Hacker News new | ask | show | jobs
by rotoole 1639 days ago
The keyword to search for is "WiFi captive portal".

My company provides captive portals for guest networks as a low cost hosted service:

https://www.stad.io

I recommend the Cisco Meraki Go Access Points, because they are low cost and easy to setup and manage.

https://www.amazon.com/Meraki-Go-Indoor-WiFi-AP/dp/B07GX1RHS...

Hope that helps.
1 comments
sigmaprimus 1639 days ago
Yes thank You very much.

I have a number of articles to read now on turning a RPi into a "Captive Portal.

Thanks for the fast response!

link
rotoole 1639 days ago
When I started the company, we used the RPi as the WiFi Access Point. The trouble with them is that the built in WiFi module is pretty limited in its ability to handle many simultaneous users and to provide a robust signal throughout a space. You can buy 3rd party USB WiFi dongles, but I found that they have a high failure rate over their lifetime. i.e. not the most robust solution.

If you go the RPi route, you may find the following script helpful. This will bridge the 3rd party dongle to the local network, isolate devices from communicating to private network IPs, and forward HTTP/S traffic through the Squid HTTP proxy service. (sorry about the formatting):

#!/bin/bash

set -e if [[ $EUID -ne 0 ]]; then echo "This script must be run as root" exit 1 fi

# Set the proxy interface based on the presence of wlan0 or not

if [ -e "/sys/class/net/wlan0/operstate" ] ; then PROXY_INTERFACE=wlan0 else PROXY_INTERFACE=eth0 fi

PROXY_HTTP=3128

PROXY_HTTPS=3129

PROXY_NETWORK=`ip address show $PROXY_INTERFACE | grep 'inet .* brd ' | head -1 | sed -e 's/inet \(.\) brd.$/\1/' | sed -e 's/ //g'`

# Allow traffic to the proxy's network

iptables -A FORWARD -d ${PROXY_NETWORK} -j ACCEPT

# Drop traffic forwarded to all other class A, B, and C private networks

iptables -A FORWARD -m iprange --dst-range 10.0.0.0-10.255.255.255 -j REJECT

iptables -A FORWARD -m iprange --dst-range 172.16.0.0-172.31.255.255 -j REJECT

iptables -A FORWARD -m iprange --dst-range 192.168.0.0-192.168.255.255 -j REJECT

# WiFi AP Only; Bridge WLAN to eth0

if [ $PROXY_INTERFACE = "wlan0" ]; then iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

    iptables -A FORWARD -i eth0 -o $PROXY_INTERFACE -m state --state RELATED,ESTABLISHED -j ACCEPT

    iptables -A FORWARD -i $PROXY_INTERFACE -o eth0 -j ACCEPT
fi

# Let local Squid get out to HTTP/S

iptables -t nat -A PREROUTING -s localhost -p tcp --dport 80 -j ACCEPT

iptables -t nat -A PREROUTING -s localhost -p tcp --dport 443 -j ACCEPT

# Forward all HTTP/S to Squid

iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port $PROXY_HTTP

iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port $PROXY_HTTPS

# drop direct connections to the squid proxy

iptables -t mangle -A PREROUTING -p tcp --dport $PROXY_HTTP -j DROP

iptables -t mangle -A PREROUTING -p tcp --dport $PROXY_HTTPS -j DROP

link
sigmaprimus 1639 days ago
OK Thanks,

My current idea is to invert the network connections and use the wireless to connect the RPi to my internal internet connection and the wired connection to serve out the internet to my neighbors. The main reason for this is the tp-link WIFI antenna I got for Xmas comes with a POE injector which will make outdoor installation much easier and I am assuming it will have an increased range over the built-in Rpi WIFI.

I found this Git which seems to go over the process of setting up a standard capture portal which after setting up, I am hoping will be fairly easy to swap the device IDs to achieve my goal.

https://github.com/TomHumphries/RaspberryPiHotspot

link
rotoole 1639 days ago
It is a fun rabbit hole to go down. Good luck!
link