1

I have a server with Ubuntu 12.04 Operating System on it.I want to make a DNS Server that accept all request including IPs,and redirect them to an specified IP......there users can login and after that can surf the web,with no restriction,ONLY AFTER LOGIN.I've heard something with Python and Proxy,but I don't know.....

Thanks,

Marinescu Adrian
  • 23
  • 1
  • 4

1 Answers1

4

I made a captive portal once, and as far as I can remember, i used this document to learn about DNS catchall : http://doc.pfsense.org/index.php/Creating_a_DNS_Black_Hole_for_Captive_Portal_Clients

The main thing you have to do is to give the right DNS IP with your DHCP. Then on your bind DNS, you have to create a catchall zone that always returns the same IP address, whatever the queried domain is :

zone "." {
    type master;
    file "/etc/namedb/db.catchall";
};

Zone :

$TTL    604800
@       IN      SOA     . root.localhost. (
                              1         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL

    IN  NS  .
.   IN  A   192.168.1.5  <--- Your portal IP
*.  IN  A   192.168.1.5  <--- Your portal IP

The "Captive portal" page on Wikipedia explains how this is achieved on Wi-Fi hotspots : https://en.wikipedia.org/wiki/Captive_portal

mimipc
  • 1,947
  • 3
  • 19
  • 27
  • This is a start mimipc,but with the login part,how do I do???? – Marinescu Adrian May 13 '13 at 12:32
  • You could proxy web traffic with the server hosting the portal. If the user is logged in, every query is redirected to the correct website. If user is anonymous, every query is redirected to the authentication page. I don't think this could work for HTTPS, though... – mimipc May 13 '13 at 12:35
  • Yes,yes,I can do with proxy web traffic,what are you recommending(I mean the software)? – Marinescu Adrian May 13 '13 at 12:40
  • Nginx would be great for this purpose. I'll have a look at how this is achieved on Wi-Fi hotspots to know if there is a better solution. – mimipc May 13 '13 at 12:49
  • You think MikroTik RouterOS could help me,with the Wi-fi hotspot.....I saw this film,but I need a Ubuntu version....http://www.youtube.com/watch?v=T_TEaDrqRVE – Marinescu Adrian May 13 '13 at 14:50
  • Some browsers will cache the fake IP address. Once it has been cached, it will be difficult for you to get it out of the browsers cache again. For that reason most captive portals send correct DNS responses but hijack HTTP connections and reply with a temporary redirect to an HTTPS URL on the network operator's own domain. – kasperd Sep 04 '14 at 10:40