slackware specific help for cgi script

slac-in-the-box · 08-19-2011, 09:19 PM

howdy slackers:

Although my question doesn't pertain specifically to the installation or evaluation of slackware, my home network has multiple servers which all run slackware, and I have a problem for which I wish for a slackware-specific solution, so I post here instead of a broader LQ forum.

In a nutshell, I need help with a cgi script. The details: I live in the mountains, and am fortunate to have DSL in a region where cellular phones do not work. My neighbor is currently hosting an event that brings about 800-1200 folks camping out on his land, all withing wifi range of my home. They asked me to share my DSL via wifi with general public.

I want to take it a step further, and provide a welcome page, with map of area, local land use regulations, etc., as well as some other terms and conditions that they must consent to to use my wifi (standard legal disclaimer, etc.)...

To accomplish this, my network is arranged thus:

Code:

 (DSL-ROUTER)
                |
              bridge
             /      
    public switch    priv.switch
          /      \       |
        static    dhcp-server
       addresses:              \
         www                    \ 
       asterisk                  wifi bridge 1
        mysql                                 \
         bind                                  \
                                                wifi bridge 2

this could be all wrong... I'm just a hobbiest...

But... I created an html page on the apache web server, www, that is listening on a LOCAL address on the private switch. This page informs the guests of the rules, and then offers up simple html form button to click on if they agree to terms.

My plan is to use IPTABLES on the dhcp-server to route all oubound port 80 traffic that is not on a list contained in a file somewhere to the local welcome page.

I need help with the choice of a solution for a cgi script to process the html form when they click "agree" on the local welcome page. This script should get their ip address or MAC address, and add it to the list contained in the file somewhere. Thus once they're on the list, they will no longer get the welcome page, but will have NAT...

what is a quick and dirty way with tools that are in a default full install of slackware (perl, php, lisp, javascript, whatever) to create a cgi script to get the ip address or mac address to add to the file for ip tables...

or am I completely off base and there be some more efficient way of doing this, or software that already does it that I can just install...

thanks in advance for any input

slac-in-the-box · 08-20-2011, 03:32 AM

oh...

well there were some sample cgi-scripts that came with the apache bundled in slackware, one of them called test-cgi, which printed the environmental variable REMOTE_ADDR, and so I can now get ip address...

maybe there is way to use ip to look up MAC address... hmm...

still trying

mRgOBLIN · 08-20-2011, 09:55 AM

Code:

ip_add="192.168.0.64"
arp -a |awk /$ip_add/'{ print $(NF-3)}'

Will let you use built in tools or you could grab "arp-scan" from Slackbuilds and do something like...

Code:

ip_add="192.168.0.64"
arp-scan --quiet -I eth0 192.168.0.64 |awk /$ip_add/'{ print $NF}'

What you are actually doing is making a "Captive Portal". The free version of Untangle Gateway has this functionality built in if you want another option.

ponce · 08-20-2011, 01:54 PM

I've tried nocatauth in the past and it works fine for capturing natted hosts, the only thing is that like most captive portal solutions it's not that easy to setup

http://nocat.net/

but like mRgOBLIN says, there are many dedicated gateway/firewall distributions that have this functionality included and ready to use, you can have a look also to pfsense or zeroshell.

slac-in-the-box · 08-20-2011, 03:12 PM

TY mRgOBLIN... that code get's mac address beautifully!

I know there are live cds and distros made for this... and now that I learned the term "captive portal" I've discovered more... but there is nothing like understanding how it's happening, which is why I'm sticking with slack...

So, now equipped with MAC address, I feel like it's time to back up my /etc/rc.d/rc.firewall script, which was created with easy firewall generator, and start experimenting with capturing outbound traffic to port 80 and getting it to the local apache welcome page...

I used to do this with openbsd's pf, but got tired of keeping up with a separate distro just for the firewall, and so am trying to learn to do it all with slack. Deep thanks to the slackware community for its patience, help, and support.