Forwarding to a local site after connecting to wifi

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking
Goto page 1, 2  Next
Author Message
brittany123
DD-WRT Novice


Joined: 24 May 2021
Posts: 8

PostPosted: Mon May 24, 2021 20:09    Post subject: Forwarding to a local site after connecting to wifi Reply with quote
Hi guys, today I have installed dd-wrt the first time in my life and after a few hours of testing I think I have a very special question.

I have a TL-WR841ND running DD-WRT v3.0-r44715.

People should be automatically forwarded to this side http://192.168.1.2:4316/main if they connect to my wifi like a captive portal. But I do not have internet connection.

How do I have to setup CoovaChilli or something else?
Sponsor
Wildlion
DD-WRT Guru


Joined: 24 May 2016
Posts: 1109

PostPosted: Mon May 24, 2021 23:18    Post subject: Reply with quote
can you explain more about what you are doing?

From my little knowledge, it sounds like you have a WIFI AP setup but no WAN?

In theory what you could do is use IPtables to forward all traffic to that single address, but this would not be adaptive without other rules.

(see similar to: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=325570)


are you wanting to stop all ports/protocols?

Are you trying to setup a captive portal?
brittany123
DD-WRT Novice


Joined: 24 May 2021
Posts: 8

PostPosted: Tue May 25, 2021 6:33    Post subject: Reply with quote
Thank you for asking. Here are more details about what I want to offer. I have never heard anything like this before.

I would like to use this forwarding function in different ways. One is that I want to offer sightseeing walks. On this walks I want to show a PowerPoint-presantation on the mobile devices of the participants. I use a presentation software running on a tablet that is connected by LAN to my router. That software shows the presentation at http://192.168.1.2:4316/main. Because of the port 4316 it doesn't work to just edit the /etc/hosts file.

What I want is that the participants log in to my wifi and will be directly forwarded to the local address. And if they type any other address or if the search something on Google or anything else they should be forwarded to the presantation on 192.168.etc.

There are two problems right now. 1. What is the best way to setup the forwarding function? 2. Since I do not offer an internet connection the devices do not want to connect to my wifi. Is there a way to simulate an internet connection?


Last edited by brittany123 on Tue May 25, 2021 10:23; edited 1 time in total
tedm
DD-WRT User


Joined: 13 Mar 2009
Posts: 445

PostPosted: Tue May 25, 2021 7:31    Post subject: Reply with quote
What you want to do is setup your web server to respond to ANY URL queries. This is the default for Apache in fact. Then you setup your DNS server with a wildcard so that any query for any hostname will be sent to your webserver's IP address. Normally wildcards in DNS are bad bad bad and this example (private network not connected to the Internet) is one of the few examples I have ever seen that justifies their use. As for the weird port number, once more that is handled by the redirect on your webserver.

You aren't the first person to think of this, by the way.
brittany123
DD-WRT Novice


Joined: 24 May 2021
Posts: 8

PostPosted: Tue May 25, 2021 10:21    Post subject: Reply with quote
Dear tedm, thank you very much for your response. I would like to test your suggestion but I have a question first. I only have a computer/tablet with a regular Ubuntu 20.04 and my router. I will not be at home and will not have a server available. Does your suggestion work anyway? Do I have to install something like LAMP on my Ubuntu? Do I have to setup my router in any special way?
Wildlion
DD-WRT Guru


Joined: 24 May 2016
Posts: 1109

PostPosted: Tue May 25, 2021 23:01    Post subject: Reply with quote
tedm is correct...

Bascially what you want to do is on the dd-wrt router have it resolve all dns queries to be the ipaddress is your server.

Then what will happen is your server will get all sorts of requests (such as ntp, phones calling home for updates, all of the app traffic ...)

but then have your Ubuntu machine redirect all things (the common will be http traffic ie port 80) to be the port you have selected.

yes you will have to install some type of server software, if your server is what you are showing below then you are good.

On your server machine (hopefully that is ubuntu), you could add the iptables rule:

iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 4316


(ps) I am doing this from memory and not validating so I could be wrong/have a typo
tedm
DD-WRT User


Joined: 13 Mar 2009
Posts: 445

PostPosted: Wed May 26, 2021 6:35    Post subject: Reply with quote
Yes you will need another web server. But LAMP drags a ton of stuff in that you don't need.

Take a look at the following:

https://www.pcsuggest.com/best-lightweight-web-server-linux/

Most of these are tricks that the author has thought up to show how clever he is, but if you have any of these already installed (my guess is you do) then you can use one without the bother of installing a "real" webserver. Then all you would need is an index.html page that would contain an HTTP redirect to your actual presentation software and port number. It could even redirect to the IP address and port number URL you posted if it needs to.

Here's instructions for what you need in a simple index.html page

https://www.bitdegree.org/learn/html-redirect:

The port forward @wildlion has already covered (and yes check the syntax)

All the baloney traffic devices send (update requests, etc) will be ignored since your tablet isn't going to have a service active on those ports but you can use the ufw firewall if you like to just allow only port 80 and port 4316 to be open:

https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-ubuntu-20-04

As for the wildcard:

https://qiita.com/bmj0114/items/9c24d863bcab1a634503

https://stackoverflow.com/questions/22313142/wildcard-subdomains-with-dnsmasq

NOTE THE COMMENT ABOUT THE HASH BEING SPECIAL as you will need to use that.
brittany123
DD-WRT Novice


Joined: 24 May 2021
Posts: 8

PostPosted: Wed Jun 02, 2021 17:20    Post subject: Reply with quote
Hi guys, sorry, I really tried my best but it is not working yet.

I start the python web server
Code:
python3 -m http.server
.
And the html file works great too:
Code:
<head>
<meta http-equiv="refresh" content="0; URL=http://192.168.1.121:4316/main" />
</head>
<body>
</body>

So if I open manually 127.0.0.1:8000 I am forwarded to 192.168.1.etc. But how do I set up the wildcard? It seams to me that I should install dnsmasq or is there a way to set a wildcard in dd-wrt on the router? And if not, can someone explain a little bit more, how to set the wildcard?
tedm
DD-WRT User


Joined: 13 Mar 2009
Posts: 445

PostPosted: Thu Jun 03, 2021 0:33    Post subject: Reply with quote
dnsmasq is already installed, did you read the 2 wildcard links near the bottom of my post? You are 99.9% of the way there!
brittany123
DD-WRT Novice


Joined: 24 May 2021
Posts: 8

PostPosted: Sun Jun 06, 2021 7:44    Post subject: Reply with quote
After spending days on this, it seams, that I am getting closer but there are still two problems.

The dns settings on my router at Services > Servies > Additional Dnsmasq Options looks like this:

address=/#/127.0.0.1

Besides dnsmasq I run the webserver with
Code:
sudo python3 -m http.server 80

Now the problem is, that all queries on http:// works great, but https doesn't work at all. I tried the "Port Forwarding" and "Port Range Forwarding" but that didn't work.

And the second problem is, that 192.168.1.2:4316/main is available on Wifi, but the forwarding doesn't work, neither from any http webside nor from 127.0.0.1.


Last edited by brittany123 on Sun Jun 06, 2021 15:49; edited 2 times in total
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 6168
Location: Romerike, Norway

PostPosted: Sun Jun 06, 2021 7:57    Post subject: Reply with quote
For captive portal to work, the web server have to be located at the WAN side of the router.
Wildlion
DD-WRT Guru


Joined: 24 May 2016
Posts: 1109

PostPosted: Sun Jun 06, 2021 22:16    Post subject: Reply with quote
I think you have lost me... are you running the python3 web server on the router or the desktop?

Port forwarding and port range forwarding are for traffic from the WAN to the LAN.

The problem should be very simple, you have a server setup on the LAN, if you can direct connect (ie type in the ip address of the webserver/port from one device on the LAN) then the webserver is setup correctly.

Then from the router you just override all traffic to point to that server. So have dnsmasq on dd-wrt set using:
address=/#/192.168.1.2

(where 192.168.1.2 is the ip address of the server you want everything to resolve to be)
This will only do things if people type in (dd-wrt.com or something similar), thus the rest is done by iptables either on the router or the server to redirect the ports to the correct port (ie 80 to 4316), and then if people try to type in ipaddress manually have the iptables on the router redirect all traffic to other ip addresses to the server.

This will get the majority of the cases, (if people are running dns over https or similar) they will time out since you are not providing that.
brittany123
DD-WRT Novice


Joined: 24 May 2021
Posts: 8

PostPosted: Sat Jun 12, 2021 14:11    Post subject: Reply with quote
Hi guys

I feel lost too. But I spend days to read about ssh, dd-wrt, iptables etc.

Here is the current status:

1. Dnsmasq is running on the router with address=/#/192.168.1.2
2. The web server is running on the laptop with the static IP 192.168.1.2.

If I open any website on port 80, e.g. http://dd-wrt.com, I am be forwarded to 192.168.1.2:4316/main. Great.

But people don't know anything about http and https and they will just type in their browser dd-wrt.com which will be opened on Firefow as https and https doesn't work.

So I tried on my laptop
Code:
iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 80
but it didn't work.

My question is, is there any chance to forward queries on port 443 to 80? Would it be helpful to run the web server on the router or to run iptables on the router?
tedm
DD-WRT User


Joined: 13 Mar 2009
Posts: 445

PostPosted: Sun Jun 13, 2021 19:54    Post subject: Reply with quote
brittany123 wrote:

My question is, is there any chance to forward queries on port 443 to 80? Would it be helpful to run the web server on the router or to run iptables on the router?


https negotiations take place after DNS redirects and before web-server redirects. Your python web server must establish an https connection to the web browser before it can issue the http redirect. Also, even if you DID run a version of python that could setup as an https server, the client would get an https invalid certificate error unless they used a hostname listed in the certificate. And no certificate authority on the Internet will issue a certificate with a hostname of *

I have to ask how stupid are your users? This is a TOUR you are talking about. Tell the users to go to http://whatevertheheckmynameis.com and have the tour guide EXPLICITLY tell them to use http:// not just type in whatevertheheckmynameis.com into their browser.
brittany123
DD-WRT Novice


Joined: 24 May 2021
Posts: 8

PostPosted: Sat Jun 19, 2021 12:31    Post subject: Reply with quote
Dear tedm,

Thank you very much. At least now I know that what I want to do is not possible without an internet connection.

Would it make a difference if I had an internet connection?

It seems that there are a couple of options to run a router with dd-wrt and LTE, e.g. here https://wiki.dd-wrt.com/wiki/index.php/3G_/_3.5G or here http://www.e-lins.com/EN/routers/4g.html.

But would the way with a local web server still work? Sorry, it would be very nice if you could keep going with me to find a solution.

I think the users are not stupid (otherwise they would not join my tour Laughing) but they even do not know that there is an address bar. They typed the address in the Google search and it did not work.
Goto page 1, 2  Next Display posts from previous:    Page 1 of 2
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum