Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squid integration - General Questions

    Scheduled Pinned Locked Moved pfSense Packages
    5 Posts 3 Posters 2.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pcnetguru
      last edited by

      I'm looking for an open source proxy solution for the company that I work for. I read online that squid is pretty good and I noticed on my PFsense configuration at home, squid is available as a module.

      What we need out of the proxy are the following:

      *Access Control - There should be a web interface for managers to login and create proxy user ID's for external people
      *Good password complexity requirement
      *Lock down the allowed websites

      Does the squid module for pfsense offer all of these?

      1 Reply Last reply Reply Quote 0
      • M
        mhab12
        last edited by

        Access Control - This sounds like Captive Portal would be more along the lines of what you are looking for, and yes, Captive Portal can be integrated with Squid.  You could have different ACLs for visitors logging in through the captive portal than your regular users.  Also, User IDs can be set to auto expire which sounds like it might work for your situation.

        Good PWs - I am not aware that Squid/CP/pfSense have any pw complexity requirements, however Squid can be set to use AD for authentication so you could incorporate your complexity requirements there.

        Lock down websites - yes, easily doable

        1 Reply Last reply Reply Quote 0
        • R
          rexis
          last edited by

          mhab12,

          Can captive portal really integrate with Squid? Any site that I can refer that to? Is that applicable to 1.2.3?

          What do you mean by different ACL for Captive Portal visitors? Would Squid capture the login names in the way you mentioned?

          nix noob

          1 Reply Last reply Reply Quote 0
          • M
            mhab12
            last edited by

            I don't know about the word 'integrate', but they both work (well) when installed at the same time.  We have been running Squid/CP in production on 1.2.3 since its release.

            You can setup a different set of ACLs based on IP address.  If you want your CP users to be assigned a specific range, then they would also be subject to a different ACL.  We use a VLAN for CP, and that VLAN has all its IPs whitelisted so that CP provides open access, while workstations are subject to a restrictive ACL.

            As far as I know, Squid does not log the user name from the CP.  The CP log does do this.  If you cross reference the time and IP, you should be able to figure out which user accessed the pages in question.

            1 Reply Last reply Reply Quote 0
            • R
              rexis
              last edited by

              Thanks for clearing my skies.

              I am cross referencing the squid log and CP log with script running on another linux box. User names are inserted to the un field on the squid log and they are parsed with lightsquid. Should be working until I complete the scripts.

              nix noob

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.