From DD-WRT Wiki
NoCatSplash is a special type of web server. It redirects clients connecting to a DD-WRT box to a specific web page. Usually used for disclaimers and advertising, it can be a very useful tool when you have unknown people connecting wirelessly. After a configurable period of time, the client's internet access is cut off, unless the Client has agreed again to the Terms. If the client has a Web Browser open & configured with a Direct Internet Connection, and loads a website, their browser is redirected again, to the NoCatSplash page.
In order for NoCatSplash to display the splash page, the DD-WRT enabled device must have both of the following:
- An active internet connection
- A WAN address
For example, a client trying to ping an Internet address (e.g., www.google.com) must be able to resolve the name to an IP address. However, the Ping packets will not actually go through until the Client clicks the I Agree button on the splash page.
- Herein referred to as NoCat or splashd (the technical name).
- referrers to the roaming laptop user with a browser configured for direct internet connections. LAN clients are normally included, so anyone wired into the LAN ports on the DD-WRT box is also a Client. LAN Servers, for instance, can be excluded from being involved in the NoCat system within the configuration of NoCat.
- Command Line Interface. Either SSH (more secure, recommended) or Telnet (less or not secure). Windows users use Putty, a free download, as your SSH Client.
- A build of DD-WRT with no specific XBOX support. Leaves room for a tiny read/write folder, storing custom nocat scripts and web pages.
- Gateway Name
- The name of the gateway. Whatever you want to call it. "Joe's Pizza Shop and free DSL Cafe" for example. Use the variable $GatewayName in your splash.html page to display this.
- Space separated list of websites [hostnames] accessible without requiring I Agree to be clicked (without requiring NoCat Login).
List any webservers, that you would like connecting clients to be able to access, before clicking on I Agree on the NoCatSplash screen. I.E. the webserver hosting your EULA or Welcome Page, if it isn't the router itself.
- Document Root
- Web pages for Splashd are stored here. Default configuration is /www.
- Splash URL
- Optional URL to fetch dynamic remote splash page from.
Leave empty if using a page stored on the router.
- Space-separated list of ports clients cannot use (i.e. port 25, commonly blocked by ISP's).
Users blocked by NoCat cannot send through the ports specified, period.
You should *always* exclude port 25 (SMTP), unless you want to run a portal for wanton spam sending. Normal user web-mail and users using TLS or SSL (both use non-25 port designations) for their Thunderbird or other Mail Programs are not affected by this. Only users using unencrypted, unauthenticated outgoing mail are blocked. Obviously, such activity is a good idea to discourage anyway.
- MAC White List
- Add a space separated list of MAC-addresses that should have unlimited Internet Access. The MAC addresses listed in this field will not be redirected to the Splash-page but have internet-access straight away.
- Login Timeout
How much time, in seconds, elapses before the client has to see the splash screen again, and click on 'I Agree'. How often a client is shown the EULA or other designated splash page.
For Open Mode portals, you probably want to set LoginTimeout to something large (like 86400, for one notification per day). Open Mode, is the only mode supported at this time.
- Log verbosity (to syslogd)
- 0 is (almost) no logging.
- 10 is log everything.
- 5 is probably a safe middle road.
- Route only
- Required only if you DO NOT want your gateway to act as a NAT.
Enable this only if you're running a strictly routed network, and don't need the gateway to enable NAT for you.
You would not normally use this option. So if you don't understand it, leave it to No/Off.
Instructions here are for v24 and later. For historical information, view older versions of this wiki page.
- Make sure you are using dd-wrt STANDARD or a version that supports NoCatSplash, see What is DD-WRT?#File Versions
- From the web interface, view Services, Hotspot
- Set the variables:
- NoCatSplash -> Enable
- Gateway IP Addr...
- Gateway Name
- Home Page -- the page people will be redirected to, after seeing the splash page
- Homepage RedirectionEnable Disable
- Allowed Web Hosts -- Hosts the client can access without "agreeing"
- NoCat automatically includes the Splash URL domain). Only put the domain name in, this means, do not prefix the name with "http://"
- Document Root /www
- dd-wrt firmware comes complete with sample splash and status pages in this location
- Splash URL
- Splash URL must be filled in with a website, otherwise Splashd does not work! When using Document Root, Splash URL is ignored.
- Exclude Ports
- MAC White List
- Login Timeout
- Route Only -- you very likely want disable here
DD-WRT STANDARD firmware comes complete with sample splash and status pages. Setting up basic NoCat through the Web Interface is easy. More complex options are possible by editing the nocat.conf file directly. NoCat can use a Splash URL hosted outside of the DD-WRT box, such as on NAS. Or NoCat can use the JFFS2 filesystem services on the router. A straight-forward setup is modifying the sample splash page (highly suggested) and storing it directly on the DD-WRT Device.
Splash Page Variables
Nocatsplash has predefined variables, prefixed with a dollar sign, that show dynamic information as it relates to the application. The file "status.html" (found in the "/www" directory) purports to support the following variables. As of 10:28, 21 June 2009 (CEST), the variables noted in red do NOT produce ANY output:
- The gateway name as defined in the "Basic Setup" tab under the heading "Optional Settings"
- The local time. Unknown what this time would be based off of.
- The time that the gateway was started. Unknown what this time is based off of.
- This could likely be the number of connections that the DD-WRT device is currently serving.
- Outputs information similar to "0.93pre2-ewrt0.4".
- Known to output the phrase "Open". This value is defined in "nocat.conf". Unknown if this value is dynamic.
- The login timeout as defined in the nocatsplash section of the respective "Hotspot" tab.
- Outputs the timeout as defined in the "nocat.conf" file. Unknown what this affects.
- Outputs the home page defined in the "nocat.conf" file. Variable contains this information regardless of enablement of "homepage redirection:.
- Self explanatory. Based on "nocat.conf" file configuration. By default, and at a minimum, this contains the IP of the nocatsplash device.
- A very useful variable that outputs the last time a user authenticated through nocatsplash. Ironically, this useful variable does not work.
- The default "splash.html" page within the "/www" directory indicates that this variable shows the number of users connected to nocat. This would be a VERY useful piece of information to display.
- Some type of table (html, perhaps?) that contains a listing of users connected to the device. It is impossible to tell what identifying information this would contain for obvious reasons.
No work-arounds are needed as of build 12188 (05/21/09). View older versions of this wiki page for historical information.
Customize the Splash Website
Overview: Copy the default splash pages from the read-only area /www to a writeable area on the DD-WRT Device. Then the basic Splash pages can be improved to add your logo or other necessary disclaimers, agreement terms, and customizations.
- See the Wiki Article Enabling JFFS2 or Adding additional Flash memory to DD-WRT to create the space on the router which is writable.
- Using the CLI, create a folder named nocat
- Check if the folder exists
- Copy the default content from /www to /jffs/nocat
cp -R /www/* /jffs/nocat/
- Next edit the /jffs/nocat/splash.html web page.
See WinSCP and Mirroring
- Change the NoCatSplash configuration using the DD-WRT Web Interface from /www to /jffs/nocat. Apply. Restart DD-WRT Device if necessary.
Configuration Screen Photos
- If splash.html calls another page, such as when using HTML Frames, the final page's form for the 'I Accept' button must have action="http://the DD-WRT enabled box's IP:5280/" instead of action="$action", and any other variables filled out with the values in the Web Interface/nocat.conf. The variables present in the original splash.html sample do not pass to sub-pages.
- Your Splash page won't show anything linked outside of the html file if the Splash URL isn't hosted on the router or through a Samba mount. For example .css and images won't load, but style tags in the HEAD of your html page will.
- A few things I found while looking for documentation on the net: In the nocat.conf file (you'll have to be using a nocat.conf stored in /jffs/etc and use the CLI to edit these)
- GatewayMode Open
- The only supported option at this time. I don't think it has to be set.
- LocalNetwork 192.168.1.0/24
- The IP Range which will see the splash page.
- InsideIP 192.168.1.1
- The LAN/wLAN IP of the router. I don't think it needs to be set
- DNSAddr 22.214.171.124
- Your DNS Server. Again, I don't think this needs to be set here.
Default Configuration file:
/etc # cat nocat.conf
NC_Verbosity=0 NC_SplashURL=http://www.mydomain.com/ NC_DocumentRoot=/jffs/nocat NC_RouteOnly=0 NC_HomePage=http://www.mydomain.com/ NC_GatewayName=DDWRT NC_ExcludePorts=25 21 23 NC_enable=1 NC_LoginTimeout=86400 NC_AllowedWebHosts=mydomain.com
Advanced Notes Continued
Nocatsplash will not function at all if your router is set to Wireless Access Point settings. Specifically, once you disable DHCP under "WAN Connection Type" (as detailed in the aforementioned article), nocatsplash will no longer make any attempt to intercept clients that connect to the "access point". Instead, they are treated to the internet without any prompt. This issue also occurs when the device is set to not act as a DHCP server. More than likely, there are other settings that will ruin the function of nocatsplash as well. These are simply two very glaring settings that break nocatsplash for no given reason.
This issue has been brought to the attention of the developers, but as of 10:28, 21 June 2009 (CEST), there is no response or solution.
While Authentication was originally envisioned for NoCat (NoCatAuth), support has been removed to make this as streamlined as possible.
- The place for Questions and Conjecture is on the Article Discussion page, or post your Questions in the DD-WRT Forum.
- PolskiKrol Comments: It would appear that that nokaid version of DD-WRT v24 RC7 no longer leaves any space for JFFS2 on 4MB Firmware. This issue was seen on the WRT150N. The last working firmware [for me, with enough space,] is DD-WRT v24 RC6.2.
- I am currently using a USB flash drive with the ext2 filesystem in WRT v24 sp2 beta. I have the drive mounting as "/jffs" and nocatsplash is working properly on the device. I mention this to note that not only do i NOT have the "jffs2 support" option set to disabled, but also when i do enable this option (using the correct configurations), things work as expected initially. Once the router is rebooted, however, the device forgets that the JFFS mount is the USB drive, and instead tries to use the space within the flash. This obviously isn't what i expected or wanted, and it results in unintended operation of nocatsplash. ScreamingAnger 10:28, 21 June 2009 (CEST)