Open Splash Page After Connecting to Wifi Hotspot

Question

I'm using my pi3 to display a local "website" as described here Making a Raspberry Pi 3 accessible w/o configuration via WiFi and static IP/URL.

Therefore, I'm creating a hotspot with the pi. This hotspot has no connection to the internet. ~~Thus, (correctly) all devices show the connection as broken, connect forever or drop the connection after a while. => SOLVED see Edit I~~ Now I want to forward the devices which connect to this hotspot to my splash page.

I was wondering if I could configure the hotspot in a way that my local website is the login page.

Example,

this hotspot first connects and then opens up automatically a login page:

1 Connecting

2 Connected

3 Login Page

Question

How to configure the hotspot in a way that devices are automatically forwarded to http://localhost:80 on connecting.

Code

access point

  #access point
  apt-get install iw #Wireless tools
  sudo apt-get install hostapd #Host Access Point Daemon
  #config access point
  cat /home/pi/myinstaller/wlan.config > /etc/hostapd/hostapd.conf
  chmod 600 /etc/hostapd/hostapd.conf
  #add to autostart
  echo DAEMON_CONF=\"/etc/hostapd/hostapd.conf\" >> /etc/default/hostapd
  #manual start with hostapd -dd /etc/hostapd/hostapd.conf

  #router functions
  Y | sudo apt-get install dnsmasq
  cat /home/pi/myinstaller/dnmasq.config >> /etc/dnsmasq.conf

wlan.config

# WLAN-Router

# INTERFACE & DRIVERS
interface=wlan0
#driver=nl80211

# WLAN-CONFIG
ssid=someName #name of the wifi
channel=1
hw_mode=g
wmm_enabled=1
country_code=DE
ieee80211d=1
ignore_broadcast_ssid=0#1 is hidden, 0 visible
auth_algs=1

# WLAN-ENCRYPTION
wpa=2
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP
wpa_passphrase=somepassword

new dnsmasq.conf (EDIT I)

From: https://www.the-hawkes.de/dnsmasq-a-local-dnsdhcp-server-on-raspberry-pi.html I restarted it after changing it with /etc/init.d/dnsmasq restart

######### dns ########
# Never forward plain names (without a dot or domain part)
domain-needed
# Never forward addresses in the non-routed address spaces
bogus-priv
# dont read resolv.conf   use the defined servers instead
no-resolv
# increase dns cache form 512 to 4096
cache-size=4096

address=/#/127.0.1.1

######### dhcp ##########
# Add local-only domains here, queries in these domains are answered
# from /etc/hosts or DHCP only
local=/home/
# Set this (and domain: see below) if you want to have a domain
# automatically added to simple names in a hosts-file.
expand-hosts
# adds my localdomain to each dhcp host
domain=home
# my private dhcp range + subnetmask + 14d lease time
dhcp-range=192.168.178.10,192.168.178.99,255.255.255.0,14d
# set route to my local network router
dhcp-option=option:router,192.168.178.1
#windows 7 float fix
#http://brielle.sosdg.org/archives/522-Windows-7-flooding-DHCP-server-with-DHCPINFORM-messages.html
dhcp-option=252,"\n"

###### logging ############
# own logfile
log-facility=/var/log/dnsmasq.log
log-async
# log dhcp infos
log-dhcp
# debugging dns
#log-queries

ip-tables

These are applied with iptables-restore /etc/network/iptables. 127.0.1.1is the address of the localhost: raspberrypi.local which I found in /etc/hosts

*filter
:INPUT DROP [159:12505]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [140:13492]
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A PREROUTING -p tcp --dport 80 -j DNAT --to 127.0.1.1:80
-A PREROUTING -p udp --dport 80 -j DNAT --to 127.0.1.1:80
-A INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT

*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [14020:1087947]
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -i eth1 -j ACCEPT
COMMIT
*nat
:PREROUTING ACCEPT [71:10102]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [2:112]
:POSTROUTING ACCEPT [1:60]
:NET - [0:0]
-A PREROUTING -p tcp -m tcp --dport 80 -j DNAT --to-destination 127.0.1.1:80
-A PREROUTING -p udp -m udp --dport 80 -j DNAT --to-destination 127.0.1.1:80
-A POSTROUTING -o eth0 -j MASQUERADE
-A NET -j ACCEPT
COMMIT

HHmmmnnnnn... not sure... but try to use 127.0.0.1 instead of 127.0.1.1 and the prerouting rule should be: iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 127.0.0.1:80 . tcp is enough for captive portal. If it doesn't work try to put other ip different to loopback ip. You must have another one, don't you? — OscarAkaElvis, Jan 07 '17 at 01:31
I am doing pretty much the same thing. The only difference is I serve a private address instead of localhost (127.0.0.1) as I thought localhost might confuse devices. Have you managed to do this? — r0berts, May 27 '18 at 07:50
Chek it out. https://raspberrypi.stackexchange.com/a/106018/44221 — M. Rostami, Jan 03 '20 at 23:48
Does this answer your question? raspberry pi as access point with captive portal — Dmitry Grigoryev, Dec 07 '20 at 14:25

score 0 · Answer 1 · answered May 04 '21 at 17:35

From your first post it looks like you didn't enable routing in the kernel. Enable it with

sysctl -w net.ipv4.ip_forward=1

To do this permanent do

in /etc/sysctl.conf:

net.ipv4.ip_forward = 1

To use this setting without reboot execute sysctl -p /etc/sysctl.conf