2

I want to implement a basic captive portal. For the test setup, I have a mac mini connect to wifi (192.168.1.1) and ubuntu laptop connected to it via lan.

What I am trying to achieve is for the the mac-mini to act as a router itself and assign an ip to the ubuntu-laptop and control its traffic. I am new to networking so I have no idea with what I am working with.

I have googled a lot of stuff and have seen some examples like the following

As far as I understand, my mini has:

  • en0 which I believe is the wifi connection with ip 192.168.1.101

  • en1 which I believe is the ethernet connection. I believe need a DHCP server to assign IP to devices that connect with it which is available by default, right?

  • What does the sysctl do? The command sudo sysctl -w net.inet.ip.fw.enable=1 doesn't work and show sysctl: unknown oid 'net.inet.ip.fw.enable error

  • pfctl is the firewall and will do the actual blocking / redirecting.

As for how it should work, my understanding is the firewall will initially blacklist all ip/mac addresses. then for every new connection it will redirect to my localhost running apache where on successful login the php will remove the blacklisted ip. While I am hopeful to implement the apache/php part, I have no idea how the initial phase of gateway/ip/firewall stuff should be implemented.

TL;DR - How can I implement the gateway and firewall?

Assume that I am a total NOOB and detailed steps to work it out is welcome. But any help is appreciated. Thanks in advance

klanomath
  • 64,996
  • 9
  • 126
  • 195
Arzoo
  • 21
  • 2
  • 1
    The man pages are your friend. `man sysctl` = "get or set kernel state". In this case, you are turning on the ipfirewall. All that said...is there a reason you want to do this on a Mac mini? Get a [pfsense firewall](https://www.pfsense.org/) (free), put it on a cheap PC and use that - you'll be reinventing the wheel doing it this way. – Allan Feb 18 '18 at 23:39
  • 1
    @Arzoo Please add your system versin! – klanomath Feb 19 '18 at 00:38
  • @Allan Since the purpose of this entire endeavour is to learn how things work, so I need to reinvent the wheel – Arzoo Feb 19 '18 at 02:01
  • @klanomath macos high sierra – Arzoo Feb 19 '18 at 02:01
  • 1
    I can appreciate that immensely. (IMO) macOS isn't the OS to do this on. even though the core is BSD, there's simply too much on top to effectuate a good environment to build on. If you want to reinvent the wheel, get that old PC and start with an install of FreeBSD on that cheap PC and build from there. I'm not trying to discourage you, it's just macOS adds a lot of complexity you don't need. You know..you could do all of this in a VM..... – Allan Feb 19 '18 at 10:31

0 Answers0