using_iptables_and_php_to_create_a_captive_portal
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
using_iptables_and_php_to_create_a_captive_portal [2018/12/06 19:59] – abeverley | using_iptables_and_php_to_create_a_captive_portal [2020/05/29 09:49] (current) – abeverley | ||
---|---|---|---|
Line 1: | Line 1: | ||
=====Using iptables and PHP to create a captive portal===== | =====Using iptables and PHP to create a captive portal===== | ||
- | |Unfortunately I have had to lock this page, due to the amount | + | |Please note: this page is very out of date, having been originally created several years ago. That said, the principle |
There are various captive portal software packages available (both free and open source) that will allow you to setup an internet access facility that people have to logon to first. None of the packages I tried did what I wanted and they were not particularly customisable. Therefore I created my own, using a few iptables rules and PHP (along with a handful of other standard packages). This page details the steps that were taken. The key to this method as opposed to other iptables based solutions is that tracking information is removed after the user has signed up. Failure to do this will sometimes cause the user to still be redirected to your logon page even after they have signed up. | There are various captive portal software packages available (both free and open source) that will allow you to setup an internet access facility that people have to logon to first. None of the packages I tried did what I wanted and they were not particularly customisable. Therefore I created my own, using a few iptables rules and PHP (along with a handful of other standard packages). This page details the steps that were taken. The key to this method as opposed to other iptables based solutions is that tracking information is removed after the user has signed up. Failure to do this will sometimes cause the user to still be redirected to your logon page even after they have signed up. | ||
Line 37: | Line 37: | ||
In this example a flat file is used to store all the details of users already registered (/ | In this example a flat file is used to store all the details of users already registered (/ | ||
- | Name < | + | Name Email Client IP Client MAC Date |
===== Firewall rules required ===== | ===== Firewall rules required ===== | ||
- | < | + | By andy@andybev.com (Apr 2011) - I have just updated these rules again, this time to move the MARKing into the mangle table and keep the DNAT in the nat table. I have not tested them yet though; please let me know if there are any problems. |
The following iptables rules are needed in your firewall. Add them to your system' | The following iptables rules are needed in your firewall. Add them to your system' | ||
- | < | + | < |
IPTABLES=/ | IPTABLES=/ | ||
Line 89: | Line 88: | ||
$IPTABLES -t nat -A POSTROUTING -o ppp0 -j MASQUERADE | $IPTABLES -t nat -A POSTROUTING -o ppp0 -j MASQUERADE | ||
- | < | + | </ |
===== Setting up rmtrack ===== | ===== Setting up rmtrack ===== | ||
Line 97: | Line 96: | ||
Create the file / | Create the file / | ||
- | < | + | |
- | + | ||
- | / | + | |
|grep $1 \ | |grep $1 \ | ||
|grep ESTAB \ | |grep ESTAB \ | ||
Line 107: | Line 104: | ||
substr(\$6, | substr(\$6, | ||
--orig-port-dst 80\"); }" | --orig-port-dst 80\"); }" | ||
- | < | ||
Note: the single command has been split over several lines | Note: the single command has been split over several lines | ||
Line 115: | Line 111: | ||
Sudo needs to be configured to allow the apache web server to issue certain iptables commands in order to allow clients to access the internet after they have signed up. Use visudo to add the following commands to the sudoers file: | Sudo needs to be configured to allow the apache web server to issue certain iptables commands in order to allow clients to access the internet after they have signed up. Use visudo to add the following commands to the sudoers file: | ||
- | < | + | www-data ALL = NOPASSWD: |
+ | www-data ALL = NOPASSWD: / | ||
+ | www-data ALL = NOPASSWD: / | ||
- | www-data ALL = NOPASSWD: / | ||
- | www-data ALL = NOPASSWD: / | ||
- | www-data ALL = NOPASSWD: / | ||
- | < | ||
- | < | + | Note: Sudo does not use regular expressions, |
===== PHP script ===== | ===== PHP script ===== | ||
Line 130: | Line 124: | ||
|For an example of how to retain a user's URL, have a look at the discussion page| | |For an example of how to retain a user's URL, have a look at the discussion page| | ||
- | < | + | < |
<?php | <?php | ||
Line 221: | Line 214: | ||
?> | ?> | ||
- | < | + | </ |
===== In use ===== | ===== In use ===== |
using_iptables_and_php_to_create_a_captive_portal.1544126384.txt.gz · Last modified: 2018/12/06 19:59 by abeverley