Release Notes:
==============

05/06/2002 (v0.80)

Ugh, two months since our last release... :-( Well, a number of factors have
intervened to make thorough testing temporarily difficult, and there have
been some particularly pesky bugs that we wanted to knock out before
continuing on our merry way. Some really exciting things have transpired
since then, however.

Fixed in this release:

* Bugginess in network autoconfiguration has been fixed. Autoconfig should
do the right thing if you've only got two network interfaces; otherwise, bet
on having to at least set your InternalDevice.

* The dreaded IE5/6 incompatibility with Passive mode appears to have been
fixed. Other browsers, such as OmniWeb, appear to be a lot happier with
Passive mode, now, too.

New in this release:

* Basic packetfilter support added for OpenBSD, thanks to Richard Lotz! This
support has NOT YET been thoroughly tested, so your feedback would really be
appreciated.

* New Open mode status page, based on patches from Don Park and Michael
Codanti, and recommendations from Andrew Woods. Way cool.

* Loopback firewall mode, which should in theory permit testing of the NoCat
gateway and authservice all on a single machine running iptables with no
network.  You can set up loopback mode by doing an ordinary "make gateway",
followed by "bin/detect-fw.sh loopback bin/" from /usr/local/nocat. Please
don't use this unless you really know what you're doing.

* Added LDAP support, using a NoCat::Source driver written by Nathan Zorn.
We don't have an LDAP server, so you'll have to test this and let us know if
it works, and send patches if it doesn't. :-)

* Added RADIUS support, based on sample code submitted by Jan-Patrick
Perisse. We don't have a RADIUS server, either, so please let me know if
this works! :-)

* The NoCat gateway now by default uses a post-forking model to handle
incoming client requests, which appears to have made the gateway
significantly more stable on PersonalTelco's public nodes. You can turn this
off (don't ask me why you'd want to, but you can) by adding "ForkOff 0" to
your nocat.conf.

03/07/2002 (v0.78)

Major bug fixes.

* Captive mode fixed. (Oops.)

* Passive mode really works now. If you run an authservice, it will need
the new renew_pasv.html form, plus a PassiveRenewForm directive that points
to it. See the latest authserv.conf for an example. I haven't tested passive
mode with every available browser, so the login renewal may not work with
every JavaScript implementation. If not, patches welcome. :-) The basic
gist, though, is that, using passive mode, you can now run NoCatAuth from
behind a NAT'ed firewall. (Hooray!)

* Automatic network discovery has been added! Through the magic of ifconfig
and netstat, NoCatAuth can now detect most gateway configurations
automatically. This makes InternalDevice, ExternalDevice, and LocalNetwork
optional in your nocat.conf, *unless* NoCat can't figure out what's going
on.

* Due to popular demand, you can now (once again?) run your gateway and your
authservice on the same machine. They should be installed to separate
directories, however. Of course, use of this feature is not recommended
for security reasons, but it will let you try out NoCatAuth without having
to set up multiple machines.

-=-=-=-=-

02/15/2002 (v0.77)

I'm a dummy. Thanks to Chip Ach for pointing out my little syntax error
in Peer.pm. Note to self: In future, run perl -cw on everything *before*
checking into CVS. :-) 

Also new this release:

* A new rule in iptables/initialize.fw that denies access on the
    ExternalInterface to the GatewayPort, unless it originates from
    AuthServiceAddr. Should at least make NoCatAuth invisible to
    random Internet portscans.

* A little test script that runs perl -cw on everything.

* Also, I'm taking the ChangeLog out of the distribution, 'cause it's vastly
    increasing the size of the tarball. Find it on the website if you need it.

-=-=-=-=-

02/13/2002 (v0.76)

Well, this release was a bit overdue. Included:

* Passive mode support: Like Captive mode, but intended to work even behind
    NATs. Broken still, insecure, completely beta, don't use it yet, but here
    it is.

* nocat.conf has been split into gateway.conf and authserv.conf, per Sameer 
    Verma's recommendation. The relevant file installs as $PREFIX/nocat.conf
    depending on what you're installing.

* Open mode now supports favicon.ico type icons. Thanks to Michael Codanti for 
    the patch.

* Expiration of client connections based on disappearance from the ARP cache.
    Based on a patch from Michael Codanti.

* AllowWebHosts directive now supports "friendly" websites that clients may
    visit without first logging in. Good for linking to your community's
    homepage from your splash page, etc. Thanks to the PersonalTelco folks
    for the idea.

* Many bug fixes and other whatnot. Try it. You'll love it.

Enjoy. SDE

-=-=-=-=-

10/25/2001 (v0.60)

Big update:

* Pluggable authentication sources: NoCatAuth now (theoretically)
  supports any kind of dynamic firewall.

* ipchains support (and a start on ipfilter support)

* User auth code rewritten

* LocalGateway can now be defined in nocat.conf.  This means 
  that you too can run the Auth system and a Gateway on the same
  Machine!  (not that we'd recommend it, but so many people asked
  for it, so here you are.  =)

-=-=-=-=-

09/25/2001 (v0.52)

Forgot to export ANY in NoCat.pm.  Fixed.

RJF

-=-=-=-=-

09/24/2001 (v0.51)

Open Portal mode is now fixed for browsers that return odd http header data. 
This caused a 'looping' issue where users couldn't escape the splash page in
some circumstances.

Also, the magical "ANY" group can now provide member class access to any
member of any group.  Specify ANY in the TrustedGroups directive of the
nocat.conf (or leave it blank) and members of any group will be accepted
into the co-op class.

RJF

-=-=-=-=-

09/21/2001 (v0.50)

Moving right along...

RJF

-=-=-=-=-

09/15/2001 (v0.45)

Oops.  Quick bugfix: the revised NoCat.pm wasn't checked into 
v0.43 (it was a laaaaaaate nite.)  It's all better now.

RJF

-=-=-=-=-

09/15/2001 (v0.43)

Support for Open portal mode is now included.  Set the 
"GatewayMode" directive to "Open" in the nocat.conf on your
gateway, and it will display a simple splash page rather than
connect to the auth system.  Set it to "Captive" for regular
Captive portal mode.


RJF

-=-=-=-=-

08/15/2001 (v0.42)

Another quick maintenance release.

RJF

-=-=-=-=-

08/15/2001 (v0.41)

Largely a maintenance release, with a new firewall feature:
IncludePorts and ExcludePorts (see INSTALL and sample
nocat.conf for details).

Also Fixed the DNSAddr specification bug, added some port
forwarding examples in etc/, an init script, and more
documentation.  Yes, we're still Beta, but getting better 
all the time!

RJF

-=-=-=-=-

08/12/2001 (v0.40)

The NoCat Auth distro has come a long way. We've got a live
authentication service up and running; you can find it at
http://nocat.net. Almost all of the functionality from the
original white paper spec has been implemented; at this point,
the major feature still in an experimental state is the
per-service-class bandwidth shaping. It's still Beta, but it
seems to work pretty well for us. We hope it'll work for you,
too, and we hope you'll let us know if does. (And if it doesn't 
we hope you'll send patches and not flames... :-)

SDE

=========

07/25/2001 (v0.30)

Greetings from the 2001 O'Reilly Open Source Conference
in San Diego. We've spent a lot of time polishing this
and making it work. We're pleased to call it BETA
software, and we think it basically works, but YMMV. Please
send your thoughts, comments, questions, bug reports, and
most of all, your patches. Thanks.

- SDE

=========

07/12/2001

This is ALPHA software. It does not conform completely
to the NoCat spec, it has no documentation, and it is
intrinsically insecure. However, it does somewhat
function, with a good bit of tweaking. Don't use it.
Have a nice day. :)

- SDE & RJF
