强制门户的DNSMASQconfiguration

我正试图创build一个俘虏门户网站的热点。

目标的设置：

1. 永远不允许通过wlan0连接到热点的用户通过eth1访问互联网。

2. 为“login到无线networking”出现在Android，iPhone和任何设备将连接，我想路由请求，去
   http://clients1.google.com/generate_204和其他操作系统的其他url，我还没有想出，到我的本地服务器，并返回真正的服务器将返回什么。

   • 默认httpredirect时域名请求，与闪存dd-wrt路由器
   • 内置的Sonic墙上的DNS服务器？
   • DNSMasq吞下本地A条目
   • 使dnsmasq忽略/ etc / hosts中的特定条目
   • dnsmasq返回（false）DNSSECvalidation的“假”结果

我使用dnsmasq和hostapd来实现这一点。

问题：当我在dnsmasq.conf中使用address = /＃/ 127.24.2.1时，内部脚本发出的互联网请求也失败。 我想我正在关注如何使用dnsmasq来过滤只有wlan0接口stream量的dnsmasqconfiguration手册页。

我该怎么做呢？

机器有这些接口

eth1 Link encap:Ethernet HWaddr 00:1e:06:30:5b:03 inet addr:192.168.0.107 Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: fe80::21e:6ff:fe30:5b03/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:37047 errors:0 dropped:0 overruns:0 frame:0 TX packets:1752 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:3351437 (3.1 MiB) TX bytes:176100 (171.9 KiB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:796 errors:0 dropped:0 overruns:0 frame:0 TX packets:796 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:284838 (278.1 KiB) TX bytes:284838 (278.1 KiB) wlan0 Link encap:Ethernet HWaddr 98:de:d0:1b:95:5a inet addr:172.24.1.1 Bcast:172.24.1.255 Mask:255.255.255.0 inet6 addr: fe80::9ade:d0ff:fe1b:955a/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:6 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:576 (576.0 B) 

DNSMASQ看起来像这样

 interface=wlan0 # Use interface wlan0 listen-address=172.24.1.1 # Explicitly specify the address to listen on #bind-interfaces # Bind to the interface to make sure we aren't sending things elsewher$ server=8.8.8.8 # Forward DNS requests to Google DNS domain-needed # Don't forward short names bogus-priv # Never forward addresses in the non-routed address spaces. dhcp-range=172.24.1.50,172.24.1.150,12h # Assign IP addresses between 172.24.1.50 and 172.24$ address=/#/172.24.1.1 except-interface=eth1 

我使用一个nodejs express服务器并执行此操作

  app.get('/generate_204', function(req, res) { console.log('generate 204 hit'); res.statusCode = 302; res.setHeader("Location", "/"); res.end(); }); 

我使用hostapd创build了热点，configuration是

  # This is the name of the WiFi interface we configured above interface=wlan0 # Use the nl80211 driver with the brcmfmac driver driver=nl80211 # This is the name of the network ssid=Pi3-AP # Use the 2.4GHz band hw_mode=g # Use channel 6 channel=6 # Enable 802.11n ieee80211n=1 # Enable WMM wmm_enabled=1 # Enable 40MHz channels with 20ns guard interval ht_capab=[HT40][SHORT-GI-20][DSSS_CCK-40] # Accept all MAC addresses macaddr_acl=0 # Use WPA authentication auth_algs=1 # Require clients to know the network name ignore_broadcast_ssid=0 # Use WPA2 wpa=2 # Use a pre-shared key wpa_key_mgmt=WPA-PSK # The network passphrase wpa_passphrase=raspberry # Use AES, instead of TKIP rsn_pairwise=CCMP 

我试图解释这个要求，我不确定我是否已经完成了解释部分。 还有一个问题，我在serverfault上为同样的问题提出了这个问题，这个问题被标记为off-topic，阅读它会让你明确的理解这个需求。 https://serverfault.com/questions/823139/iptables-for-linux-captive-portal-wifi-hotspot

 except-interface=lo 

 nameserver 8.8.8.8 

 sudo systemctl restart dnsmasq sudo resolvconf -u