Redirecting all WiFi requests to my server (like captive portal)
Solution 1
What you're trying to do is implement a captive portal (as you know). One of the most popular captive portals is WiFi Dog. It's open source and should meet your needs.
You can run the captive portal off of a live CD using the ZoneCD, but some people say it's slow. Plus, I'm not sure if the settings can stand a reboot (likely not since I don't think anything is written to non volatile storage)
Solution 2
Your wifi needs to be connected to a gateway where you can redirect the traffic towards your captive portal (login page).
You can do this by using iptables on linux. Say that your interface eth0 is connected to your access point with the 192.168.0.0/24 subnet and your gateway (linux server) is configured at 192.168.0.1 and has internet access on a separate interface. Your IIS server is on 192.168.0.2:80.
Your iptables rules could be something like:
iptables -t mangle -N my_access_filter
iptables -t mangle -A INPUT -i eth0 -j my_access_filter
iptables -t mangle -A my_access_filter -m mac --mac-source 11:22:33:44:55:66 -j RETURN # Grant access to mac 11:22:33:44:55:66, by returning and not marking the traffic
iptables -t mangle -A my_access_filter -j MARK --set-mark 99 # Arbitrarily selected number
# that's it for the mangle table, now the nat table
iptables -t nat -A PREROUTING -p tcp --dport 80 -m mark --mark 99 -j DNAT --to 192.168.0.2:80 # ip o
iptables -t nat -A PREROUTING -p udp --dport 53 -m mark --mark 99 -j DNAT --to 192.168.0.1 # For good measure, lets redirect their dns queries to our own dns server.
# now the filter table reads:
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT # standard rule to accept established connections
iptables -A FORWARD -i eth0 -m mark --mark 99 -j DROP # This will drop traffic that is marked, preventing clients from accessing the internet
Your captive portal just needs to put the clients ip or mac, or whatever you filter on into the my_access_filter in the mangle table, which can be done by
iptables -t mangle -I my_access_filter -m mac --mac-source <mac> -j RETURN
or
iptables -t mangle -I my_access_filter -s 192.168.0.xx -j RETURN # by ip
Hope this gives some inspiration.
Related videos on Youtube
05 : 57
08 : 13
![[pfsense]How to solve captive portal cannot show automatically when access website](https://i.ytimg.com/vi/X8cdQewVCpU/hq720.jpg?sqp=-oaymwEcCNAFEJQDSFXyq4qpAw4IARUAAIhCGAFwAcABBg==&rs=AOn4CLDLt9tA18jue8Z-DGNOdzImNoDekw)
03 : 57
08 : 43
02 : 27
m6a-uds
Updated on September 17, 2022Comments
-
m6a-uds almost 2 years
I'm actually trying to develop a public wireless network (not business, just for educational purposes, I am studying computer science...). But I am lacking the required knowledge to acheive this goal (I am usually more into programming than network management [love Stack Overflow ;-)]).
What I want to do exactly is just like lot of cities/schools's public networks, where every adress is redirected to a login page before being able to access the internet.
My current setup is made like this: I have my Internet connected to a wired router. This router is connected to a Switch. My personal computers are connected to this switch. I have an IIS server connected to the router.
I have a Wireless Access Point, but I don't know how to set it up to redirect the incoming IPs to my IIS. Basically I want to block all the Internet and redirect non-local requests to my local IIS (for WiFi users only, LAN should have Internet).
I thought maybe installing a DNS on my server and setting it as primary DNS in the router. Or maybe connecting WiFi to the server (with a second Network Adapter) and redirecting via firewall/proxy, but I don't know if these would theorically work, before jumping into learning how to set up one of these options...
Any help greatly appreciated!