redirect unauthenticated traffic to a registration portal

Linux Netfilter discussions
 help / color / mirror / Atom feed

* redirect unauthenticated traffic to a registration portal
@ 2005-06-06  9:47 Phani Kumar
  2005-06-08  6:25 ` Song Du
  0 siblings, 1 reply; 2+ messages in thread
From: Phani Kumar @ 2005-06-06  9:47 UTC (permalink / raw)
  To: netfilter

Hi,
    I have implemented a linux router with 4 interfaces.

eth0 -- outside net
eth1 --
eth2 --    diff Internal n/ws
eth3 --

Now I had to allow only authenticated traffic to pass through the 
router(i.e through interface eth0).
I have a list of all authenticated Mac-addresses in a file.

All unauthenticated traffic (i.e non-authenticated mac-address traffic) 
had to be redirected to default registration site.

Pls can anyone suggest me how to do above task.
I am able to allow only authenticated traffic by using

iptables -t filter -A FORWARD -m --mac-source xx.xx.xx... -i eth0 -j 
ACCEPT

and so on for all authenticated users

iptables -t filter -A FORWARD -i eth0 -j DROP

How do I redirect the unathenticated traffic to a registration portal 
rather than dropping it??

Phani
IIIT-Hyd

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: redirect unauthenticated traffic to a registration portal
  2005-06-06  9:47 redirect unauthenticated traffic to a registration portal Phani Kumar
@ 2005-06-08  6:25 ` Song Du
  0 siblings, 0 replies; 2+ messages in thread
From: Song Du @ 2005-06-08  6:25 UTC (permalink / raw)
  To: Phani Kumar; +Cc: netfilter

just like transparent proxy
assume http://AUTH_PORTAL_IP is where user can type password and become authed.
iptables -t nat -A PREROUTING CONDITIONS_TO_MATCH_AUTHED -j ACCEPT
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to AUTH_PORTAL_IP
iptables -t nat -A PREROUTING -j DROP


2005/6/6, Phani Kumar <pkumar@students.iiit.net>:
> Hi,
>    I have implemented a linux router with 4 interfaces.
> 
> eth0 -- outside net
> eth1 --
> eth2 --    diff Internal n/ws
> eth3 --
> 
> Now I had to allow only authenticated traffic to pass through the
> router(i.e through interface eth0).
> I have a list of all authenticated Mac-addresses in a file.
> 
> All unauthenticated traffic (i.e non-authenticated mac-address traffic)
> had to be redirected to default registration site.
> 
> Pls can anyone suggest me how to do above task.
> I am able to allow only authenticated traffic by using
> 
> iptables -t filter -A FORWARD -m --mac-source xx.xx.xx... -i eth0 -j
> ACCEPT
> 
> and so on for all authenticated users
> 
> iptables -t filter -A FORWARD -i eth0 -j DROP
> 
> How do I redirect the unathenticated traffic to a registration portal
> rather than dropping it??
> 
> Phani
> IIIT-Hyd
> 
> 


-- 
freewizard (at) gmail.com 
http://blog.tsing.org/freewizard/   (in Chinese)


^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2005-06-08  6:25 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-06-06  9:47 redirect unauthenticated traffic to a registration portal Phani Kumar
2005-06-08  6:25 ` Song Du

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox