Date: Sun, 8 Jun 2003 22:35:47 +0200 (CEST) From: Vaclav Petricek <petricek@sec.ms.mff.cuni.cz> To: freebsd-security@freebsd.org Subject: redirect unauthorized users to a login page (natd as a transparent proxy) Message-ID: <Pine.BSF.4.50.0306082233300.86521-100000@sec.ms.mff.cuni.cz>
next in thread | raw e-mail | index | archive | help
Hello I am trying to redirect all http traffic of unauthorized wifi users on a wireless hotspot to a login page. The problem I have is that I can not disable the regular address translation (I want the source address to stay the same). 10.0.0.7 is the wifi client 195.250.155.29 is the web wifi user tries to access from his browser 195.113.17.94 is my login page 10.0.0.1 is the wifi interface on the server What happens is In [TCP] [TCP] 10.0.0.7:1036 -> 195.250.155.29:80 aliased to [TCP] 10.0.0.1:1036 -> 195.113.17.94:80 The natd configuration file: ------------------------------------------------------------------------- interface wi0 port 1234 #proxy_only yes reverse proxy_rule port 80 server 195.113.17.94:80 ------------------------------------------------------------------------- Natd was run as natd -f /etc/natd.conf -v with 00010 divert 1234 tcp from any to any via wi0 I was hoping proxy_only will do the trick but it does not seem to have any impact and the source address is changed anyway. A quick glance at the source did not help much to my understanding of the proxy_only option. Thank you very moch for any hints, Vaclav
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.50.0306082233300.86521-100000>