[lug] Google Chrome, iptables, and a captive portal

[Zan Lynx]

On 2/24/2012 6:59 PM, Dan Ferris wrote:
> Here's an interesting one for you guys...
> 
> I have a captive portal I've slapped together with iptables, apache, and 
> python.  When you access the Internet with your browser, iptables will 
> NAT your connection to the local Apache server that displays the login 
> page.  The captive portal script captures the URL you are trying to 
> access and then redirects you to it after sign on.
> 
> At least, that's the idea.
> 
> Now, the interesting part is that the captive portal works great.  Every 
> browser except Chrome works exactly as expected.  You log into the 
> captive portal, it checks your username / password, adds the necessary 
> iptables rules to let you through the portal, kills off old iptables 
> states with conntrack and the redirects you to the original page.
> 
> Instead of just working like every other browser, Chrome will hang when 
> the captive portal script redirects you to the original page.  The only 
> way to make it work is to close Chrome and relaunch it as which point it 
> will browse until the login expires.
> 
> If anyone has any good ideas, I'm open to suggestions...

One idea. Make sure your local Apache server has pipeline disabled. It
seems possible to me that Chrome has kept a TCP session open to the
server and when the NAT rules change it never gets a RST or FIN and
keeps trying to use that open socket.