892
edits
Line 85: | Line 85: | ||
This is to ensure that the IP for www.apple.com is always the same for all the entire network and is always known. This is not a good solution. Instead, the configuration that relies on the IP should be updated every time the IP for www.apple.com changes. | This is to ensure that the IP for www.apple.com is always the same for all the entire network and is always known. This is not a good solution. Instead, the configuration that relies on the IP should be updated every time the IP for www.apple.com changes. | ||
:Apple is using Akamai and has many addresses. Moreover, it might be that multiple different companies share the same IP? | :Apple is using Akamai and has many addresses. Moreover, it might be that multiple different companies share the same IP? ([[User:Mitar|Mitar]]) | ||
:What about IPv6? | ::Since we have caching DNS servers on the mesh exit nodes, everyone connected to the mesh will see the same IP for www.apple.com. If someone sets a different DNS server, then they will simply not see the splash page if they get a different IP for www.apple.com. We are not blocking the IP or even re-directing all of the traffic for the IP. We are simply re-directing port 80 for the IP through a squid proxy and matching on the host name and URL. The content will be delivered normally unless if the URL and host name is not a captive portal deteciton probe. The only way this could be a problem is if something other than an http server is listening on port 80 on www.apple.com. This is not likely to happen in the near future. ([[User:Juul|Juul]] ([[User talk:Juul|talk]])) | ||
:What about IPv6? ([[User:Mitar|Mitar]]) | |||
::The IPv6 solution is almost identical. ([[User:Juul|Juul]] ([[User talk:Juul|talk]])) | |||
An iptables rule redirects all port 80 traffic for the www.apple.com IP to a different port: | An iptables rule redirects all port 80 traffic for the www.apple.com IP to a different port: | ||
Line 96: | Line 98: | ||
The squid proxy is run on port 3128 and set to run a program called rewrite.pl that sends alternate responses to specific GET requests. | The squid proxy is run on port 3128 and set to run a program called rewrite.pl that sends alternate responses to specific GET requests. | ||
:Why not using internetisdownredirect to redirect? | :Why not using internetisdownredirect to redirect? ([[User:Mitar|Mitar]]) | ||
::We want to run this on the exit nodes. Not on the mesh nodes. ([[User:Juul|Juul]] ([[User talk:Juul|talk]])) | |||
Squid 3.1 configuration: | Squid 3.1 configuration: | ||
Line 205: | Line 208: | ||
One concern is: What happens when the client roams to another mesh node and then stays there until their dhcp lease expires? They may get a new IP if batman-adv decides that another gateway is closer/better. If the client gets a new IP, will it try the captive portal detection again? | One concern is: What happens when the client roams to another mesh node and then stays there until their dhcp lease expires? They may get a new IP if batman-adv decides that another gateway is closer/better. If the client gets a new IP, will it try the captive portal detection again? | ||
:Will not clients have global IPs for whole mesh? | :Will not clients have global IPs for whole mesh? ([[User:Mitar|Mitar]]) | ||
::The clients will get an IP that is on the mesh subnet and will be able to communicate with the entire mesh and internet. They will get different IPs depending on which dhcp server / internet gateway that is "closer" to them when their lease is up. This is how it's done in batman-adv. [[User:Juul|Juul]] ([[User talk:Juul|talk]]) | |||
== Proxy == | == Proxy == |