How to set up iptables for Captive Portal?

L

Lizard2021-11-28 21:45:56

linux

Lizard, 2021-11-28 21:45:56

I set up a local network on my Wi-Fi adapter and now I want to ensure that every request from the client redirects it to my internal site, such is the implementation of the captive portal.
Everything is set up, AP rises, clients receive an address, but when I go to the site on port 80, there is a redirect. And when I go to port 443, the redirect does not work.
iptables config:

iptables -t mangle -N captive
iptables -t mangle -A PREROUTING -i $int -j captive
iptables -t mangle -I captive -m mac --mac-source 00:00:00:00:00:00 -j RETURN
iptables -t mangle -I captive -s 192.168.1.4 -j RETURN
iptables -t mangle -A captive -j MARK --set-mark 1
iptables -t nat -A PREROUTING -i $int -m mark --mark 1 -p tcp --dport 80 -j DNAT --to-destination 192.168.0.1
iptables -t nat -A PREROUTING -i $int -m mark --mark 1 -p tcp --dport 443 -j DNAT --to-destination 192.168.0.1
iptables -t filter -A FORWARD -i $int -m mark --mark 1 -j DROP
iptables -t filter -A FORWARD -i $int -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o $main_int -j MASQUERADE

With what it can be connected?
How to implement an idea?

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

A

Alexander Karabanov, 2021-11-28
@karabanov

And when I go to port 443, the redirect does not work.

And it will not work, because the traffic is encrypted.

P

pfg21, 2021-11-29
@pfg21

everything is redirected.
but, when creating a secure connection, your local site cannot present a certified certificate confirming that this is exactly the site that the browser needs.
Accordingly, the site leans back as non-secure.
no way. such loopholes were not built into the secure connection.

W

WebSpider, 2015-04-23
@entermix

Because the word allow is in quotes

$res = "a:1:{s:7:\"'allow'\";s:1:\"1\";}";
$res = unserialize($res);
echo $res["'allow'"];