What is a captive portal?

There are many definitions out there which are explaining about captive portal like in TechTarget SearchMobileComputing, Answers.com, and Wikipedia. Still haven't got it? Well, have you found yourself connected in a public hotspot such as at the public venues, airport lounges, or hotel plaza? it's so common if we're going to browse to any pages using our favorite web browser we're forced to see a page to accept the Terms of Service (ToS) of the hotspot provider or submits username and password in order to be able to continue browse the web. Those kind of web pages are so called captive portal.

Enough the Bla Bla! How does it works?

Maybe captive portals are sounds so simple for someone but maybe not for others. It uses a great combination HTTP redirection techniques on the firewall and a web server which serves the intercepting web portal to authenticate users or just shows a page of terms of service (ToS) for users to accept. Every TCP/IP packet which belong to any unauthenticated users (not being on the whitelist of the firewall) are intercepted by the firewall and redirected to the captive portal (a web page showing ToS or a form of username and password) served by a web server. After they have been authenticated or accepting the ToS, their "computer" identity are read by the firewall and entered into firewall's "whitelist" so they can continue browsing without being intercepted again by the portal.

I've been experimenting a bit of building a simple captive portal by using a clean install box of Ubuntu Linux 10.10 x86 Desktop (yes, Desktop, not Server) inspired by an article by Andrew Beverley (Andy Bev) on his wiki about Using iptables and PHP to create a captive portal. My experiments about this are far more described in my experimental lab.

In my captive portal experiment I uses:

• An Ubuntu 10.10 x86 Desktop Linux box. I prefer GUI while experimenting rather than a single workspace on Ubuntu Server.
• Dual Core Intel CPU with 2GB of RAM.
• Two network interfaces, one for the main internet connection, and one for the public accessible hotspot. Yes, you need at least two network interfaces to do this experiment.
• The software itself for building the captive portal:
  • iptables, the common firewall
  • Apache2 web server, with PHP5 installed
  • MySQL server, for managing user credentials (for authenticative portal)
  • dhcp3-server as DHCP server and bind9 as DNS server, so users don't have to configure their computer  network configuration manually when they are connected to the hotspot. But I will not explain about how to configure these servers further.
  • Plus, I uses Panada PHP Framework to make web portal development much easier.

How to setup and build the portal? Read on to the lab.