Squid Proxy Authentication



  • Hey guys,

    I have a general question, I recently setup a PFSense box for my home network. I am currently trying to setup a proxy using Squid for my optional network. My setup is below

    WAN –--> DHCP
    LAN -----> 10.0.1.X
    OPT -----> 10.0.2.X

    I have currently configured both the LAN and OPT network to use the WAN for internet. My question is; is it possible to setup a proxy using squid that would require users on the OPT network to enter a username and password to access the internet? Its a pretty basic network without any server so I don't have anything for LDAP. Does Squid provide a option to setup usernames and passwords for access? Is it possible to have full access to the internet on the LAN and require a username and password on the OPT side at the same time?

    I have tried to point squid to run over the OPT network and turned on "local" for the authentication. When I do this any user can still get out without being prompted for a username and password. Is there a setting I need to apply under Firewall or Rules so it looks to this proxy? Thanks for your help everyone.



  • Nevermind, figured it out.

    You have to setup the clients to use a proxy if your not using transparency. If you use transparency you cannot use authentication.



  • We do a setup just like this using the captive portal.  We allow access to only whitelisted URLs on our LAN (10.21.1.0/24) and open internet once authenticated through the captive portal on OPT1 (192.168.1.0/24).  We manually list out the OPT1 IPs in the 'do not filter' box in the Squid GUI and it accomplishes exactly why you describe.


Log in to reply