User Tools

Site Tools


using_iptables_and_php_to_create_a_captive_portal

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
using_iptables_and_php_to_create_a_captive_portal [2018/12/06 19:59]
abeverley
using_iptables_and_php_to_create_a_captive_portal [2018/12/06 21:51] (current)
abeverley
Line 37: Line 37:
 In this example a flat file is used to store all the details of users already registered (/​var/​lib/​users). Depending on your Apache setup, you may need to locate the file in the Apache root directory. It is in the following format: In this example a flat file is used to store all the details of users already registered (/​var/​lib/​users). Depending on your Apache setup, you may need to locate the file in the Apache root directory. It is in the following format:
  
-Name <​html><​tab></​html> ​Email <​html><​tab></​html> ​Client IP <​html><​tab></​html> ​Client MAC <​html><​tab></​html> ​Date+Name  Email  Client IP  Client MAC  Date
  
 ===== Firewall rules required ===== ===== Firewall rules required =====
  
-<​html><​strong></​html>​By andy@andybev.com (Apr 2011) - I have just updated these rules again, this time to move the MARKing into the mangle table and keep the DNAT in the nat table. I have not tested them yet though; please let me know if there are any problems.<​html></​strong></​html>​+By andy@andybev.com (Apr 2011) - I have just updated these rules again, this time to move the MARKing into the mangle table and keep the DNAT in the nat table. I have not tested them yet though; please let me know if there are any problems.
  
 The following iptables rules are needed in your firewall. Add them to your system'​s firewall scripts, or alternatively put them in their own file, make it executable, and force it to run at system startup. The following iptables rules are needed in your firewall. Add them to your system'​s firewall scripts, or alternatively put them in their own file, make it executable, and force it to run at system startup.
  
-<​html>​<​code>​</​html>​ +<​code>​
 IPTABLES=/​sbin/​iptables IPTABLES=/​sbin/​iptables
  
Line 89: Line 88:
 $IPTABLES -t nat -A POSTROUTING -o ppp0 -j MASQUERADE $IPTABLES -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
  
-<​html>​</code></​html>+</​code>​
  
 ===== Setting up rmtrack ===== ===== Setting up rmtrack =====
Line 97: Line 96:
 Create the file /​usr/​bin/​rmtrack and make it executable with the following contents: Create the file /​usr/​bin/​rmtrack and make it executable with the following contents:
  
-<​html><​code></​html>​ +  ​/​usr/​sbin/​conntrack -L \
- +
-/​usr/​sbin/​conntrack -L \+
     |grep $1 \     |grep $1 \
     |grep ESTAB \     |grep ESTAB \
Line 107: Line 104:
             substr(\$6,​5) \" -p tcp --orig-port-src \" substr(\$7,​7) \" \             substr(\$6,​5) \" -p tcp --orig-port-src \" substr(\$7,​7) \" \
             --orig-port-dst 80\"); }"             --orig-port-dst 80\"); }"
-<​html></​code></​html>​ 
  
 Note: the single command has been split over several lines Note: the single command has been split over several lines
Line 115: Line 111:
 Sudo needs to be configured to allow the apache web server to issue certain iptables commands in order to allow clients to access the internet after they have signed up. Use visudo to add the following commands to the sudoers file: Sudo needs to be configured to allow the apache web server to issue certain iptables commands in order to allow clients to access the internet after they have signed up. Use visudo to add the following commands to the sudoers file:
  
-<​html><​code><​/html>+  www-data ALL = NOPASSWD: ​/sbin/​iptables -I internet 1 -t mangle -m mac --mac-source ??​\:??​\:??​\:??​\:??​\:??​ -j RETURN 
 +  www-data ALL = NOPASSWD: /​sbin/​iptables -D internet -t mangle -m mac --mac-source ??​\:??​\:??​\:??​\:??​\:??​ -j RETURN 
 +  www-data ALL = NOPASSWD: /​usr/​bin/​rmtrack [0-9]*.[0-9]*.[0-9]*.[0-9]*
  
-www-data ALL = NOPASSWD: /​sbin/​iptables -I internet 1 -t mangle -m mac --mac-source ??​\:??​\:??​\:??​\:??​\:??​ -j RETURN 
-www-data ALL = NOPASSWD: /​sbin/​iptables -D internet -t mangle -m mac --mac-source ??​\:??​\:??​\:??​\:??​\:??​ -j RETURN 
-www-data ALL = NOPASSWD: /​usr/​bin/​rmtrack [0-9]*.[0-9]*.[0-9]*.[0-9]* 
-<​html></​code></​html>​ 
  
-<​html><​strong></​html>​Note:<​html></​strong></​html> ​Sudo does not use regular expressions,​ so the final rule is not as preferable as it should be.+Note: Sudo does not use regular expressions,​ so the final rule is not as preferable as it should be.
  
 ===== PHP script ===== ===== PHP script =====
Line 130: Line 124:
 |For an example of how to retain a user's URL, have a look at the discussion page| |For an example of how to retain a user's URL, have a look at the discussion page|
  
-<​html>​<​code>​</​html>​ +<​code>​
 <?php <?php
  
Line 221: Line 214:
  
 ?> ?>
-<​html>​</code></​html>+</​code>​
  
 ===== In use ===== ===== In use =====
using_iptables_and_php_to_create_a_captive_portal.txt · Last modified: 2018/12/06 21:51 by abeverley