DjESIGNS | m0n0wall's Captive Portal and You

3.2.05

m0n0wall's Captive Portal and You

I run my wireless access point wide open. I even broadcast its SSID. Why? Because I'm lazy. I want fire up my laptop and connect to my network wirelessly without having to configure anything.

Well, the other day, after I set up a MRTG moniter for my router's WAN interface, I noticed that there was some Internet traffic that I wasn't making. After checking some DHCP logs, I noticed the IP lease request from a computer named "lish". Hmmmm....I have a neighbor named Lish.

Firing up Net Stumbler, I walk outside and find one of those SBC provided 2wire modem/wireless router deals. By default, SBC ships them with wireless encryption enabled. So to actually use the wireless portion, you will need to manually configure your computer to connect to it. Is the picture clear now? It would seem that Lish thinks he's using his connection, but is really using mine.

So, do I turn off my SSID broadcast and turn on encryption? No, remember, I'm the lazy one. I decide to have fun with Lish. m0n0wall has a nifty feature called a Captive Portal. What this does is blocks all traffic through a specified router interface. If that traffic happens to be for a web page, the user is redirected to a page that I specify with instructions on how to continue. Typically, this can be done by clicking a button on the page or logging in.

I decided just to leave a little "welcome" message for good ole' Lish, with no way to continue through.

No need to call SBC, Lish, your Internet access isn't broke...you're simply not using it. You've been using my connection wirelessly.

I know, I know...you have your 2Wire modem/router/wireless thingy from SBC, but because you didn't configure your computer correctly, it doesn't even know you're there. You've likely seen dropped wireless connections and slow speed. Well, not slow speed here, I have a 3mbps connection ;-)...but I can't let you use it anymore, sorry.

I also left my phone number so he could call me for help configuring his computer's wireless connection.

9:09 am in geekness | 1 person viewing

4 ramblings so far

1. Wow, that seems like a lot of work for a lazy person!

on 3.9.05@3:10 pm by wowzer

2. In retrospect, it was a bit of work. Enjoyable though ;-)

on 3.9.05@3:44 pm by Danne

3. very funny :)

I stumbled across this page just trying to get a way to turn off m0n0wall's ssid broadcasting, but you know, I got distracted...

on 7.21.05@9:12 am by

4. From what I know, there isn't any way to turn off SSID broadcasts when m0n0wall is the AP. I actually use a Netgear router as my AP. Manuel (m0n0wall's creator) suggests using a separate AP if possible.

Since m0n0 was created for embedded devices with limited resources, extensive configuration of wireless services are not present. Depending on your boxen setup, just use a third interface and connect your AP to that with appropriate routing rules, captive portal rules, ect applied.

HTH...if you ever get distracted again ;-)

on 7.21.05@9:56 am by Danne

name

email - addresses are never displayed

URL - auto linked

add:

comments - comment policy