs? WCF? Are there WCF Channels for Windows Messenger?
What protocols? HTTP? I have this tagged as "peer-to-peer" but I mean that virtually; there's no hard requirement for a formal p2p protocol.
What message formats would you use?
EDIT
To clarify the requirements around servers, what I want is NO SERVER UNDER MY CONTROL. And NONE OF MY CUSTOM CODE ON ANY SERVER. That is not the same as "No server".
Think of it this way: I can send an email over SMTP, using custom code that I write on the sending and receiving side. My custom code can connect via a free SMTP server intermediary. This would require no installation of code on the SMTP server. This is something like what I want, but SMTP is not acceptable, because of the latency.
EDIT2
I also found this: library for Instant Messaging, like libpurple, but written in C#
ANSWER
I can do what I want, using libraries for IM frameworks. One simple way to do it using Windows Live Messenger is to use the Messenger Activity SDK. This proves the concept, but is not really a general solution. But, similar things can be accomplished with the IM libraries for various messenger systems, like libpurple, or using libs for IRC channels. In all these cases, the IM servers act as the firewall-penetrating communications infrastructure.
IM is the wrong tool. Instead, use an IRC chat room.
With an IRC chat room, your clients "log in" to the chat room, and that is used for your "presence". Anyone in the chat room is "available" to play the game.
Once that is done, the game instance communicate with each other through the chat room. They can use the global channel, or simply private IRC channels for game traffic.
The issues to solve:
First, all game state is shared on the clients. Many games have done this (RTS's like Age of Empires, RPGs like Diablo). But client states are susceptible to hacking and cheating. That's just a plain truth. If the game is popular, it WILL be hacked.
Ping traffic. Basically the flow is you log in to the room, your client is in "available to play" mode. Then it pings EVERYONE ELSE to see if THEY are available to play. This will happen with every client "sign in" to the chat room. You can then use the public room for broadcast events "Frank is ready for a new game", "Frank started a game with Joe", etc. That can help keeps games in sync and not chatty, but when a client connects to the chat room, it's going to go "Hi All, it's Bob, what are you all doing". So you need to manage that.
Traffic volume. IRC rooms can handle a lot of traffic, but not a LOT of traffic. Most are designed to prevent "spamming", "flooding", etc. So you may well be rate limited on you game play. Not a problem for "Checkers", more so for "World of Warcraft" during a 40 man Raid. That's a game design issue.
Terms of service. The IRC provider may well say "Uh no, you can't do that with our service". I haven't looked in to it, so I don't know, but could be an issue.
Other than that, IRC is a pretty good fit. Lots of IRC bot code floating around on the net, I've never used any of it.
Every two-player game must have some type of server environment by the basic need of having to communicate between two clients/players at the very least. Keep in mind, each of the clients/players can also act as its own server to communicate with other linked clients. But the need to keep tabs on all clients/players at any given time and the need to facilitate searching of other clients/players inherently requires some type of server environment to begin with.
libpurple along with otr can give you the privacy-over-IM such an application would need.
You could setup a message board on one of the free message board servers so that players can find each other. You'll probably want to encourage them to use private messages to exchange IP addresses. Then, use a protocol that connects using IP addresses. Good luck with that. Firewalls make it a pain.
Then, of course, one machine of the pair would need to act as server, the other as client. Your software must contain both sets of code. I've written such a game and can tell you that the communication code gets a little confusing.
I can tell you right now that you'd be much happier in life if you wrote a web service to facilitate communication. But, then, you'd need a server for that.
Good luck. You're going to need it.
OR, you could just write a game for an IM client, like Microsoft Messenger. I've seen games for that one, so I know it can be done.
As somebody has said, it may not yet possible to do so if you don't have any mediated server between 2 players. As you're happy to use third party server, I suggest that you build your system using Google App Engine + XMPP over HTTP. It works nicely over internet and behind firewall. And yet it's free (as long as your system doesn't grow out of GAE quota).
Peer to peer is out due to your firewall constraint. This doesn't really work easily for directory services anyway.
The next easiest method I would use is to toss up a very simple CGI server script on one of the numerous super cheap web hosting sites. It seems that you don't want to go this route. Is there some particular reason? 100 lines of code and a super cheap server should give you everything you're asking for and more.
I suppose you could hook into some sort of third party chat library thing. I don't know about the current IM protocols, but good old IRC and a separate channel for your game would work. You even could cobble something together using FTP. BLOG comments on a free blog site would work too. The question is why?
These are all kludges. They get the job done in obtuse, inelegant, and poorly scaling ways.
I urge you to reconsider the web server solution.
You have a lot of conflicting requirements. Both clients behind a firewall blocking incoming requests pretty much means they can't do peer-2-peer since neither machine can act as the server, and you will need to have a transport server in the middle somewhere routing messages to each client. Right now what you are asking is pretty much not possible given the no server requirement.