Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

Wireless How To

Using a Captive Portal to access the Internet

For the purposes of this article, let's imagine a Community Cafe. In the Cafe, there are a number of open access PCs connected to an Ethernet network. The Cafe also provides a wireless network for customers visiting with laptop PCs and other wireless devices. 

I'm using the straightforward scenario of a Cafe, but this could just as easily be someone sharing broadband Internet with their immediate neighbours, or a school or other educational institution.

Figure 1 shows a diagram of my hypothetical Cafe network. The Internet connection is some sort of broadband, cable, xDSL etc. and the Cafe network is physically connected by a router on the WAN interface of a m0n0wall firewall (grey).

Community Cafe Network

Figure 1: Community Cafe Network
(click on the image for a larger view)

The m0n0wall firewall has two further interfaces: the LAN interface that connects PCs used in the administration and day-to-day running of the Cafe (green); and the PORTAL interface that connects to a wired Ethernet LAN (in green) and wireless LAN via an access point (in orange) to provide client devices managed access to the Internet.

In running this network for the Cafe we need to:

  • protect PCs used for running the Cafe (connected on the LAN interface) from both the Internet and clients on the PORTAL interface
  • protect clients connected on the PORTAL interface from the Internet
  • control the Internet ports and services clients connected on the PORTAL interface can use
  • ensure that clients using the Internet first agree to an Acceptable Use Policy before granting access

You'll see that m0n0wall provides all the necessary functionality to meet these requirements.

Connecting the Cafe Admin and Open Access PCs is relatively straightforward. All that's required is a couple of Ethernet hubs or switches - one is connected to the LAN interface of the m0n0wall firewall for the Cafe Admin PCs, the second to the PORTAL interface for the Cafe Open Access PCs and wireless access point.

Customers of the Cafe could then use one of the fixed Open Access PCs provided which would already be configured for using the Internet. Customers with their own notebooks would have to do some simple configuration so they can use the wireless hotspot:

  • Configure the wireless adapter to be a DHCP client (Obtain IP address automatically)
  • Select the Captive Portal's SSID to connect

Both groups of customers would find that initially, general access to the Internet would be blocked. To access the Internet, they would need to launch a web browser. When the browser attempts to connect to its Home Page, it will be redirected to the Portal's Terms and Conditions or Acceptable Use Policy on the Portal Page. Internet access will be granted by simply clicking on an "I Accept" or similar button on this page until the alloted connection time expires.

Tip! Tip: If we were only providing a wireless hot-spot for customers with laptop PCs etc, the wireless access point could be connected directly to the PORTAL interface of the m0n0wall using a CAT5 cross-over cable in place of a hub/switch and two normal CAT5 cables.

Tip! Tip: A managed switch supporting 802.1Q VLANs could be used in place of two unmanaged hubs/switches and separate LAN and PORTAL interfaces. m0n0wall would then only need two physical network interfaces, one for the WAN and another for both the 802.1Q LAN and PORTAL virtual interfaces. See this post from the m0n0wall mailing list for an example.

More Wireless

Wi-Fi System Tools
Check out our Wi-Fi System Charts, Ranker and Finder!

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

This is a step-by-step guide that will show how to optimally set up a USB drive for Asus’ RMerlin powered routers that will at the very minimum allow ...
x3mRouting Version 2.0.0 now available! June 30, 2020Version 2.0.0 Update Process - update instructionsVersion 2.0.0 Changes - see what's change...
Suricata is a free and open source, mature, fast and robust network threat detection engine.The Suricata engine is capable of real time intrusion dete...
This is FlexQoS, a fork of the original, groundbreaking FreshJR_QOS script written by @FreshJR.FlexQoS provides a fully customizable Adaptive QoS expe...
Hi Guys,It took me a long time until I realized that if the traffic analyzer is enabled, your internet speed is somehow cut by half. I was looking in ...

Don't Miss These

  • 1
  • 2
  • 3