[Fwd: Re: Wireless Login Page]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

(This may be a duplicate message, KW)

Thank you for the replies Alex and Jan.

I set up a test system with two PC's. PC one has Apache httpd running on
it with iptables flushed, defaults set to accept all packets and is at
192.168.21.1 . PC two is simply a workstation at 192.168.21.10 . I can
get my default webpage by pointing the workstation's browser to
192.168.21.1 . I invoked "iptables -t nat -A PREROUTING -p TCP --dport
80 -j REDIRECT" on the http host. At this point I was expecting to point
the workstation's browser to 192.168.21.2 and get the default webpage,
but this returned "Unable to Connect".

It seems from the description of REDIRECT 
( http://www.faqs.org/docs/iptables/targets.html#REDIRECTTARGET ) that,
when the packet hits the PREROUTING table, it immediately gets sent to
localhost and presumably httpd. I am guessing here, but since httpd is
an application, the tcp/ip stuff gets stripped off (but the port number
stays?), so the fault must be in how Apache is set up? I am thinking,
did Apache receive the packet (maybe check the appropriate log file?).
Did Apache have a problem interpreting the packet it received (check
logs)? Or, may this be a situation where the server can't figure out
where to send a reply?

Thank you for any replies.

Kirk
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--- Begin Message --- You don't need contrack for the redirection part. I've achived the same thing on my router using -j REDIRECT
You could do it for only port 80 trafic, but I've done it for all traffic. You get some entertaining attempts from people trying to work out why they have a valid DHCP lease but now internet conductivity.
----- Original Message ----- From: "Kirk Wallace" <kwallace@xxxxxxxxxxxxxxxxxx> 
To: <netfilter@xxxxxxxxxxxxxxxxxxx>
Sent: Thursday, April 26, 2007 5:48 PM
Subject: Wireless Login Page



I have a wireless card installed on Fedora 4 system. I have the wireless
connection open, DHCP enabled and have disabled forwarding for the
"open" network. I use Poptop and Radius to authenticate and assign IP
addresses on the tunnel and then allow forwarding for the tunnel address
range. I now want to have all http requests from the "open" network to
be directed to a opening/login page on the wireless server. Can this be
done with iptables (conntrack?)? Would anyone suggest links or keywords
for finding more information? Thank you.

Kirk

--- End Message ---
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux