* Captive portal on a bridged interface
@ 2013-07-16 22:21 Moritz Warning
0 siblings, 0 replies; only message in thread
From: Moritz Warning @ 2013-07-16 22:21 UTC (permalink / raw)
To: netfilter
[-- Attachment #1: Type: text/plain, Size: 1994 bytes --]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi, I like to create a captive portal on a bridged interface.
Every approach I have used so far didn't work.
Let this be the setup:
sysctl -w net.bridge.bridge-nf-call-iptables=1
sysctl -w net.ipv4.ip_forward=1
ifconfig eth1 0.0.0.0
ifconfig eth2 0.0.0.0
brctl addbr br0
brctl addif br0 eth1
brctl addif br0 eth2
ifconfig eth1 up
ifconfig eth2 up
ifconfig br0 10.0.0.33 netmask 255.255.255.0 up
route add default gw 10.0.0.1
Clients are behind eth2 and can access the Internet
using a gateway somewhere behind eth1.
Every packet from an unknown client (by mac) need to be blocked
from accessing everything except DNS and 10.0.0.0/8.
HTTP-requests (Port 80) need to be redirected to
the local web server (the captive portal).
My best start so far is this:
ebtables -t broute -A BROUTING -p IPv4 --ip-proto tcp --ip-dport 80 -j redirect --redirect-target DROP
ebtables -t broute -A BROUTING -p IPv4 --ip-proto tcp --ip-sport 80 -j redirect --redirect-target DROP
iptables -t nat -I PREROUTING 1 -p tcp --dport 80 -j DNAT --to-destination $br0_ip_addr
It seems to successfully redirect http requests to the local web server.
But e.g. adding ! -d 10.0.0.0/8 as an exception doesn't seem to work.
After reading a lot of documentation it still leaves my head spinning.
Can anybody give me a few hints what rules I do need?
For what it is worth, the system is OpenWrt. :-)
Thanks,
mwarning
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJR5cdcAAoJECHrh56PP4wpWXgH/0gUSVjJ1jPezokX+hys8DW8
lq85qskT8CohyXPiOlM0Uzx4K0MCzKDEDiHbOKcK1yYwH1AEZx78GKg9omuTxWir
WCm0LeIzea3GD68Ucg0X9naYKPd+6yoSKebCJxQWdxdYrlElQITo07syHWaXfhX6
Na5Sz8J502n0yAOU4gTfGbamiC3gKwIUL4EMNTXQl1D8M0DZlRVx9J3AZTd7mk/4
Mk4U/HBiEoalDC4FMOJqA3Lutk+/oquRoYeQMT9uKu23KYwZ1TDtjsw2v1MGiveI
kWqiZ7VnNcWRLAbrneRThRnGBIF+USHhHKew66pY78qbTLmp/barr9LeEWsTZ0w=
=NiFo
-----END PGP SIGNATURE-----
[-- Attachment #2: 0x8F3F8C29.asc --]
[-- Type: application/pgp-keys, Size: 1739 bytes --]
[-- Attachment #3: 0x8F3F8C29.asc.sig --]
[-- Type: application/pgp-signature, Size: 287 bytes --]
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2013-07-16 22:21 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-07-16 22:21 Captive portal on a bridged interface Moritz Warning
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox