Hi Erez,In the implementation that I worked on, we used iptables to route unauthenticated HTTP to a proxy (Hughes libHTTPd) on the AP which then presented the client with a page from some upstream payment gateway. Once the client was authenticated, we changed the iptables rules to allow direct routing of all packets. I am not so proud of this design. It was a hack that we slapped together quickly. You might be better served by looking at http://www.chillispot.org/.
- yba On Mon, 26 May 2014, Erez D wrote:
Date: Mon, 26 May 2014 12:51:21 +0300 From: Erez D <[email protected]> To: Jonathan Ben Avraham <[email protected]> Cc: linux-il <[email protected]> Subject: Re: partly OT: notification of url when connecting to open wifi Jonathan, if we are talking about walled garden/captive portal implementation under linux, i'll take the opportunity to ask something related. how does the AP redirect every web access to the login page (for "non accepted" clients) i guess using a transparent proxy with a redirection page, am i correct ? if i am correct, i would like to know: 1. does the AP allow real DNS access, or does it return the IP of the AP for every dns query. (and if so what about DNS cache ?) 2. what "webserver/proxy" is used to return the same redirect answer to every requested url On Mon, May 26, 2014 at 10:44 AM, Jonathan Ben Avraham <[email protected]> wrote:Hi Erez, For each AP you need to maintain a table of client connections that are "accepted", meaning that the client has presented some type of credential or payment or whatever. Packets from clients that are not accepted are routed to some authentication or payment gateway, with possible port translation. The accepted client table does not have to be on the AP itself. It is usually held in a RADIUS server upstream. The authentication gateway also does not need to be on the AP itself. It can be upstream and does not have to be the same as the RADIUS server. You can also have more than one payment gateway but use the same RADIUS server. That, in a nutshell is how it is done. There's a lot of netfilter/iptables smoke an mirrors going on on the AP. - yba On Mon, 26 May 2014, Erez D wrote:Date: Mon, 26 May 2014 10:26:52 +0300 From: Erez D <[email protected]> To: Jonathan Ben Avraham <[email protected]> Cc: linux-il <[email protected]> Subject: Re: partly OT: notification of url when connecting to open wifi On Mon, May 26, 2014 at 10:23 AM, Jonathan Ben Avraham <[email protected]> wrote:Hi Erez, No. The ability to configure a payment/authentication gateway is a router feature. I worked on this feature for Alvarion's WBSn. Every router designer develops their own feature.can you elaborate ?- yba On Mon, 26 May 2014, Erez D wrote:Date: Mon, 26 May 2014 10:11:54 +0300 From: Erez D <[email protected]> To: linux-il <[email protected]> Subject: partly OT: notification of url when connecting to open wifi this is partially off topic some times when i connect to open wifi on aitports, my phone (android) gives me a notification of a site i need to go to, and if i click on it, it opens a browser with a predefined URL i was wandering - is that part of an RFC or standard ? 10x erez. _______________________________________________ Linux-il mailing list [email protected] http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il-- 9590 8E58 D30D 1660 C349 673D B205 4FC4 B8F5 B7F9 ~. .~ Tk Open Systems =}-------- Jonathan Ben-Avraham ("yba") ----------ooO--U--Ooo------------{= mailto:[email protected] tel:+972.52.486.3386 http://tkos.co.il skype:benavrhm-- 9590 8E58 D30D 1660 C349 673D B205 4FC4 B8F5 B7F9 ~. .~ Tk Open Systems =}-------- Jonathan Ben-Avraham ("yba") ----------ooO--U--Ooo------------{= mailto:[email protected] tel:+972.52.486.3386 http://tkos.co.il skype:benavrhm
--
9590 8E58 D30D 1660 C349 673D B205 4FC4 B8F5 B7F9 ~. .~ Tk Open Systems
=}-------- Jonathan Ben-Avraham ("yba") ----------ooO--U--Ooo------------{=
mailto:[email protected] tel:+972.52.486.3386 http://tkos.co.il skype:benavrhm
_______________________________________________
Linux-il mailing list
[email protected]
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
