[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: OT: Redirect Traffic in a Subnet

To: luci-discuss@luci.org
Subject: Re: OT: Redirect Traffic in a Subnet
From: Danny Sauer <sauer@cloudmaster.com>
Date: Thu, 04 Mar 2004 12:00:08 -0600
In-Reply-To: <1078408709.404736057dd04@webmail.hansoninfosys.com>
Organization: Linux Users of Central Illinois
References: <1078408709.404736057dd04@webmail.hansoninfosys.com>
Reply-To: luci-discuss@luci.org
Sender: luci-discuss-owner@luci.org
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6b) Gecko/20031205 Thunderbird/0.4

Probably the easiest way is to have DHCP give out a "fake" dns server, 
possibly on a separate subnet, which has a wildcard record (a la 
verisign "sitefinder") that resolves everything to your web server, and 
a registration page that assigns the MAC of the connecting machine a 
static IP in DHCP (on a subnet with "real" DNS servers) and then forces 
a DHCP renew.

That doesn't stop someone from specifying their own DNS server or 
sending outgoing stuff using the IP, though.  So, your next step is to 
use that packet filtering firewall (you're using a packet-filtering 
firewall somewhere, right?) to block all outgoing traffic from the "bad" 
subnet's IP range on non-port 80 and to SNAT any outgoing port 80 (and 
possibly 443) to your registration server.  You could probably just 
specify an invalid gateway with the fake DHCP lease, but that's 
circumventable.

Your registration server is obviously set up to ignore name-based 
virtual hosts and uses a rewrite rule to send all pages back to the 
/index.html page in either case.

If you get Linux Journal, I think there was an article a month or two 
ago about someone who had a boombox-type thing with a wireless network 
connect which was set up similarly so that anyone in range could join 
the network and control the radio using any arbitrary URL.  I don't 
remember if they provided details or not - but if they did, that'd 
probably help you with half of the problem. :)

--Danny, doing just that with his wireless access point

bstory@family-net.net wrote:
> Hi all,
> 
> I'm trying to figure out how cable companies and the like are able to hand out 
> a DHCP address and then route all traffic to their registration page.  I'd like 
> to do something similar on all of my company's "inactive" ports so we have 
> better control over who's plugging in.  I know that there has got to be some 
> sort of redirection, but I'm not sure if it's DNS or routing or a combination.  
> Any ideas would be appreciated.
> 
> Ben Story

-
To unsubscribe, send email to majordomo@luci.org with
"unsubscribe luci-discuss" in the body.

References:
- OT: Redirect Traffic in a Subnet
  - From: bstory@family-net.net

Prev by Date: Re: OT: Redirect Traffic in a Subnet
Next by Date: Re: OT: Redirect Traffic in a Subnet
Prev by thread: Re: OT: Redirect Traffic in a Subnet
Next by thread: Re: OT: Redirect Traffic in a Subnet
Index(es):
- Date
- Thread