1

I would like to connect a client to my Node.js web server via my rpi access point.

I have successfully setup my rpi3 stretch as an access point. Now I am trying to have the client redirected to the simple web server running on the Pi.

I have seen this iptables redirection but its not working for me.

iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to-destination localhost:80
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination localhost:80

Once my client connects to the RPi AP wifi I am not redirected to any browser to the destination of the server. I can verify the iptable rules are there using.

iptables -t nat -L -n -v

I would like to be able to have the client redirected to a browser and the destination with out having to manually open a broswer and type in the address.

Can anyone help with this?

Colin Rosati
  • 209
  • 1
  • 9

2 Answers2

1

Option 1: Using iptables

The Network Authentication Type didn't work for me. But redirecting using iptables did the trick. These commands found here

iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to-destination localhost:80
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination localhost:80

This redirects all requests made via port 80 and 443 (i.e. opening any website) to be redirected to whatever is running on your hotspot's port 80.

worked when I replaced localhost:80 with the static IP address I assigned to my raspi in /etc/dhcpcd.conf, e. g. 192.168.1.1:7070.

Example

Maybe this might be helpful: as an example, I've set up a Node.js-server with express and added:

app.get('/api/ping', (req, res) => {
    return res.send('pong');
}); 

app.all('*', (req, res) => {
    res.redirect('http://192.168.1.1:7070/api/ping');
});

app.listen(7070, '192.168.1.1');

Now, when a user connects to the access point using Windows 10, the browser opens up with http://www.msftconnecttest.com/redirect and a few seconds after that he will be redirected to 192.168.1.1:7070/api/ping.

Option 2: Configure dnsmasq

If this still doesn't work, you could try and follow the instructions here where we specify the redirection in the DHCP server (dnsmasq).

[...] [Y]ou can change your DNS server to redirect any request to a domain that isn't yours to the Raspberry Pi. The /etc/dnsmasq.conf file controls the DNS server. Add the following line to redirect all requests (change the IP address if you chose not to use 192.168.4.1)

address=/#/192.168.1.1

You will then need to set up your webserver to redirect those requests. I suggest choosing a URL, like http://mysite/, and telling your webserver (such as nginx) to show your site for that domain, and send a redirect for all other domains.

However, this only worked when I set up my server to listen to port 80 (as the websites that the OS calls to check if there is a working internet connection and to possibly redirect to a captive portal are served as HTTP). A disadvantage is that you need to run your Node.js-server with root privileges (using sudo node yourserver.js).

Update

Note that recently, I had to combine the two approaches to make it work as can be seen on this interesting page. The author creates a captive portal for an apache server but the basic setup stays the same. He states that the use of iptables is intended to "resolve all ip addresses to the IP address of apache2", while adding the address=... line in dnsmasq.conf is used to "to resolve all domain names to the IP of apache2".

Also make sure you check out sabhiram's awesome git repository raspberry-wifi-conf, especially the wifi_manager if you want to turn the Rasberry Pi into an Access Point with one click. You may want to add the iptables setup to the wifi_manager and the address=... line to the dnsmasq.ap.template.

Splines
  • 126
  • 4
1

It looks like you can do it without using iptables by using a hostapd configuration option

# Network Authentication Type
# This parameter indicates what type of network authentication is used in the
# network.
# format: <network auth type indicator (1-octet hex str)> [redirect URL]
# Network Authentication Type Indicator values:
# 00 = Acceptance of terms and conditions
# 01 = On-line enrollment supported  
# 02 = http/https redirection
# 03 = DNS redirection
#network_auth_type=00
#network_auth_type=02http://www.example.com/redirect/me/here/

I'd set it up as

network_auth_type=02http://192.168.3.14:1234/url/for/node/js/stuff

and see what happens. I can't test it right now as none of my Raspberries are running as an access point.

https://w1.fi/cgit/hostap/plain/hostapd/hostapd.conf

Dougie
  • 5,301
  • 10
  • 19
  • 28
  • looks great. ive tried adding this to my hostapd.conf file? I am going through the reference and Im unclear if i need more. my hostapd now looks like :
    interface=wlan0 driver=nl80211 ssid=RPiHotSpot hw_mode=g channel=6 wmm_enabled=0 macaddr_acl=0 auth_algs=1 ignore_broadcast_ssid=0 wpa=2 wpa_passphrase=1234567890 wpa_key_mgmt=WPA-PSK wpa_pairwise=TKIP rsn_pairwise=CCMP network_auth_type=02http://192.168.3.14:1234/     – Colin Rosati Feb 06 '19 at 15:42
  • Don't put my example URL in there. Your IP address is probably not 192.168.3.14. And I'm 100% sure Node isn't running on port 1234. – Dougie Feb 06 '19 at 20:08
  • I have changed my url to my server. Im just using your code in the example. I am using port 8001 (set from my node server) and set to my RPI IP address. I can confirm this address + port when a client and RPI are on the same wifi network. The issue seems to be this interworking disables my RPI wlan0 IP address in my setup. – Colin Rosati Feb 06 '19 at 20:17