Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

Wireless How To

Using a Captive Portal to access the Internet

For the purposes of this article, let's imagine a Community Cafe. In the Cafe, there are a number of open access PCs connected to an Ethernet network. The Cafe also provides a wireless network for customers visiting with laptop PCs and other wireless devices. 

I'm using the straightforward scenario of a Cafe, but this could just as easily be someone sharing broadband Internet with their immediate neighbours, or a school or other educational institution.

Figure 1 shows a diagram of my hypothetical Cafe network. The Internet connection is some sort of broadband, cable, xDSL etc. and the Cafe network is physically connected by a router on the WAN interface of a m0n0wall firewall (grey).

Community Cafe Network

Figure 1: Community Cafe Network
(click on the image for a larger view)

The m0n0wall firewall has two further interfaces: the LAN interface that connects PCs used in the administration and day-to-day running of the Cafe (green); and the PORTAL interface that connects to a wired Ethernet LAN (in green) and wireless LAN via an access point (in orange) to provide client devices managed access to the Internet.

In running this network for the Cafe we need to:

  • protect PCs used for running the Cafe (connected on the LAN interface) from both the Internet and clients on the PORTAL interface
  • protect clients connected on the PORTAL interface from the Internet
  • control the Internet ports and services clients connected on the PORTAL interface can use
  • ensure that clients using the Internet first agree to an Acceptable Use Policy before granting access

You'll see that m0n0wall provides all the necessary functionality to meet these requirements.

Connecting the Cafe Admin and Open Access PCs is relatively straightforward. All that's required is a couple of Ethernet hubs or switches - one is connected to the LAN interface of the m0n0wall firewall for the Cafe Admin PCs, the second to the PORTAL interface for the Cafe Open Access PCs and wireless access point.

Customers of the Cafe could then use one of the fixed Open Access PCs provided which would already be configured for using the Internet. Customers with their own notebooks would have to do some simple configuration so they can use the wireless hotspot:

  • Configure the wireless adapter to be a DHCP client (Obtain IP address automatically)
  • Select the Captive Portal's SSID to connect

Both groups of customers would find that initially, general access to the Internet would be blocked. To access the Internet, they would need to launch a web browser. When the browser attempts to connect to its Home Page, it will be redirected to the Portal's Terms and Conditions or Acceptable Use Policy on the Portal Page. Internet access will be granted by simply clicking on an "I Accept" or similar button on this page until the alloted connection time expires.

Tip! Tip: If we were only providing a wireless hot-spot for customers with laptop PCs etc, the wireless access point could be connected directly to the PORTAL interface of the m0n0wall using a CAT5 cross-over cable in place of a hub/switch and two normal CAT5 cables.

Tip! Tip: A managed switch supporting 802.1Q VLANs could be used in place of two unmanaged hubs/switches and separate LAN and PORTAL interfaces. m0n0wall would then only need two physical network interfaces, one for the WAN and another for both the 802.1Q LAN and PORTAL virtual interfaces. See this post from the m0n0wall mailing list for an example.

More Wireless

Wi-Fi System Tools
Check out our Wi-Fi System Charts, Ranker and Finder!

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

i'm trying to run an aimesh of two 86u's and one 68u. so i setup my old and trusty 86u as a main and the two other routers as nodes. everything goes w...
Hi, I'm new around here.I have this configuration:Router ISP: Bridge mode (192.168.0.1)Router ASUS AC68U :Firmware: Asuswrt-Merlin 834.13 (Thank you M...
Hi, I have a question around multi-subnet environment and routing via OpenVPN on Merlin. I have a few internal networks for desktop, vms and wifi clie...
Hi, I can not use IGMP proxy on my AX88U with the last Merlin firmware, I got this message : "Due to hardware limitation, IGMP proxy cannot co-exist w...
My custom VPN configuration would be 577 bytes long.However, this does not fit completely into the input field.I just happened to see that because a s...

Don't Miss These

  • 1
  • 2
  • 3