Captive Portal + web filtering in transparent mode



  • Does some guy knows whether this this really possible?
    I've read hundreds howtos and topics and tryied for several days different combinations but no success.

    Ideally, I would like to setup:

    • Captive Portal with RADIUS authentication on Active Directory
    • Squid or other proxy in transparent mode
    • content filtering or at least address filtering based on blacklists (Dansguardian, Squidguard or similar)
    • no modification on various clients

    So far I've successfully setup:

    • pfSense 2.1
    • Captive Portal with RADIUS authentication on Active Directory

    I've tryied:

    • Squid3-dev in transparent mode
    • Squidguard-Squid3

    but with varying luck.
    Do I have to reinstall everything?
    Any help would be really appreciated!



  • I have it working.

    The point is that you need clients to send some http traffic out of squid port to keep captive portal alive, that`s why I use transparent proxy for http.



  • Seems like the problem is really Squid3-dev.
    With squid only active in transparent mode on LAN interface, no CP no Squidguard, the client browser always receives: CONNECTION_REFUSED.
    Not even telnet on server can connect to port 3128 on LAN address or localhost, always connection refused.
    Removed Squid3-dev, installed Squid 2.x, same configuration, all goes correctly, with or without CP.
    Damn! I woud like to try ssl filtering and antivirus integration via i-cap



  • check missing libs for squid3-dev and squid config created by the package You will need also ipv6 enabled on system advanced.
    Without this, squid port will stay closed.

    squid -k parse and netstat -an | grep -i listen could help you.



  • It was just ipv6!! :o
    Thank you very much


  • Banned

    @marcelloc:

    check missing libs for squid3-dev and squid config created by the package You will need also ipv6 enabled on system advanced.
    Without this, squid port will stay closed.

    Should really be checked on package install and spit out some notice.



  • Hi guys,
    I have the same problem but I could't solve.
    CP with local user authentication and "Enable Pass-through MAC automatic additions", squid3 not work (trasparent e non trasparent mode)

    All requests are managed nly by CP , but i want:

    clients–-->CP----->Squid3&SquidGuard(Trasparent Mode)----WAN

    anyone can help me?


Log in to reply