* NATTING_help
@ 2005-10-03 8:07 compuomari
0 siblings, 0 replies; 5+ messages in thread
From: compuomari @ 2005-10-03 8:07 UTC (permalink / raw)
To: netfilter
Dears,
I have a scenario that is somehow making me have a hardtime , i have a
wiless access point that get the internat access from my linux box, i
want any user that uses my internet to get a lnading page for my self (
some kind of advertisment ) and then go to the internet , i don't need
authentication , but i dont want this landing page occuring many more
than once for the user ... anyhow , how can i do it with iptables? i
want to DNAT all users to an internal apache server , then SNAT them to
the inernet , how is that possible? double natting? proxying ? i need
your help ..
regards,
oozie
^ permalink raw reply [flat|nested] 5+ messages in thread
* NATTING_help
@ 2005-10-03 8:29 compuomari
0 siblings, 0 replies; 5+ messages in thread
From: compuomari @ 2005-10-03 8:29 UTC (permalink / raw)
To: netfilter, netfilter-devel, netfilter
Dears,
I have a scenario that is somehow making me have a hardtime , i have a
wiless access point that get the internat access from my linux box, i
want any user that uses my internet to get a lnading page for my self (
some kind of advertisment ) and then go to the internet , i don't need
authentication , but i dont want this landing page occuring many more
than once for the user ... anyhow , how can i do it with iptables? i
want to DNAT all users to an internal apache server , then SNAT them to
the inernet , how is that possible? double natting? proxying ? i need
your help ..
regards,
oozie
^ permalink raw reply [flat|nested] 5+ messages in thread
* NATTING_help
@ 2005-10-17 9:17 compuomari
0 siblings, 0 replies; 5+ messages in thread
From: compuomari @ 2005-10-17 9:17 UTC (permalink / raw)
To: netfilter, netfilter-devel, netfilter
Dears,
I have a scenario that is somehow making me have a hardtime , i have a
wiless access point that get the internat access from my linux box, i
want any user that uses my internet to get a lnading page for my self (
some kind of advertisment ) and then go to the internet , i don't need
authentication , but i dont want this landing page occuring many more
than once for the user ... anyhow , how can i do it with iptables? i
want to DNAT all users to an internal apache server , then SNAT them to
the inernet , how is that possible? double natting? proxying ? i need
your help ..
regards,
oozie
^ permalink raw reply [flat|nested] 5+ messages in thread
* NATTING_help
@ 2005-11-16 14:42 compuomari
2005-11-16 16:16 ` NATTING_help Matt Zagrabelny
0 siblings, 1 reply; 5+ messages in thread
From: compuomari @ 2005-11-16 14:42 UTC (permalink / raw)
To: netfilter, netfilter-devel, netfilter
Dears,
I have a scenario that is somehow making me have a hardtime , i have a
wiless access point that get the internat access from my linux box, i
want any user that uses my internet to get a lnading page for my self (
some kind of advertisment ) and then go to the internet , i don't need
authentication , but i dont want this landing page occuring many more
than once for the user ... anyhow , how can i do it with iptables? i
want to DNAT all users to an internal apache server , then SNAT them to
the inernet , how is that possible? double natting? proxying ? i need
your help ..
regards,
oozie
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: NATTING_help
2005-11-16 14:42 NATTING_help compuomari
@ 2005-11-16 16:16 ` Matt Zagrabelny
0 siblings, 0 replies; 5+ messages in thread
From: Matt Zagrabelny @ 2005-11-16 16:16 UTC (permalink / raw)
To: netfilter
On Wed, 2005-11-16 at 17:42 +0300, compuomari wrote:
> Dears,
> I have a scenario that is somehow making me have a hardtime , i have a
> wiless access point that get the internat access from my linux box, i
> want any user that uses my internet to get a lnading page for my self (
> some kind of advertisment ) and then go to the internet , i don't need
> authentication , but i dont want this landing page occuring many more
> than once for the user ... anyhow , how can i do it with iptables? i
> want to DNAT all users to an internal apache server , then SNAT them to
> the inernet , how is that possible? double natting? proxying ? i need
> your help ..
i have effectively done this, (it is a registration system for the
campus that i work at).
overview:
1) use the mangle table to determine if users are forced (dnat'ed) to
the landing page (internal apache server)
2) use apache's mod_rewrite to capture any document in the web space.
3) once they view the page and click a link or hit a submit button have
a cgi that add's their ip to the mangle table that allows them passage
through the firewall (without being dnat'ed). also this cgi can print
out a http location header to send them to the original web site that
they wanted to go to.
the system that i helped build is mildly complex and consists of a
database for user tracking, scanning (using nessus), radius
authentication, ucarp (unfortunately not working yet), and other things.
but a stripped down version could be done with just one or two cgi's and
some firewall rules.
-matt zagrabelny
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2005-11-16 16:16 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-11-16 14:42 NATTING_help compuomari
2005-11-16 16:16 ` NATTING_help Matt Zagrabelny
-- strict thread matches above, loose matches on Subject: below --
2005-10-17 9:17 NATTING_help compuomari
2005-10-03 8:29 NATTING_help compuomari
2005-10-03 8:07 NATTING_help compuomari
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.