[lug] Google Chrome, iptables, and a captive portal
Dan Ferris
dan at usrsbin.com
Fri Feb 24 21:47:19 MST 2012
Hey! That fixed it.
Thanks a lot, I'd buy you a beer if I still lived in Colorado. :)
Dan
On 2/24/2012 9:38 PM, Zan Lynx wrote:
> On 2/24/2012 6:59 PM, Dan Ferris wrote:
>> Here's an interesting one for you guys...
>>
>> I have a captive portal I've slapped together with iptables, apache, and
>> python. When you access the Internet with your browser, iptables will
>> NAT your connection to the local Apache server that displays the login
>> page. The captive portal script captures the URL you are trying to
>> access and then redirects you to it after sign on.
>>
>> At least, that's the idea.
>>
>> Now, the interesting part is that the captive portal works great. Every
>> browser except Chrome works exactly as expected. You log into the
>> captive portal, it checks your username / password, adds the necessary
>> iptables rules to let you through the portal, kills off old iptables
>> states with conntrack and the redirects you to the original page.
>>
>> Instead of just working like every other browser, Chrome will hang when
>> the captive portal script redirects you to the original page. The only
>> way to make it work is to close Chrome and relaunch it as which point it
>> will browse until the login expires.
>>
>> If anyone has any good ideas, I'm open to suggestions...
> One idea. Make sure your local Apache server has pipeline disabled. It
> seems possible to me that Chrome has kept a TCP session open to the
> server and when the NAT rules change it never gets a RST or FIN and
> keeps trying to use that open socket.
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
More information about the LUG
mailing list