Proxy-ip:port bypass captive portal
-
The support needs to be put on the squid package to got to know the CP enabling.
Probably with some outside authenticator.There are no plans on pfSense devs to do this presently unless some customer pushes it.
-
Hi!
in my case CP does Authentication via radius.
Squid supports this too.
But transparent proxy wont support any authentication.
It seems all I can do is
- block proxy port for LAN interface
- use transparent proxy only
- drop dhcp and dns advertising of proxy (useless, see "blocked port")
Maybe some fIrewall-guru might suggest me a solution like
CP authentication opens proxy port for this particular maschine (?)
mop
-
Well traffic to the firewall is allowed for any client.
Even if it blocked squid your client could not do anything since it goes through a proxy anyway.As i told you presently there are no plans to do this integration as of 2.1.
-
Did you try with squid3 package ? It hase some options to configure squid when CP is enabled.
Squid2 package does not have that. -
Did you try with squid3 package ? It hase some options to configure squid when CP is enabled.
The steps are:
-
enable captive portal
-
enable squid3
-
select patch captive portal on squid and save config
-
got to captive portal gui and save config again
This way, captive portal rules will forward squid connections to captive portal page if not authenticated.
It works great with or without squid transparent proxy enabled including bandwidth restriction!
-
-
marcello which patch is this?
Why has not been sent for merge into mainline? -
@ermal:
marcello which patch is this?
Why has not been sent for merge into mainline?It's just a patch to squid package coexist with captive portal. I did not included a gui option on captive portal to choose what ports captive portal should not allow local traffic.
and 2.0.x merge process accept only fixes, not improvements…
If you want I can push it to 2.0.3 and 2.1, after some tests, of course..
-
Did you try with squid3 package ? It hase some options to configure squid when CP is enabled.
The steps are:
-
enable captive portal
-
enable squid3
-
select patch captive portal on squid and save config
-
got to captive portal gui and save config again
This way, captive portal rules will forward squid connections to captive portal page if not authenticated.
It works great with or without squid transparent proxy enabled including bandwidth restriction!
Hi friends,
thanks a lot for this welcome suggestion.
err…where do I find the patch?
I gave squid3 a try but 3 seems not so give HITs at all and I read some complains in the forum.
So I took sq2.
Of course I would prefer to use sq3 because of its promised feature to cache dynamic content like facebook.
(to my big surprise facebook is 99% of all traffic)So I will let you know my experience with the suggested solution.
m.
p.s. I would like to use this opportunity to say THANK YOU to Marcelloc and nachtfalke for
the radius support, which made my mysql "solution" work. -
-
The patch is an option on squid3 GUI. Just follow the steps.
-
The steps are:
-
enable captive portal
-
enable squid3
-
select patch captive portal on squid and save config
-
got to captive portal gui and save config again
This way, captive portal rules will forward squid connections to captive portal page if not authenticated.
It works great with or without squid transparent proxy enabled including bandwidth restriction!
This not working on latest 2.1 snapshot, should it be?
I am accessing here (un-authenticated) bypassing the CP using the proxy IP and port setup in firefox -
