Squid Proxy Authentication

grimmy · Apr 7, 2011, 7:21 PM

Hey guys,

I have a general question, I recently setup a PFSense box for my home network. I am currently trying to setup a proxy using Squid for my optional network. My setup is below

WAN –--> DHCP
LAN -----> 10.0.1.X
OPT -----> 10.0.2.X

I have currently configured both the LAN and OPT network to use the WAN for internet. My question is; is it possible to setup a proxy using squid that would require users on the OPT network to enter a username and password to access the internet? Its a pretty basic network without any server so I don't have anything for LDAP. Does Squid provide a option to setup usernames and passwords for access? Is it possible to have full access to the internet on the LAN and require a username and password on the OPT side at the same time?

I have tried to point squid to run over the OPT network and turned on "local" for the authentication. When I do this any user can still get out without being prompted for a username and password. Is there a setting I need to apply under Firewall or Rules so it looks to this proxy? Thanks for your help everyone.

grimmy · Apr 7, 2011, 8:10 PM

Nevermind, figured it out.

You have to setup the clients to use a proxy if your not using transparency. If you use transparency you cannot use authentication.

mhab12 · Apr 7, 2011, 10:04 PM

We do a setup just like this using the captive portal. We allow access to only whitelisted URLs on our LAN (10.21.1.0/24) and open internet once authenticated through the captive portal on OPT1 (192.168.1.0/24). We manually list out the OPT1 IPs in the 'do not filter' box in the Squid GUI and it accomplishes exactly why you describe.