-2

I have recently started working with Asp.NET. I have decided to build a captive portal for windows as my first Asp.NET project.

Currently I am confused with the hardware requirements for a captive portal.

I have a normal home router and a laptop. The router is connected to INTERNET and my laptop is connected to the router.

When a user wants to access internet he/she connects to the router and as soon as they browse they are redirected to an authentication page being hosted on my laptop.

Once the user is authenticated and allowed access he should be able to surf the net.

My question is how do i reroute user from my laptop (after authentication) back to the router(internet gateway) to surf the internet.

I hope my question is clear.

Below is a diagram that might give you a clear idea

enter image description here

Kenny Rasschaert
  • 9,045
  • 3
  • 42
  • 58
crazyghost
  • 1

1 Answers1

1

A router that sends people to a captive portal often uses a firewall that looks for a flag, or can check a user's MAC, or any number of other methods to see if they have been properly authenticated, to decide where they are routed.

The logic is simple (maybe not this simple though),

if user != authenticated -> captive portal; else -> internet;.

A route in a captive portal is not static, the firewall makes that logic check quite often, and will route the user's connection based upon the current state of the user.

Some just intercept the DNS traffic, some intercept HTTP traffic, some route/redirect everything.

NickW
  • 10,263
  • 1
  • 20
  • 27
  • I am completely aware of how to code a script to detect MAC address and so forth. The laptop will act as a firewall but what I need to know is how to reroute requests after authentication from the laptop back to the router – crazyghost Apr 05 '13 at 14:53
  • I don't think I was answering as if you didn't. I was just trying to illustrate that it's the firewall on the original router that makes the decision to send you to the captive portal or to the internet.. therefor, only 1 router needed :) – NickW Apr 05 '13 at 14:55
  • Sorry if I was too blunt but I didn't mean to offend. My question still stands if I use one router how do i reroute requests back to the router from my laptop – crazyghost Apr 05 '13 at 14:58
  • Your router and laptop should be in the same network, or in different networks with routers in between. the first situation is more normal usually. The client behind the router is behind NAT, so the laptop sees requests as if they come directly from the router, and it can respond to it in the same manner (locally, via a router, or the internet). I forgot to mention the NAT masquerading. – NickW Apr 05 '13 at 15:03
  • Well let me be more clear 1) all requests are forwarded from the router to the laptop. 2) laptop authenticates 3) if approved the request is forwarded from Laptop to router(INTERNET GATEWAY) I am having trouble in this last step, how do I do it – crazyghost Apr 05 '13 at 15:09
  • Where you're making an error is the location of the firewall, the firewall is on the router. The firewall looks for authentication, if it sees it, the user can go to the internet, if not, the user's destination is changed to the laptop. When the user is not authenticated, the firewall will change any traffic to be routed to the laptop. The laptop, seeing traffic will reply to the router, and the router will NAT the traffic from the laptop to the client. Is that clearer? – NickW Apr 05 '13 at 15:20
  • In my case the firewall is on laptop, the ROUTER forwards everything to the laptop. – crazyghost Apr 05 '13 at 15:35
  • Basically, if I were to do it, I'd have the laptop before the router. client -> laptop -> router, use the laptop as a gatekeeper basically. The firewall is an integral part, you really need to have it on the router, so it can make the decisions itself. – NickW Apr 05 '13 at 16:00
  • Thanks allot @NickW, even I think the best way to do this is place set the laptop as the gatekeeper. Because once I set the router routing tables to forward all data to my laptop it wont be able to differentiate between authorized or unauthorized packets. I guess I would need a router with built in firewall and an API to program it or I could install a custom firmware on the router. Thank allot for the help – crazyghost Apr 05 '13 at 20:31
  • Well I have come to a conclusion that routing the request the following way is not possible with my normal router: User Request -> RouterA -> Laptop(Authorization) -> RouterA -> Internet , Instead I will use the following setup User Request -> Laptop(authorization) -> Router -> Internet – crazyghost Apr 06 '13 at 09:18
  • I hope everything works out well for you! – NickW Apr 08 '13 at 08:24