Posted: Mon May 24, 2021 20:09 Post subject: Forwarding to a local site after connecting to wifi
Hi guys, today I have installed dd-wrt the first time in my life and after a few hours of testing I think I have a very special question.
I have a TL-WR841ND running DD-WRT v3.0-r44715.
People should be automatically forwarded to this side http://192.168.1.2:4316/main if they connect to my wifi like a captive portal. But I do not have internet connection.
How do I have to setup CoovaChilli or something else?
Thank you for asking. Here are more details about what I want to offer. I have never heard anything like this before.
I would like to use this forwarding function in different ways. One is that I want to offer sightseeing walks. On this walks I want to show a PowerPoint-presantation on the mobile devices of the participants. I use a presentation software running on a tablet that is connected by LAN to my router. That software shows the presentation at http://192.168.1.2:4316/main. Because of the port 4316 it doesn't work to just edit the /etc/hosts file.
What I want is that the participants log in to my wifi and will be directly forwarded to the local address. And if they type any other address or if the search something on Google or anything else they should be forwarded to the presantation on 192.168.etc.
There are two problems right now. 1. What is the best way to setup the forwarding function? 2. Since I do not offer an internet connection the devices do not want to connect to my wifi. Is there a way to simulate an internet connection?
Last edited by brittany123 on Tue May 25, 2021 10:23; edited 1 time in total
What you want to do is setup your web server to respond to ANY URL queries. This is the default for Apache in fact. Then you setup your DNS server with a wildcard so that any query for any hostname will be sent to your webserver's IP address. Normally wildcards in DNS are bad bad bad and this example (private network not connected to the Internet) is one of the few examples I have ever seen that justifies their use. As for the weird port number, once more that is handled by the redirect on your webserver.
You aren't the first person to think of this, by the way.
Dear tedm, thank you very much for your response. I would like to test your suggestion but I have a question first. I only have a computer/tablet with a regular Ubuntu 20.04 and my router. I will not be at home and will not have a server available. Does your suggestion work anyway? Do I have to install something like LAMP on my Ubuntu? Do I have to setup my router in any special way?
Most of these are tricks that the author has thought up to show how clever he is, but if you have any of these already installed (my guess is you do) then you can use one without the bother of installing a "real" webserver. Then all you would need is an index.html page that would contain an HTTP redirect to your actual presentation software and port number. It could even redirect to the IP address and port number URL you posted if it needs to.
Here's instructions for what you need in a simple index.html page
The port forward @wildlion has already covered (and yes check the syntax)
All the baloney traffic devices send (update requests, etc) will be ignored since your tablet isn't going to have a service active on those ports but you can use the ufw firewall if you like to just allow only port 80 and port 4316 to be open:
So if I open manually 127.0.0.1:8000 I am forwarded to 192.168.1.etc. But how do I set up the wildcard? It seams to me that I should install dnsmasq or is there a way to set a wildcard in dd-wrt on the router? And if not, can someone explain a little bit more, how to set the wildcard?
After spending days on this, it seams, that I am getting closer but there are still two problems.
The dns settings on my router at Services > Servies > Additional Dnsmasq Options looks like this:
address=/#/127.0.0.1
Besides dnsmasq I run the webserver with
Code:
sudo python3 -m http.server 80
Now the problem is, that all queries on http:// works great, but https doesn't work at all. I tried the "Port Forwarding" and "Port Range Forwarding" but that didn't work.
And the second problem is, that 192.168.1.2:4316/main is available on Wifi, but the forwarding doesn't work, neither from any http webside nor from 127.0.0.1.
Last edited by brittany123 on Sun Jun 06, 2021 15:49; edited 2 times in total
I think you have lost me... are you running the python3 web server on the router or the desktop?
Port forwarding and port range forwarding are for traffic from the WAN to the LAN.
The problem should be very simple, you have a server setup on the LAN, if you can direct connect (ie type in the ip address of the webserver/port from one device on the LAN) then the webserver is setup correctly.
Then from the router you just override all traffic to point to that server. So have dnsmasq on dd-wrt set using:
address=/#/192.168.1.2
(where 192.168.1.2 is the ip address of the server you want everything to resolve to be)
This will only do things if people type in (dd-wrt.com or something similar), thus the rest is done by iptables either on the router or the server to redirect the ports to the correct port (ie 80 to 4316), and then if people try to type in ipaddress manually have the iptables on the router redirect all traffic to other ip addresses to the server.
This will get the majority of the cases, (if people are running dns over https or similar) they will time out since you are not providing that.
I feel lost too. But I spend days to read about ssh, dd-wrt, iptables etc.
Here is the current status:
1. Dnsmasq is running on the router with address=/#/192.168.1.2
2. The web server is running on the laptop with the static IP 192.168.1.2.
If I open any website on port 80, e.g. http://dd-wrt.com, I am be forwarded to 192.168.1.2:4316/main. Great.
But people don't know anything about http and https and they will just type in their browser dd-wrt.com which will be opened on Firefow as https and https doesn't work.
My question is, is there any chance to forward queries on port 443 to 80? Would it be helpful to run the web server on the router or to run iptables on the router?
My question is, is there any chance to forward queries on port 443 to 80? Would it be helpful to run the web server on the router or to run iptables on the router?
https negotiations take place after DNS redirects and before web-server redirects. Your python web server must establish an https connection to the web browser before it can issue the http redirect. Also, even if you DID run a version of python that could setup as an https server, the client would get an https invalid certificate error unless they used a hostname listed in the certificate. And no certificate authority on the Internet will issue a certificate with a hostname of *
I have to ask how stupid are your users? This is a TOUR you are talking about. Tell the users to go to http://whatevertheheckmynameis.com and have the tour guide EXPLICITLY tell them to use http:// not just type in whatevertheheckmynameis.com into their browser.
But would the way with a local web server still work? Sorry, it would be very nice if you could keep going with me to find a solution.
I think the users are not stupid (otherwise they would not join my tour ) but they even do not know that there is an address bar. They typed the address in the Google search and it did not work.
) but they even do not know that there is an address bar. They typed the address in the Google search and it did not work.