Captive Portal Overview

I originally authored this on Aug 16, 2016 at Considering my tutorial did not include an overview, I thought I would re-post it on my blog.

To make a captive portal appear, you need to stop all internet traffic and provide a 302 redirectto the client’s browser. To do this, you need to have a firewall (like iptables) redirect all traffic to a webserver (like nginxapache, etc) where the webserver responds with a 302 redirect to the url of your login page.

I have written a lengthy article on how to do this with a Raspberry Pi. It basically boils down to the iptables block/redirect to webserver:

iptables -t nat -A wlan0_Unknown -p tcp --dport 80 -j DNAT --to-destination

and then the webserver (nginx) redirecting to the login page:

# For iOS
if ($http_user_agent ~* (CaptiveNetworkSupport) ) {
    return 302 http://hotspot.localnet/hotspot.html;

# For others
location / {
    return 302 http://hotspot.localnet/;

iOS has to be difficult in that it needs the WISP settings. hotspot.html contents are as follows:

<?xml version="1.0" encoding="UTF-8"?>
<WISPAccessGatewayParam xmlns:xsi="" xsi:noNamespaceSchemaLocation="">
<AccessLocation>Andrew Wippler is awesome</AccessLocation>

    Lee Alder

    Question: I am a noob on the Raspberry pi and I’m trying to follow your instructions. But I seam to only find epic fail.
    in the area “nginx
    Now we need to set up nginx to send a magic packet that prompts the user for action (i.e MyOpenAP requires you to sign in). To do that, we will run the following commands:”
    how do I do that? Type it from the keyboard or put it into a .sh file and run it.
    Thanks in Advance.
    Lee Alder


      You would run them from a terminal prompt

        Lee Alder

        Do I do copy & paste?

        lee alder

        would that be copy & paste?

Add to the conversation:

Your email address will not be published. Required fields are marked *