redirect unauthorized users to a login page (natd as a transparent
proxy)
Vaclav Petricek
petricek at sec.ms.mff.cuni.cz
Sun Jun 8 13:29:00 PDT 2003
Hello
I am trying to redirect all http traffic of unauthorized wifi users on a
wireless hotspot to a login page. The problem I have is that I can not
disable the regular address translation (I want the source address to stay
the same).
10.0.0.7 is the wifi client
195.250.155.29 is the web wifi user tries to access from his browser
195.113.17.94 is my login page
10.0.0.1 is the wifi interface on the server
What happens is
In [TCP] [TCP] 10.0.0.7:1036 -> 195.250.155.29:80 aliased to
[TCP] 10.0.0.1:1036 -> 195.113.17.94:80
The natd configuration file:
-------------------------------------------------------------------------
interface wi0
port 1234
#proxy_only yes
reverse
proxy_rule port 80 server 195.113.17.94:80
-------------------------------------------------------------------------
Natd was run as natd -f /etc/natd.conf -v with
00010 divert 1234 tcp from any to any via wi0
I was hoping proxy_only will do the trick but it does not seem to have
any impact and the source address is changed anyway.
A quick glance at the source did not help much to my understanding of the
proxy_only option.
Thank you very moch for any hints,
Vaclav
More information about the freebsd-security
mailing list