Here's a little script I wrote that checks incoming wireless requests for a known MAC address. I've been using it on my Linux gateway/router/wireless-bridge.
If it doesn't know you, it transparent-proxies all your outgoing port 80 traffic to the local webserver's port 81, where you could put a redirect to a polite message or something.
In my case I'd just like to put some sort of guestbook page that logs your MAC and adds it automatically to the firewall rules after you leave a comment. I don't mind sharing my bandwidth from time to time, but I'd love to know if someone benefitted from it.
I was impressed with the power of iptables, once I got my head round it. I found an ascii-art diagram that helped me understand the flow through the various tables and targets.
hardware linux wireless Posted by Matt Biddulph at January 2, 2003 09:55 AM
What you're proposing would be really easy to do with the open mode of NoCatAuth. We're phasing out the perl version of the gateway, but the C version ("NoCatSplash") supports open mode already, so it could be trivially hacked to redirect to a local webserver with a guestbook app. (Alternately CGI support could be added to NoCatSplash, I suppose.)
Posted by: Schuyler on April 28, 2003 09:14 AMI'll check it out. The nocat system was the inspiration for implementing this several months ago. I read about it, downloaded it and browsed through the source. Rather than try to understand it properly and set up a system, I put this quick hack together to get an idea of whether anyone was using my open node - it wasn't in a busy area.
Posted by: Matt Biddulph on April 29, 2003 01:33 PMhi,
i saw your script and i understand that it actually cause disallowed mac addresses's packets to go to your web server.
But is there a way where iptables can allow me to have my web server forward the packets from those disallowed mac to my host?
as in if i have3computers
A can talk to C only through B
therefore all packets should go through B and B will be able to forward the packet to the distination host.
Can iptables do that?
Thanks in advance.
¿Can you belive you hit the spot? this is what I've been looking for the last 5 hours! :)
Now, I've got to find a "NiCe" way to log the Wireless connection time...and export it to a MySQL DB...
Posted by: Cthulhu on March 24, 2004 04:45 AM
I'm trying your script (forgive me, I'm a iptables newbie), and I get a "Can't delete chainw ith references left" when the second line of the script runs. the iptables -t mangle -X maccheck part is what is failing, and I'm wondering what I'm missing. Ideas?
You do some kewl stuff, sir. I love the mini-itx machine...
Posted by: Steve on February 18, 2003 10:08 PM