The content of this topic has been archived on 19 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.
Hello everyone!
I am using my WRT54G V2 as a web server and I want to make it so that anyone who connects to the wireless AP and enters any web site is automaticly redirected to the web server on the WRT at 192.168.1.1. Who would I go about doing this? Possibly with out installing any extra packages.
Cheers
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 80if eth1 is interface where client come from and 80 is local web server port.
Thanks for your help although when i attempt to enter another site eg. google.com i still get "Can not resolve address" or even if enter 192.168.1.x address i am still not routed to the web server. Does any one know how to do this?
How can I make it that when someone connects to my router via wireless,opens there web browser and does www.anywebsite.com its points them to my WRt's web server 192.168.1.1. Mind that the WRT is alone and not connected to any other network
Cheers :!:
How can I make it that when someone connects to my router via wireless,opens there web browser and does www.anywebsite.com its points them to my WRt's web server 192.168.1.1. Mind that the WRT is alone and not connected to any other network
Cheers :!:
$IPT -t nat -A PREROUTING -i $WIFI -p tcp --dport 80 -j REDIRECT --to-port 80
Thanks for your support although i get an error: -t not found. Im kind a linux n00b some help would be greatful
Hello everyone!
I am using my WRT54G V2 as a web server and I want to make it so that anyone who connects to the wireless AP and enters any web site is automaticly redirected to the web server on the WRT at 192.168.1.1.
Cheers
Exactly what i am doing and here is my firewall settings:
.
.
.
LAN=$(nvram get lan_ifname)
IPT=/usr/sbin/iptables
# allow these MAC:s
$IPT -t nat -A PREROUTING -m mac --mac-source 00:12:21:29:1a:46 -i $LAN -j ACCEPT
$IPT -t nat -A PREROUTING -m mac --mac-source 00:33:48:ee:21:d3 -i $LAN -j ACCEPT
# deny ALL other traffic (redir to FW & Log)
$IPT -t nat -A PREROUTING -p tcp -i $LAN -j DNAT --to 192.168.1.1
.
.
.
And make sure that your dhcp is right configured (GW & DNS)
domain-needed
bogus-priv
filterwin2k
local=/lan/
domain=lan
except-interface=vlan1
dhcp-leasefile=/etc/dhcp.leases
dhcp-range=lan,192.168.1.30,static,255.255.255.0,12h
dhcp-range=lan,192.168.1.31,static,255.255.255.0,12h
dhcp-host=net:lan,00:12:21:29:1a:46,192.168.1.30
dhcp-host=net:lan,00:33:48:ee:21:d3,192.168.1.31
dhcp-option=lan,1,255.255.255.0
dhcp-option=lan,3,192.168.1.1
dhcp-option=lan,6,192.168.1.1
/S.D
Hi,
i need a transparent proxy that works with OpenWRT. But i need also a special feature of this proxy: like tinyproxy the transparent proxy must send (inject) a request header field with the clients ip address at the wifi interface.
Do you know if there is something out there, that can do this task ?
Thank you for your attention, Peter.
tinyproxy with transparent support has already been ported :
http://openwrt.alphacore.net/tinyproxy_1.6.3_mipsel.ipk
It should fit to your need as is.
If the transparency is not working then add something like this to your existing firewall script :
$IPT -t nat -A PREROUTING -i $WIFI -s 192.168.0.0/255.255.255.0 -p tcp -m tcp --dport 80 -j REDIRECT --to-port 8080Dear RItalMan,
many thanks for your response.
Yes, after some readings i realized that with iptables any proxy can be transparent.
So coming to my next stop: The proxy will put a header field with the clients ip address, but afterwards i need to redirect (any) request at port 80 to a specific address for authentification (login).
I think tinyproxy cannot do that. I think squid can with "redirect_program" option. Do you know of any redirect_program for squid for OpenWRT platform.
Again thank you for your attention,
Regards, Peter
I tried inserting these commands using the "NVRAM" command or am i supposed to put these into some .conf file?
/etc/init.d/S45firewall :
LAN=$(nvram get lan_ifname)
IPT=/usr/sbin/iptables
# allow these MAC:s
$IPT -t nat -A PREROUTING -m mac --mac-source 00:12:21:29:1a:46 -i $LAN -j ACCEPT
$IPT -t nat -A PREROUTING -m mac --mac-source 00:33:48:ee:21:d3 -i $LAN -j ACCEPT
# deny ALL other traffic (redir to FW & Log)
$IPT -t nat -A PREROUTING -p tcp -i $LAN -j DNAT --to 192.168.1.1 /etc/dnsmasq.conf
domain-needed
bogus-priv
filterwin2k
local=/lan/
domain=lan
except-interface=vlan1
dhcp-leasefile=/etc/dhcp.leases
dhcp-range=lan,192.168.1.30,static,255.255.255.0,12h
dhcp-range=lan,192.168.1.31,static,255.255.255.0,12h
dhcp-host=net:lan,00:12:21:29:1a:46,192.168.1.30
dhcp-host=net:lan,00:33:48:ee:21:d3,192.168.1.31
dhcp-option=lan,1,255.255.255.0
dhcp-option=lan,3,192.168.1.1
dhcp-option=lan,6,192.168.1.1Look in wiki documentation to see how to edit those files if they're read-only.
Hi! i put that rule and i have this message when i run the firewall script:
root@OpenWrt:/etc/init.d# iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-ports 80
iptables v1.3.3: Unknown arg `--to-ports'
Try `iptables -h' or 'iptables --help' for more information.I tried with --to-port and i have the same message, i'm using whiterussian rc5
The discussion might have continued from here.