Squid Proxy Authentication
-
Hey guys,
I have a general question, I recently setup a PFSense box for my home network. I am currently trying to setup a proxy using Squid for my optional network. My setup is below
WAN –--> DHCP
LAN -----> 10.0.1.X
OPT -----> 10.0.2.XI have currently configured both the LAN and OPT network to use the WAN for internet. My question is; is it possible to setup a proxy using squid that would require users on the OPT network to enter a username and password to access the internet? Its a pretty basic network without any server so I don't have anything for LDAP. Does Squid provide a option to setup usernames and passwords for access? Is it possible to have full access to the internet on the LAN and require a username and password on the OPT side at the same time?
I have tried to point squid to run over the OPT network and turned on "local" for the authentication. When I do this any user can still get out without being prompted for a username and password. Is there a setting I need to apply under Firewall or Rules so it looks to this proxy? Thanks for your help everyone.
-
Nevermind, figured it out.
You have to setup the clients to use a proxy if your not using transparency. If you use transparency you cannot use authentication.
-
We do a setup just like this using the captive portal. We allow access to only whitelisted URLs on our LAN (10.21.1.0/24) and open internet once authenticated through the captive portal on OPT1 (192.168.1.0/24). We manually list out the OPT1 IPs in the 'do not filter' box in the Squid GUI and it accomplishes exactly why you describe.