Captive portal on a bridged interface

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi, I like to create a captive portal on a bridged interface.
Every approach I have used so far didn't work.

Let this be the setup:

sysctl -w net.bridge.bridge-nf-call-iptables=1
sysctl -w net.ipv4.ip_forward=1

ifconfig eth1 0.0.0.0
ifconfig eth2 0.0.0.0
brctl addbr br0
brctl addif br0 eth1
brctl addif br0 eth2
ifconfig eth1 up
ifconfig eth2 up
ifconfig br0 10.0.0.33 netmask 255.255.255.0 up
route add default gw 10.0.0.1

Clients are behind eth2 and can access the Internet
using a gateway somewhere behind eth1.
Every packet from an unknown client (by mac) need to be blocked
from accessing everything except DNS and 10.0.0.0/8.
HTTP-requests (Port 80) need to be redirected to
the local web server (the captive portal).

My best start so far is this:
ebtables -t broute -A BROUTING -p IPv4 --ip-proto tcp --ip-dport 80 -j redirect --redirect-target DROP
ebtables -t broute -A BROUTING -p IPv4 --ip-proto tcp --ip-sport 80 -j redirect --redirect-target DROP
iptables -t nat -I PREROUTING 1 -p tcp --dport 80 -j DNAT --to-destination $br0_ip_addr

It seems to successfully redirect http requests to the local web server.
But e.g. adding ! -d 10.0.0.0/8 as an exception doesn't seem to work.


After reading a lot of documentation it still leaves my head spinning.
Can anybody give me a few hints what rules I do need?

For what it is worth, the system is OpenWrt. :-)

Thanks,
mwarning
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJR5cdcAAoJECHrh56PP4wpWXgH/0gUSVjJ1jPezokX+hys8DW8
lq85qskT8CohyXPiOlM0Uzx4K0MCzKDEDiHbOKcK1yYwH1AEZx78GKg9omuTxWir
WCm0LeIzea3GD68Ucg0X9naYKPd+6yoSKebCJxQWdxdYrlElQITo07syHWaXfhX6
Na5Sz8J502n0yAOU4gTfGbamiC3gKwIUL4EMNTXQl1D8M0DZlRVx9J3AZTd7mk/4
Mk4U/HBiEoalDC4FMOJqA3Lutk+/oquRoYeQMT9uKu23KYwZ1TDtjsw2v1MGiveI
kWqiZ7VnNcWRLAbrneRThRnGBIF+USHhHKew66pY78qbTLmp/barr9LeEWsTZ0w=
=NiFo
-----END PGP SIGNATURE-----

Attachment: 0x8F3F8C29.asc
Description: application/pgp-keys

Attachment: 0x8F3F8C29.asc.sig
Description: PGP signature

[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux