CM config file and redirect to url | docsis.org

You are here

CM config file and redirect to url

11 posts / 0 new
Last post
Anonymous (not verified)
CM config file and redirect to url

Hi,
I need some help or ideas how to redirect new registered cable modems to a registration page and how to redirect deactivated ones to some other web page.
Can this be done with config file for the modem?
Please post any ideas on this :P

frnkblk
Self-provisioning

No, this is not possible with a CM configuration file.

What you see larger operators doing is rolling a generic CM configuration file that points to 'poisoned' DNS servers that return all DNS requests to a certain IP. That IP is a web page that re-directs to the operator's provisioning system. They make the end-user register, set up billing, etc, after which the CM is entered into the provisioning system and the connection reset so that the CM re-syncs, gets a 'full' file and the end-user is online like any other customer.

Frank

redpeppers
Self-Provisioning

So what would I config line would i put into the CM file that would make the modem redirect to one and only DNS server? Are you sure this wouldnt be done via the dhcp server?

Where there's a wire there's a way.

luciano
easy job

as per above example, you need to configure DHCP for regular modems to go to the server at 10.10.10.10, expired ones go to 10.10.10.11, and unregistered ones go to 10.10.10.12, and ideally those would resolve to different servers, however - you can also set up BIND or other DNS per IP where they're listening - so same DNS server replies differently to requests coming to different interfaces. first one resolves all DNS queries normally, while other two answer any and all queries the same - with one single domain/ip address....

config line needed for ISC DHCPd is "option domain-name-servers 10.10.10.10, 10.10.10.20" etc..depending on what dhcp daemon you use.

redpeppers
DHCP

I beleive i must have a few config issues in my dhcpd.conf file because i only can justify option domain-name-servers for the CPE class which point to opendns server. Is it possiable to config based on the service group entry listed under the dhcpd.conf file individually?
Where there's a wire there's a way.

luciano
show us your dhcpd.conf -

show us your dhcpd.conf - that is the easiest way. sanitize code prior to that of course.

redpeppers
Here goes.......

# DHCP Server Configuration file.
# see /usr/share/doc/dhcp*/dhcpd.conf.sample
#
ddns-update-style interim;
ignore client-updates;
allow booting;
allow bootp;
use-host-decl-names on;

omapi-port ***;
key omapi_key {
algorithm HMAC-MD5;
secret "***";};
omapi-key ***;

class "CPE" {
match pick-first-value (option agent.remote-id,hardware);
default-lease-time 21600;
max-lease-time 21600;
min-lease-time 10800;
option time-offset 0;
option domain-name "shoresofcamelot.video-direct.tv";
ddns-updates off;
option domain-name-servers 208.67.222.222,208.67.220.220;
}

class "cm" {
match if substring(option vendor-class-identifier,0,6) = "docsis";
spawn with option agent.remote-id;
default-lease-time 604800;
max-lease-time 604800;
min-lease-time 302400;
option time-offset -25200; # Mountain Standard Time
next-server 8.8.8.6;
option ntp-servers 69.3.***.***;
option tftp-server-name "8.8.8.6";
filename "Disable.cm";
option time-servers 8.8.8.6;
option log-servers 69.3.***.***;
option domain-name "video-direct.tv";
ddns-updates off;
}

shared-network VideoDirect.tv {
subnet 12.234.**.* netmask 255.255.255.0 {
authoritative;
pool {
# --- default gateway
option routers 12.234.**.*;
option subnet-mask 255.255.255.0;
allow unknown clients;
range 12.234.**.* 12.234.**.***;
option domain-name-servers 208.67.222.222,208.67.220.220;
default-lease-time 21600;
max-lease-time 43200;
allow members of "CPE";
}
}

subnet 10.0.4.0 netmask 255.255.255.0 {
authoritative;
pool {
# --- default gateway
option routers 10.0.4.1;
option subnet-mask 255.255.255.0;
range 10.0.4.2 10.0.4.254;
allow members of "cm";
deny unknown clients;
}
}
}
group Express {

next-server 8.8.8.6;
option routers 10.0.4.1;
option subnet-mask 255.255.255.0;
filename "Express.cm";
option tftp-server-name "8.8.8.6";
option time-offset -25200; # Mountain Standard Time
option ntp-servers 69.3.***.**;
default-lease-time 21600;
max-lease-time 43200;
}
group Elite {

next-server 8.8.8.6;
option routers 10.0.4.1;
option subnet-mask 255.255.255.0;
filename "Elite.cm";
option tftp-server-name "8.8.8.6";
option time-offset -25200; # Mountain Standard Time
option ntp-servers 69.3.***.**;
default-lease-time 21600;
max-lease-time 43200;

}
group headend {

next-server 8.8.8.6;
option routers 10.0.4.1;
option subnet-mask 255.255.255.0;
filename "headend.cm";
option tftp-server-name "8.8.8.6";
option time-offset -25200; # Mountain Standard Time
option ntp-servers 69.3.***.**;
default-lease-time 21600;
max-lease-time 43200;

}
group Pro {

next-server 8.8.8.6;
option routers 10.0.4.1;
option subnet-mask 255.255.255.0;
filename "Pro.cm";
option tftp-server-name "8.8.8.6";
option time-offset -25200; # Mountain Standard Time
option ntp-servers 69.3.***.**;
default-lease-time 21600;
max-lease-time 43200;

}
group Disable {

next-server 8.8.8.6;
option routers 10.0.4.1;
option subnet-mask 255.255.255.0;
filename "Disable.cm";
option tftp-server-name "8.8.8.6";
option time-offset -25200; # Mountain Standard Time
option ntp-servers 69.3.***.**;
default-lease-time 21600;
max-lease-time 43200;

}

Where there's a wire there's a way.

emkowale
Frank

How does one 'poison' and DNS server? I've been trying to figure out how to get the DNS to point like this:

(ANYTHING) goto myregistrationserver.com

I can't seem to get wildcards to work in a Linux based (BIND) DNS server.

emkowale

kwesibrunee
in BIND9 this is

in BIND9 this is accomplished most easily with views

view "internal" {

     match-clients { 10.1.0.0/16; 10.12.0.0/16; };
     recursion yes;

     zone "." in {
         type master ;
         file "db.lockdown" ;
     };
};

view "external" {

     match-clients { any; };
     recursion yes;
    
     ..... Other Zone File defs for normal dns operations

}

then in db.lockdown something like this

$TTL 60
@       IN      SOA     registration.cablemo.net.  admin.cablemo.net. (
                        200901052 ; serial
                        60      ; refresh after 6 hours
                        60       ; retry after 1 hour
                        120     ; expire after 1 week
                    60 )           ; minimum TTL of 1 day

        NS      registration.cablemo.net.
registration.domain.net.       A       192.168.1.14
*       A       192.168.1.14

now your almost there.... you have anything from 10.1.0.0/16 resolving to 192.168.1.14 requests from any other subnet will resolve normally this way you do not need a separate server.

next you need some help from apache you need to configure your 404 error document to a page that redirects all requests to your registration page in PHP this is done like so:

<?php
header('Location: http://registration.domain.net/');
?>

now the process is
1. unauthed client requests DNS for www.google.com
2. DNS server returns 192.168.1.14
3. Web browser navigates to www.google.com/somedest
4. Registration server does not have a directory called somedest so it invokes its 404 error document which sends a redirect to the browser to registration.domain.net
5. unauthed client requests DNS for registration.domain.net
6. DNS server returns 192.168.1.14
7. Web browser navigates to registration.domain.net and voila you have captured your intended target.

emkowale
Sweet

You da man. I've been messing with that off and on for months. Thanks for the push.

emkowale

luciano
simply add different option

simply add different option for domain name servers at different groups. I am not sure what is _not working_ to you, BUT, here is what i did:

1. i identified every piece of equipment with MAC address (tedious job but worth it at the end),
2. in each host declaration, add group declaration - simply assign them to the groups,
3. in group declaration add group-specific commands ...

so if you had ....lets say, 4 different offers for CM clients (e.g. express, elite, headend... ), plus disabled group, you'd end up with 5 group definitions (unauthorized modems need to go somewhere as well)...

so you would have

}

group Express {
option domain-name-servers 208.67.222.222,208.67.220.220;
next-server 8.8.8.6;
option routers 10.0.4.1;
option subnet-mask 255.255.255.0;
filename "Express.cm";
option tftp-server-name "8.8.8.6";
option time-offset -25200; # Mountain Standard Time
option ntp-servers 69.3.***.**;
default-lease-time 21600;
max-lease-time 43200;
}

group Elite {
option domain-name-servers 208.67.222.222,208.67.220.220;
next-server 8.8.8.6;
option routers 10.0.4.1;
option subnet-mask 255.255.255.0;
filename "Elite.cm";
option tftp-server-name "8.8.8.6";
option time-offset -25200; # Mountain Standard Time
option ntp-servers 69.3.***.**;
default-lease-time 21600;
max-lease-time 43200;

}

group headend {
option domain-name-servers 208.67.222.222,208.67.220.220;
next-server 8.8.8.6;
option routers 10.0.4.1;
option subnet-mask 255.255.255.0;
filename "headend.cm";
option tftp-server-name "8.8.8.6";
option time-offset -25200; # Mountain Standard Time
option ntp-servers 69.3.***.**;
default-lease-time 21600;
max-lease-time 43200;
}

group Pro {
option domain-name-servers e.f.g.f;
next-server 8.8.8.6;
option routers 10.0.4.1;
option subnet-mask 255.255.255.0;
filename "Pro.cm";
option tftp-server-name "8.8.8.6";
option time-offset -25200; # Mountain Standard Time
option ntp-servers 69.3.***.**;
default-lease-time 21600;
max-lease-time 43200;
}

group Disable {
option domain-name-servers a.b.c.d;
next-server 8.8.8.6;
option routers 10.0.4.1;
option subnet-mask 255.255.255.0;
filename "Disable.cm";
option tftp-server-name "8.8.8.6";
option time-offset -25200; # Mountain Standard Time
option ntp-servers 69.3.***.**;
default-lease-time 21600;
max-lease-time 43200;
}

and AFTER this, you would specify:

host test_one {
hardware ethernet 00:1a:ad:a9:20:ee;
fixed-address 10.1.0.210;
group "Elite"; }

host test_two {
hardware ethernet 00:1a:ad:a9:20:f0;
fixed-address 10.2.0.11;
group "headend";
option bootfile-name "mta3.bin";
filename "mta3.bin";
next-server 10.0.0.10;
option routers 10.0.0.10;
option tftp-server-name "10.0.0.10";
}

so from this you can see - you can specify commands for equipment in HOST declaration, OR in the GROUP declaration, OR in the POOL declaration, OR in the SUBNET declaration, OR in the NETWORK declaration, OR in the GENERAL configuration - this is kinda hierarchical overview - from bottom to the top. HOST declaration refers ONLY to particular host, while moving up the scale refers to higher and higher levels, until you specify GENERAL options which are common to all clients of the DHCP server (e.g., domain name server, except in your network setup :D)

I copied-pasted piece of my configuration :) so it does not reflect your config, but you will hopefully understand what I meant. Write to me to play.open.minded (at) gmail and I can send you my own config which includes much more host declarations than my sample here (http://docsis.org/node/564) ... i sanitized this config in order not to confuse people with extra unnecessary detail.

.play.open.minded.

Log in or register to post comments