Iptables capture portal question and NAT
Posted on 2004-09-15
My question is.. Im trying to setup a wifi gateway using a debian linux box.
My /etc/network/interfaces is as follows
iface eth1 inet static
iface eth0 inet static
eth0 is the external network with access to the internet
eth1 is the imaginary wifi lan
the way i want it setup is so that any webpage that is looked up when connected to the WIFI lan (eth1) is automatically brought to the webserver on port 3000 where it displays please enter password
once the password is entered it automatically adds (using php) an IPtables rule to allow that particular ip NAT access out through eth0 and only that ip that provided the password
the capture portal is accomplished by
iptables -t nat -A PREROUTING -s 192.168.0.6/24 -p tcp --dport 80 -j REDIRECT --to-port 3000
that just sends all traffic to the webserver sitting on port 3000 on the debian box.
once auththenticated it adds a rule similar to
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.3/24 -j MASQUERADE
Now my problem is.. the above doesnt work.
I need to be able to have all traffic goto the portal by default and only explicit ipaddress allowed out onto the internet
I need to be able to add and delete the specific IP address on the fly after adding in the default to the portal..
so when the time is up (1 hour or so) an at script removes the firewall rule for that particular ip address
please note .. Im only looking for IPTABLE answers i can do the php stuff. etc by myself..
also. I know there is a program called NoCatAuth.. but its not going to do what i want it to do.
ps sorry if this description is not so clear