Captiveportal with no authentication - Giving access to locally hosted website



  • For a real estate application I need mobile wireless clients to browse to a website stored locally.
    No authentication is necessary. For any URL the client tries to access using the mobile browser they should be presented with the local website. After hitting the index.html or index.php they should be able to click on links and browse through to other web pages as well (which are also hosted locally on the same folder)

    The questions I'm having are;
    1. Could this be implemented with pfsense?
    2. Can I store the local website (html, php, images and videos) on the same server running pfsense (I'm using Alix 2d2 board with 4GB CF card)  and if I could in which folder?
    3. There are few external links on the local website. Can I restrict clients browsing only to these and not other URLs?
    4. If pfsense is not suited for this is there any other captiveportal/ walled garden that someone can recommend?

    I've been doing a fair bit of research but still couldn't find a workable solution and to make things worse I'm being hit with a deadline next week to have this implemented.
    Any assistance or suggestion that would point me to the right direction would be much appreciated.

    Thanks in advance guys!



  • Hi  :)
    I think your requirement can handle on pfsense
    1. yes, you can. in captive portal of pfsense you can make allow access to other host name with out any authenticate follow by
    Services: Captive portal -> look allowed Hostnames tab
    other address of your design host will asking for password.
    2. not sure.
    3. complete in 1.
    let try  ;)



  • Thanks zcache for your response.
    I will be trying your suggestions in the next couple of hours.
    One thing I want to confirm. You have mentioned that I can add allowed hostnames. But what happnes when a user browse to a non allowed hostname?
    I do want to force them to access the same host no matter what they type on the browser - sort of DNS poisoning
    Will this be achievable?



  • @websterp:

    Thanks zcache for your response.
    I will be trying your suggestions in the next couple of hours.
    One thing I want to confirm. You have mentioned that I can add allowed hostnames. But what happnes when a user browse to a non allowed hostname?
    I do want to force them to access the same host no matter what they type on the browser - sort of DNS poisoning
    Will this be achievable?

    browse to other from registered host will immediately asking for authorize code



  • I don't think captive portal is quite the right tool to do this.

    How about using outbound NAT on the wireless client interface to redirect any outgoing port 80 connect to the IP address of the wireless client interface? I don't know enough about outbound NAT to know if its possible to redirect to the "local interface IP address" but if it isn't, it should be possible to redirect to one of the allowed external servers (which presumably are under control of the same organisation) which then issues a http redirect back to the local server.

    I have not ever configured squid but I see it is described as having the capability of rewriting URLs. Perhaps it could be configured to not cache and to rewrite URLs to the local server if they don't reference the local server or one of the allowed external servers.

    There is a pfSense vHosts package which extends the inbuilt web server.

    The fairly limited RAM on an Alix might make it unsuitable to be running packages like squid and vHosts. (My home pfSense runs fine with 256MB but I run a small number of small packages, certainly nothing large enough to force my system to swap.)


Locked