Hi!

I am a beginner with openWRT and networks in general, so sorry if my question is stupid ...

I am working on an art project where we want to create hotspots that have no Internet access, but serve a simple web page. People have to connect to the hotspot to see it, and no matter what url or IP they put in their web browser's address bar they will be sent to that single web page.

I have web dev experience, so setting-up the server won't be an issue, however I am not sure how to achieve the redirection part on the router ... I have looked into several solutions so far :

- 1. by configuring dnsmasq : the only examples of configuration I have found so far seem to map only ONE domain name to an IP. In my case I would like to map ALL the possible domain names to one IP. Is that possible with dnsmasq? And if I do it, how can I also redirect IP addresses ?

- 2. by using a captive portal : I have quickly tried Nodogsplash, and it works, except that once I close the captive portal, I am connected, and free to navigate wherever I want. What I would need is that the captive portal would always always direct the user to splash screen. No escape!!!
The other thing with that solution : is it possible to use a custom web server as to serve the splash screen (I want to be able to implement my own HTTP routes, POST, and stuff ...) ?

Thanks for your help

Sébastien

(Last edited by pycos86 on 31 Mar 2016, 23:09)

you can use a another web server to host, one good package your can use is Busybox httpd, a very lightweight webserver. you can use that to host you portal page or if you already have luci on installed on the router, running a differenet process of uhttpd will also do, then apply a IPtable rules eg

iptables -t nat -I PREROUTING -i br-lan -j DNAT --to 192.168.1.1:15151

(Last edited by remlei on 1 Apr 2016, 00:08)

see the option -A --address of dnsmasq

http://www.thekelleys.org.uk/dnsmasq/do … q-man.html

"#" is the wildcard character in dnsmasq, if you use --address=/#/192.168.1.1 then dnsmasq will resolve all domains to 192.168.1.1.

and set up a webserver with a error 404 page that it redirects to index page.

with this config any http request will be redirected to your webserver index page, without internet.

you can use lighttpd to achieve this, no need to reinvent the wheel with others webservers.

(Last edited by iasimov on 1 Apr 2016, 00:54)

Instead of modifying the dnsmasq command line, you can modify the configuration file instead.

First make a backup of your config file.

cp /etc/dnsmasq.conf /etc/dnsmasq.conf.original

Then issue the following command

echo "address=/#/192.168.1.1" >>  /etc/dnsmasq.conf

This assumes that your OpenWrt router has an address of 192.168.1.1

Great! Thanks for your answers I will try today!!!

Here.

iasimov has not advised alteration of the DNSmasq task but only indicated a directive.

vernonjvs however, advises placement of a directive in a nonstandard, for OpenWrt, location (/etc/dnsmasq.conf).

/etc/config/dhcp:

    config dnsmasq
    ...
    list address '/#/192.168.1.1' /* <- IP address of web server (uhttpd) */

will be retained across upgrades.

Thanks! I have followed vernonjvs advice and placed the dnsmasq directive in /etc/dnsmasq.conf for the moment. It works well! I will change it to standard location /etc/config/dhcp following Max Hopper 's advice.

Max Hopper, in the thread you posted it says that

Is that an issue also if the router doesn't provide Internet access? Should I do this?

Now, what I didn't manage to get working is the iptables, to redirect any IP to 192.168.1.1 cause now it works with urls, but when you type an IP, you still get "page not found". I tried remlei command, but it didn't work :

iptables v1.4.21: Need TCP, UDP, SCTP or DCCP with port specification

So I tried to add option

-p tcp

but still nothing happens when I point my browser to 192.168.1.10 for example. I have tried to list the iptables rules, but my rule is nowhere to be found.

That is not necessary in an AP without a WAN link.

This code, which respects the OpenWrt firewall 'zone' design, will deal with attempts to bypass DNS lookups -

/etc/firewall.user:

# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.

# Internal uci firewall chains are flushed and recreated on reload, so
# put custom rules into the root chains e.g. INPUT or FORWARD or into the
# special user chains, e.g. input_wan_rule or postrouting_lan_rule.

local _lan_CIDR=$(uci -q get network.lan.netmask)
local _lan_ipaddr=$(uci -q get network.lan.ipaddr)
local _x=${_lan_CIDR##*255.}
set -- 0^^^128^192^224^240^248^252^254^ $(( (${#_lan_CIDR} - ${#_x})*2 )) ${_x%%.*}
_x=${1%%$3*}
_lan_CIDR="${_lan_ipaddr%.*}.0/"$(( $2 + (${#_x}/4) ))

iptables -t nat -F prerouting_lan_rule
iptables -t nat -A prerouting_lan_rule -p tcp -j REDIRECT --to-port 80 --src $_lan_CIDR ! --dst $_lan_ipaddr

The scripting component determines the configured IP range, in CIDR format, of the AP.

My AP doesn't have a WAN link, so I think I won't need that script.
Thank you very much Max Hopper !!!

The code when placed in /etc/firewall.user generates an iptables command for redirecting packets from UAs (browsers) where an IP address in place of a URL is requested.

Modifying the /etc/dnsmasq.conf will be retained across upgrades as well.

# sysupgrade -v ./openwrt-15.05-ramips-rt305x-a5-v11-squashfs-sysupgrade.bin
Saving config files...
etc/config/dhcp
etc/config/dropbear
etc/config/firewall
etc/config/network
etc/config/system
etc/config/wireless
etc/dnsmasq.conf

Where is it stated in this post that /etc/dnsmasq.conf would not be retained?