partly OT: notification of url when connecting to open wifi

partly OT: notification of url when connecting to open wifi

Jonathan Ben Avraham yba at tkos.co.il
Mon May 26 14:17:28 IDT 2014 

Hi Erez,
In the implementation that I worked on, we used iptables to route 
unauthenticated HTTP to a proxy (Hughes libHTTPd) on the AP which then 
presented the client with a page from some upstream payment gateway. Once 
the client was authenticated, we changed the iptables rules to allow 
direct routing of all packets. I am not so proud of this design. It was 
a hack that we slapped together quickly. You might 
be better served by looking at http://www.chillispot.org/.

  - yba


On Mon, 26 May 2014, Erez D wrote:

> Date: Mon, 26 May 2014 12:51:21 +0300
> From: Erez D <erez0001 at gmail.com>
> To: Jonathan Ben Avraham <yba at tkos.co.il>
> Cc: linux-il <linux-il at cs.huji.ac.il>
> Subject: Re: partly OT: notification of url when connecting to open wifi
> 
> Jonathan, if we are talking about walled garden/captive portal
> implementation under linux, i'll take the opportunity to ask something
> related.
>
> how does the AP redirect every web access to the login page (for "non
> accepted" clients)
> i guess using a transparent proxy with a redirection page, am i correct ?
> if i am correct, i would like to know:
> 1. does the AP allow real DNS access, or does it return the IP of the
> AP for every dns query. (and if so what about DNS cache ?)
> 2. what "webserver/proxy" is used to return the same redirect answer
> to every requested url
>
>
> On Mon, May 26, 2014 at 10:44 AM, Jonathan Ben Avraham <yba at tkos.co.il> wrote:
>> Hi Erez,
>> For each AP you need to maintain a table of client connections that are
>> "accepted", meaning that the client has presented some type of credential or
>> payment or whatever.
>>
>> Packets from clients that are not accepted are routed to some authentication
>> or payment gateway, with possible port translation.
>>
>> The accepted client table does not have to be on the AP itself. It is
>> usually held in a RADIUS server upstream. The authentication gateway also
>> does not need to be on the AP itself. It can be upstream and does not have
>> to be the same as the RADIUS server. You can also have more than one payment
>> gateway but use the same RADIUS server.
>>
>> That, in a nutshell is how it is done. There's a lot of netfilter/iptables
>> smoke an mirrors going on on the AP.
>>
>>
>>  - yba
>>
>>
>> On Mon, 26 May 2014, Erez D wrote:
>>
>>> Date: Mon, 26 May 2014 10:26:52 +0300
>>> From: Erez D <erez0001 at gmail.com>
>>> To: Jonathan Ben Avraham <yba at tkos.co.il>
>>> Cc: linux-il <linux-il at cs.huji.ac.il>
>>> Subject: Re: partly OT: notification of url when connecting to open wifi
>>>
>>>
>>> On Mon, May 26, 2014 at 10:23 AM, Jonathan Ben Avraham <yba at tkos.co.il>
>>> wrote:
>>>>
>>>> Hi Erez,
>>>> No. The ability to configure a payment/authentication gateway is a router
>>>> feature. I worked on this feature for Alvarion's WBSn. Every router
>>>> designer
>>>> develops their own feature.
>>>
>>>
>>> can you elaborate ?
>>>>
>>>>
>>>>  - yba
>>>>
>>>>
>>>> On Mon, 26 May 2014, Erez D wrote:
>>>>
>>>>> Date: Mon, 26 May 2014 10:11:54 +0300
>>>>> From: Erez D <erez0001 at gmail.com>
>>>>> To: linux-il <linux-il at cs.huji.ac.il>
>>>>> Subject: partly OT: notification of url when connecting to open wifi
>>>>>
>>>>>
>>>>> this is partially off topic
>>>>>
>>>>> some times when i connect to open wifi on aitports, my phone (android)
>>>>> gives me a notification of a site i need to go to, and if i click on
>>>>> it, it opens a browser with a predefined URL
>>>>>
>>>>>
>>>>> i was wandering - is that part of an RFC or standard ?
>>>>>
>>>>>
>>>>> 10x
>>>>> erez.
>>>>>
>>>>> _______________________________________________
>>>>> Linux-il mailing list
>>>>> Linux-il at cs.huji.ac.il
>>>>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>>>>>
>>>>
>>>> --
>>>>  9590 8E58 D30D 1660 C349  673D B205 4FC4 B8F5 B7F9  ~. .~  Tk Open
>>>> Systems
>>>> =}-------- Jonathan Ben-Avraham ("yba")
>>>> ----------ooO--U--Ooo------------{=
>>>> mailto:yba at tkos.co.il tel:+972.52.486.3386 http://tkos.co.il
>>>> skype:benavrhm
>>>
>>>
>>
>> --
>>  9590 8E58 D30D 1660 C349  673D B205 4FC4 B8F5 B7F9  ~. .~  Tk Open Systems
>> =}-------- Jonathan Ben-Avraham ("yba") ----------ooO--U--Ooo------------{=
>> mailto:yba at tkos.co.il tel:+972.52.486.3386 http://tkos.co.il skype:benavrhm
>

-- 
  9590 8E58 D30D 1660 C349  673D B205 4FC4 B8F5 B7F9  ~. .~  Tk Open Systems
=}-------- Jonathan Ben-Avraham ("yba") ----------ooO--U--Ooo------------{=
mailto:yba at tkos.co.il tel:+972.52.486.3386 http://tkos.co.il skype:benavrhm

More information about the Linux-il mailing list