Using iptables and PHP to create a captive portal

There are various captive portal software packages available (both free and open source) that will allow you to setup an internet access facility that people have to logon to first. None of the packages I tried did what I wanted and they were not particularly customisable. Therefore I created my own, using a few iptables rules and PHP (along with a handful of other standard packages). This page details the steps that were taken. The key to this method as opposed to other iptables based solutions is that tracking information is removed after the user has signed up. Failure to do this will sometimes cause the user to still be redirected to your logon page even after they have signed up.

via Using iptables and PHP to create a captive portal – Andywiki.

Captive portals allow for a splash screen to be delivered to a user upon entering an open network such as free wifi hotspots at various establishments.  This portal typically shows terms of service and displays some branding.  The user hits OK and then they’re free to use the network.  I find this burdensome but in the world of branding and advertising I can understand why places may want this.  I found the above iptables only solution with some PHP interesting.  Here’s another site.

For Squid users it appears to be even easier by only requiring some configuration changes.  See  Portal Splash Pages for more information.

Errata Security: Apple’s secret “wispr” request

The reason Apple does this is because you may be using an app other than the web browser. For example, the only thing you might be doing is syncing your e-mail. In such situations, you would never see the portal page, and your app will mysteriously fail to connect to the Internet.

Therefore, before your app has a chance to access the network, Apple does this for you. It sends out a request to the above URL. If the request gets redirected, then Apple knows there is a portal. It then launches a dialog box, containing Safari, to give you a chance to login.

via Errata Security: Apple’s secret “wispr” request.

At my local Starbucks, all web surfing is free. But, Windows presents a captive logon page where you must accept the Terms of Service, but the iPhone doesn’t. I assume the portal detects this URL, and automatically opens up the access-point without doing a redirection. I need to test witha Linux distro in order to figure out what’s going on.

List of open source captive portal software and network access control (NAC)

List of open source captive portal software and network access control (NAC) « Mohamed Thalib’s Blog.

I have listed here some open source captive portal software and network access control (NAC) systems.

1. ChilliSpot – http://www.chillispot.info
2. Wifidog – http://dev.wifidog.org
3. PacketFence – http://www.packetfence.org
4. HotSpotPA – http://www.hotspotpa.com
5. NoCat – http://nocat.net
6. CoovaChilli – http://coova.org
7. Utangle – http://www.untangle.com
8. pfSense – http://www.pfsense.org
9. PepperSpot – http://pepperspot.sourceforge.net
10.Zeroshell – http://www.zeroshell.net/eng/
11. m0n0wall – http://m0n0.ch

How To Build an Open Source Wi-Fi HotSpot with DD-WRT

If you’ve ever tried to set up a Wi-Fi HotSpot, you may have already discovered that you need more than a broadband Internet connection and wireless router or access point. Off-the-shelf routers and APs don’t provide the “captive portal” function needed to either authenticate users or just let them know who to thank for their free connection. Nor do they usually provide other features such as billing support, bandwidth limiting and user isolation. To obtain hotspot-specific features and capabilities, you must use a device commonly referred to as a hotspot gateway.

via How To Build an Open Source Wi-Fi HotSpot with DD-WRT – SmallNetBuilder.

Coova :: Open Source Captive Portal Access Controller and RADIUS Software

CoovaChilli is an open-source software access controller for captive portal (UAM) and 802.1X access provisioning, based on the popular (but now defunct) ChilliSpot project, and is actively maintained by an original ChilliSpot contributor. CoovaChilli is released under the GNU General Public License (GPL). Contact us for commercial support and licensing options.

via Coova :: Open Source Captive Portal Access Controller and RADIUS Software |.

ChilliSpot

ChilliSpot – Wikipedia, the free encyclopedia.

ChilliSpot is an open source captive portal or wireless LAN access point controller. It is used for authenticating users of a wireless LAN. It supports web based login, which is today’s standard for public HotSpots, WISP “smart-client” authentication, and it supports Wi-Fi Protected Access (WPA and WPA2). Authentication, authorization and accounting (AAA protocol) is handled via RADIUS (on board or remote).

Captive Portal – DD-WRT

List of Chillispot Service Providers (CSPs)

A hosted Chillispot portal can be used to speed-up HotSpot setup and Management, and ease payment and other back-end requirements. Only a DD-WRT Device is necessary, the rest is done by third parties listed below.
Disclaimer: NONE of the following links are endorsements. You are Entirely Responsible Solely for your Choices.

Captive Portal – DD-WRT Wiki.