[isf-wifidog] Coova + WifiDog - Need no internet page

Benoit Grégoire benoitg at coeus.ca
Mer 4 Aou 10:38:03 EDT 2010 

On August 4, 2010 09:58:22 am Genevieve Bastien wrote:
> Hi Jason,
> 
> > Situation 1
> > The auth server is down page is displayed as expected
> 
> The page that is shown there is the green page saying "Uh ohhh  internet
> not available", right?  This page resides on the gateway and is the file
> /etc/wifidog-msg.html
> 
> > Situation 2
> > The client connects to the hotspot and then tries to go to the browser
> > default page,for example www.google.con.au
> > <http://www.google.con.au>.  The client gets a Server not found error
> > in their browser.  I would like to have the Auth server is down page
> > displayed.  I believe what I am seeing is due to the DNS lookup
> > failure.  Is there away around this?  Since the user is not
> > authenticated yet, i would of thought all requests would be redirected
> > without doing a DNS lookup.  Have I miss-understood this?
> > 
> > Situation 3
> > The client is browsing the internet and the internet connection goes
> > down.  I would to show the internet down page when they request their
> > next page.
> 
> Indeed, there is no internet is down page.  Actually, I think the
> gateway is not involved at all before the dns is resolved, so that it
> isn't caught by the rule that shows the internet unavailable page.
> 
> But that would certainly be a nice feature to add.  I guess it would
> involve some iptables set by the gateway when internet is down.  If the
> gateway doesn't catch the request for dns lookup, at least the firewall
> will and will display the page...
> 
> Or modify the gateway so that the dns lookup request is caught and the
> error page is shown.  Because the code to display the message in
> situation 2 and 3 is there, it is just never called...

It is called, but only if the DNS address is still in the local DNS cache.  
Which obviously only works for some requests, and for a limited time.

The problem with intercepting mangling DNS responses is that can be cached at 
various layers.  So returning a fake positive DNS response can be a very bad 
thing.  To make it somewhat transparent for the user, one would have to 
respond to all DNS queries with the local gateway address with a very short 
time to live.  Then redirect to the internet is down page.  So far so good. 

The problem is that when the net comes back up wrong addresses will be cached.  
One would need a modified transparent proxy (basically a reverse transparent 
proxy), to ICMP redirect the www requests to the correct address. And off 
course that doesn't solve the problem for any other protocol.

Doable, but is it worth doing?

More information about the WiFiDog mailing list