Redirecting all WiFi requests to my server (like captive portal)

http wifi redirection iis captive-portal

Solution 1:

What you're trying to do is implement a captive portal (as you know). One of the most popular captive portals is WiFi Dog. It's open source and should meet your needs.

You can run the captive portal off of a live CD using the ZoneCD, but some people say it's slow. Plus, I'm not sure if the settings can stand a reboot (likely not since I don't think anything is written to non volatile storage)

Solution 2:

Your wifi needs to be connected to a gateway where you can redirect the traffic towards your captive portal (login page).

You can do this by using iptables on linux. Say that your interface eth0 is connected to your access point with the 192.168.0.0/24 subnet and your gateway (linux server) is configured at 192.168.0.1 and has internet access on a separate interface. Your IIS server is on 192.168.0.2:80.

Your iptables rules could be something like:

iptables -t mangle -N my_access_filter
iptables -t mangle -A INPUT -i eth0 -j my_access_filter

iptables -t mangle -A my_access_filter -m mac --mac-source 11:22:33:44:55:66 -j RETURN # Grant access to mac 11:22:33:44:55:66, by returning and not marking the traffic
iptables -t mangle -A my_access_filter -j MARK --set-mark 99 # Arbitrarily selected number

# that's it for the mangle table, now the nat table
iptables -t nat -A PREROUTING -p tcp --dport 80 -m mark --mark 99 -j DNAT --to 192.168.0.2:80 # ip o
iptables -t nat -A PREROUTING -p udp --dport 53 -m mark --mark 99 -j DNAT --to 192.168.0.1 # For good measure, lets redirect their dns queries to our own dns server.

# now the filter table reads:
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT # standard rule to accept established connections
iptables -A FORWARD -i eth0 -m mark --mark 99 -j DROP # This will drop traffic that is marked, preventing clients from accessing the internet

Your captive portal just needs to put the clients ip or mac, or whatever you filter on into the my_access_filter in the mangle table, which can be done by

iptables -t mangle -I my_access_filter -m mac --mac-source <mac> -j RETURN

or 

iptables -t mangle -I my_access_filter -s 192.168.0.xx -j RETURN # by ip

Hope this gives some inspiration.

Related

Apache reverse proxy jumps back to insecure protocol after redirect
Can I use a subnet mask to limit the number of users on a router?
creating client certificates
OpenLDAP Chain not found
Why don't DNS root servers answer?
Trying to confirm is php7.0-fpm is working with apache on Ubuntu 16.04
Finding all network addresses associated with a given hostname
NGINX sub domain proxy pass
Comparison between performance of block layout, file layout and object layout of pNFS [duplicate]
Firewalld: How to whitelist just two IP-addresses, not on the same subnet
Rebuilding Raid-arrays
How to install packages from source code with Puppet?