Captive portal via ethernet wireless access point


4 posts
by linux_oldie » Thu Feb 28, 2013 1:05 am
I have a project in mind whereby I would like to give open access to a web server on the Pi via a wired, ethernet connected, wireless access point.

There will be no forward Internet connection via the portal, only access to the web server on my Pi.
There won't be any other connections apart from via the ethernet AP.

I'd like there to be open access to the web server without the user having to authenticate or log in - IE straight to the home page on the Pi's web server.
All web content will be on the Pi.

I already have the web server running on the Pi and can connect to it via my router.
The router connection will not be present when the project goes live - the setup will be away from home.

Guess I will need FTP via the AP to update the web server too.
So I will need at least port 80 and port 21.
I will need to authenticate on my port 21 connection so that only I can update the web server.

What software would give me a captive portal on the Pi?

For those not familiar with captive portals - any web ( http ) connections to the portal from a browser direct the user to a predetermined page ( on the Pi ) no matter what URL is entered in the browser address bar.

What network config should I use between the Pi and the AP?

The user will be issued an IP address from the AP - I don't wish to set up a full DNS on the Pi, just the ability to direct ALL port 80 traffic to the home page on the Pi.

I know a full DNS service on the Pi isn't needed to do this - I've done this before ( captive portal that is - donkeys years ago ) on a Linux box.

Any ideas welcome.
Posts: 3
Joined: Thu Nov 08, 2012 1:03 am
by SirLagz » Thu Feb 28, 2013 5:59 am
Using this iptables rule will direct all http traffic to the Pi - assuming your Pi's IP address is 10.0.0.1

sudo iptables -t nat -A PREROUTING -d 0/0 -p tcp –dport 80 -j DNAT –to 10.0.0.1:80

Though I haven't tested that out with a WAP connected to the Pi.

Why not use a WiFI USB stick and broadcast a network straight from the Pi ? Saves you a piece of hardware to configure, though then you'd need to run dnsmasq on the Pi to hand out IP addresses.

Also, you won't need ftp to update the webserver.
ssh / sftp will work with just the ssh daemon running, so one less service to manage.
My Blog - http://www.sirlagz.net
Visit my blog for Tips, Tricks, Guides and More !
WiFi Issues ? Have a look at this post ! http://www.raspberrypi.org/phpBB3/viewtopic.php?f=28&t=44044
Posts: 1704
Joined: Mon Feb 20, 2012 8:53 am
Location: Perth, Australia
by linux_oldie » Fri Mar 01, 2013 12:55 am
SirLagz wrote:Using this iptables rule will direct all http traffic to the Pi - assuming your Pi's IP address is 10.0.0.1

sudo iptables -t nat -A PREROUTING -d 0/0 -p tcp –dport 80 -j DNAT –to 10.0.0.1:80

Though I haven't tested that out with a WAP connected to the Pi.

Why not use a WiFI USB stick and broadcast a network straight from the Pi ? Saves you a piece of hardware to configure, though then you'd need to run dnsmasq on the Pi to hand out IP addresses.

Also, you won't need ftp to update the webserver.
ssh / sftp will work with just the ssh daemon running, so one less service to manage.


Thanks SirLags that really is a great help.

I don't have my Pi here at home at the moment so I can't check - but do I remember correctly, is there an iptables file in /etc - I'd need to save a copy of that in case your suggestion isn't right for my application so that I could return to default.

I don't wish to use a USB Wi-Fi stick on the Pi because the WAPs I have in stock would allow me to target the client access area using an external directional, dish mounted, antenna.

I know I can do that using a USB Wi Fi stick positioned at the focus of the dish and I have done that before but I want to keep all my options open.

Colin
Posts: 3
Joined: Thu Nov 08, 2012 1:03 am
by SirLagz » Fri Mar 01, 2013 1:11 am
No, there is no /etc/iptables file.
It's all done via iptables commands
However you can save firewall rules to a file and restore them from a file, so you can do your own /etc/iptables file if you wanted to.

Forgot to mention, that rule will only work if the WAPs have set the Pi as the default gateway. Not sure how you're going to set it up but hopefully the rule works for you :)

Not considering a USB wifi with a SMA socket ?
Something like this one ?
http://www.ebay.com.au/itm/RT5370-Mini- ... 2a1fec7c48

I'm using one of those sticks for my own WAP at home at the moment, but using just the puny 2dbi antenna that comes with it.
My Blog - http://www.sirlagz.net
Visit my blog for Tips, Tricks, Guides and More !
WiFi Issues ? Have a look at this post ! http://www.raspberrypi.org/phpBB3/viewtopic.php?f=28&t=44044
Posts: 1704
Joined: Mon Feb 20, 2012 8:53 am
Location: Perth, Australia