Redirecting all WiFi requests to my server (like captive portal)
Solution 1:
What you're trying to do is implement a captive portal (as you know). One of the most popular captive portals is WiFi Dog. It's open source and should meet your needs.
You can run the captive portal off of a live CD using the ZoneCD, but some people say it's slow. Plus, I'm not sure if the settings can stand a reboot (likely not since I don't think anything is written to non volatile storage)
Solution 2:
Your wifi needs to be connected to a gateway where you can redirect the traffic towards your captive portal (login page).
You can do this by using iptables on linux. Say that your interface eth0 is connected to your access point with the 192.168.0.0/24
subnet and your gateway (linux server) is configured at 192.168.0.1
and has internet access on a separate interface. Your IIS server is on 192.168.0.2:80
.
Your iptables rules could be something like:
iptables -t mangle -N my_access_filter
iptables -t mangle -A INPUT -i eth0 -j my_access_filter
iptables -t mangle -A my_access_filter -m mac --mac-source 11:22:33:44:55:66 -j RETURN # Grant access to mac 11:22:33:44:55:66, by returning and not marking the traffic
iptables -t mangle -A my_access_filter -j MARK --set-mark 99 # Arbitrarily selected number
# that's it for the mangle table, now the nat table
iptables -t nat -A PREROUTING -p tcp --dport 80 -m mark --mark 99 -j DNAT --to 192.168.0.2:80 # ip o
iptables -t nat -A PREROUTING -p udp --dport 53 -m mark --mark 99 -j DNAT --to 192.168.0.1 # For good measure, lets redirect their dns queries to our own dns server.
# now the filter table reads:
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT # standard rule to accept established connections
iptables -A FORWARD -i eth0 -m mark --mark 99 -j DROP # This will drop traffic that is marked, preventing clients from accessing the internet
Your captive portal just needs to put the clients ip or mac, or whatever you filter on into the my_access_filter in the mangle table, which can be done by
iptables -t mangle -I my_access_filter -m mac --mac-source <mac> -j RETURN
or
iptables -t mangle -I my_access_filter -s 192.168.0.xx -j RETURN # by ip
Hope this gives some inspiration.