6

I have a Raspberry Pi with a wifi dongle that is configured for Access Point mode (wifi hotspot).

When a user is connected, I want to redirect any url they enter to a specified IP (the devices setup/configuration page). I'm looking for behavior similar to what happens when you connect to a public hotspot at the airport and you have to enter an email or accept "terms & conditions" before you can browse other pages.

Can this be done on the pi's distribution?

NSjonas
  • 161
  • 1
  • 4

1 Answers1

8

You could get this with a small set of iptables rules redirecting all traffic to port 80 and 443 your AP's address:

# iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination localhost:80
# iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to-destination localhost:80

Additionally you should have your HTTP server configured to redirect every unknown URL to its start page (so that if a user enters http://www.example.com/path/to/specific/site you don't get a 404 from your AP's webserver).

For guard dog solutions (to get redirected to a specific page on first connect) there exist dedicated software packages like WiFiDog.

Andreas Wiese
  • 10,112
  • 1
  • 32
  • 38
  • my http server is a single page app so I don't think I would have to worry about redirecting traffic back to the start page. – NSjonas Apr 18 '14 at 01:15
  • Hmmm… depeeends. If it services the same page ignoring the URL you're surely right. If it's just a _single page_… but you should know better. ;) – Andreas Wiese Apr 18 '14 at 01:16
  • Its is an angular app.. But now that I think about it, and its not running on port 80, so any internal API request wouldn't get redirected by the IP tables right? – NSjonas Apr 18 '14 at 01:19
  • It is still not showing my localhost after connecting with a device to my hotspot. `iptables-save > somefile.bak` shows me that the rules have been added. `iptables -t nat -nvL` shows me that the rules are in place: `Chain PREROUTING (policy ACCEPT 22 packets, 3427 bytes) pkts bytes target prot opt in out source destination 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 to:127.0.0.1:80 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 to:127.0.0.1:80 ` – Andi Giga Nov 24 '16 at 08:44
  • It doesn't allow localhost for me, so I put `127.0.0.1` in it. – Andi Giga Nov 24 '16 at 08:44