Robotech
Posts: 3
Joined: Tue Aug 12, 2014 9:16 pm

Redirecting Traffic on a Wifi Hotspot

Tue Aug 12, 2014 9:48 pm

I've configured my RPi as a Wifi hotspot / access point using the following tutorial: http://www.maketecheasier.com/set-up-ra ... ess-point/

The network is planned to be used by a small handfull of people at school for basic browsing only, as the RPi network is not powerful enough for using heavy websites like YouTube and such.

Thus, how would I able to redirect connections to www.youtube.com to a html file located in /home/pi/Documents/plznoheavybrowing.html ?

Thank you in advance! :)

fruitoftheloom
Posts: 23135
Joined: Tue Mar 25, 2014 12:40 pm
Location: Delightful Dorset

Re: Redirecting Traffic on a Wifi Hotspot

Wed Aug 13, 2014 4:41 pm

Rather than negativity think outside the box !
RPi 4B 4GB (SSD Boot)..
Asus ChromeBox 3 Celeron is my other computer...

Robotech
Posts: 3
Joined: Tue Aug 12, 2014 9:16 pm

Re: Redirecting Traffic on a Wifi Hotspot

Wed Aug 13, 2014 9:40 pm

Thanks for replying. Modifying the /etc/hosts file works when I try to browse from the RPi itself.
However, it does not redirect other machines connecting to the Wifi hotspot.

Any idea on how to do that?

gridrun
Posts: 46
Joined: Mon Feb 18, 2013 12:26 pm
Contact: Website

Re: Redirecting Traffic on a Wifi Hotspot

Tue Aug 19, 2014 6:24 am

Hosts file based redirection will only work if going through the local DNS resolver.

You could use iptables on the raspberry pi, redirecting connections for certain IP:Port combos to wherever you like. The difficulty with this approach is, services like youtube might use way more than a single IP. For example:

Code: Select all

Name:    youtube.com
Addresses:  2a00:1450:400a:807::1007
          173.194.116.72
          173.194.116.69
          173.194.116.66
          173.194.116.78
          173.194.116.64
          173.194.116.70
          173.194.116.65
          173.194.116.73
          173.194.116.71
          173.194.116.68
          173.194.116.67
So you'd have to redirect all of these IPs, and even then it might not work reliably because new IPs might get introduced any day. I guess you could make a script that runs periodically, uses nslookup to obtain all IPs of a given site and creates iptables rules accordingly.

Another possibility would be to set up a DNS server on the Pi, and have your clients use this server for resolving. You might use an additional DHCP server on your Pi to achieve this. You can then have the DNS server on the Pi give out any IP you like for any site you want (by the means of zone files), while forwarding all other lookup requests to your provider's DNS server.

However, your users may simply override this system by configuring a different DNS server on their clients. This could be supressed by blocking outgoing DNS requests from the wlan (Port 53 TCP+UDP) that don't go to your Pi. Of course, the users could still circumvent that by editing their own hosts file...
Find more info on Raspberry Pi, Virtualization and all things cloudy on my blog: http://niston.wordpress.com

Robotech
Posts: 3
Joined: Tue Aug 12, 2014 9:16 pm

Re: Redirecting Traffic on a Wifi Hotspot

Wed Aug 20, 2014 6:01 pm

gridrun wrote:Hosts file based redirection will only work if going through the local DNS resolver.

You could use iptables on the raspberry pi, redirecting connections for certain IP:Port combos to wherever you like. The difficulty with this approach is, services like youtube might use way more than a single IP. For example:

Code: Select all

Name:    youtube.com
Addresses:  2a00:1450:400a:807::1007
          173.194.116.72
          173.194.116.69
          173.194.116.66
          173.194.116.78
          173.194.116.64
          173.194.116.70
          173.194.116.65
          173.194.116.73
          173.194.116.71
          173.194.116.68
          173.194.116.67
So you'd have to redirect all of these IPs, and even then it might not work reliably because new IPs might get introduced any day. I guess you could make a script that runs periodically, uses nslookup to obtain all IPs of a given site and creates iptables rules accordingly.

Another possibility would be to set up a DNS server on the Pi, and have your clients use this server for resolving. You might use an additional DHCP server on your Pi to achieve this. You can then have the DNS server on the Pi give out any IP you like for any site you want (by the means of zone files), while forwarding all other lookup requests to your provider's DNS server.

However, your users may simply override this system by configuring a different DNS server on their clients. This could be supressed by blocking outgoing DNS requests from the wlan (Port 53 TCP+UDP) that don't go to your Pi. Of course, the users could still circumvent that by editing their own hosts file...
Right so I used dnsmasq to redirect DNS requests on my local resolver. Then I started a server using lighttpd which contained my plznoheavybrowing.html

I don't think many people at my school know what DNS is. Also iOS/Android users can't edit their hosts file, so blocking divergeant DNS requests shouldn't be necessary.
I've still configured a DNS log in case more people than I thought do know about it. Then I'll use Iptables if necessary. Thanks for the tip!

Return to “Networking and servers”