2

I like to create a simple captive portal that works for an interface that is part of a bridge.

The bridge interface br0 (10.19.1.1/16) consists of two interfaces eth0 and eth1. Behind eth1 are the client computers. Behind eth0 is a switch that has the internet gateway connected to.

For the captive portal, all tcp requests to port 80 coming from the clients behind eth1 need to be directed the local web server.

The following lines seem to work as the website request are redirected to the local web server. The problem is that once the authentication line below is used, the client cannot load any regular websites anymore.

I have already searched the internet but haven't found a solution.

PORTAL_INT="eth1"
PORTAL_IP="10.19.1.1"

#'drop' packets from being bridged
ebtables -t broute -A BROUTING  -i $PORTAL_INT -p IPv4 --ip-proto tcp --ip-dport 80 -j redirect --redirect-target DROP

iptables -N internet -t mangle
iptables -t mangle -A PREROUTING -j internet

#authenticated
#iptables -t mangle -I internet 1 -m mac --mac-source $CLIENT_MAC -j RETURN

#mark all traffic
iptables -t mangle -A internet -j MARK --set-mark 99

#redirect website access
iptables -t nat -A PREROUTING -m mark --mark 99 -p tcp --dport 80 -j DNAT --to-destination $PORTAL_IP
iptables -t filter -A FORWARD -m mark --mark 99 -j DROP
iptables -t filter -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -t filter -A INPUT -p udp --dport 53 -j ACCEPT
iptables -t filter -A INPUT -m mark --mark 99 -j DROP
mwarning
  • 721
  • 5
  • 22
  • And? Any news? And why do I only find question asked by you all over the net on this topic? – towolf Nov 07 '13 at 15:51
  • No news really. I have been told that it is possible using iptable/ebtables (not how :/) but horrible slow. It was recommended to write a kernel module... – mwarning Jan 31 '14 at 06:35

0 Answers0