Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Captive Portal + web filtering in transparent mode

    Scheduled Pinned Locked Moved Captive Portal
    7 Posts 4 Posters 4.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      SuperC
      last edited by

      Does some guy knows whether this this really possible?
      I've read hundreds howtos and topics and tryied for several days different combinations but no success.

      Ideally, I would like to setup:

      • Captive Portal with RADIUS authentication on Active Directory
      • Squid or other proxy in transparent mode
      • content filtering or at least address filtering based on blacklists (Dansguardian, Squidguard or similar)
      • no modification on various clients

      So far I've successfully setup:

      • pfSense 2.1
      • Captive Portal with RADIUS authentication on Active Directory

      I've tryied:

      • Squid3-dev in transparent mode
      • Squidguard-Squid3

      but with varying luck.
      Do I have to reinstall everything?
      Any help would be really appreciated!

      1 Reply Last reply Reply Quote 0
      • marcellocM
        marcelloc
        last edited by

        I have it working.

        The point is that you need clients to send some http traffic out of squid port to keep captive portal alive, that`s why I use transparent proxy for http.

        Treinamentos de Elite: http://sys-squad.com

        Help a community developer! ;D

        1 Reply Last reply Reply Quote 0
        • S
          SuperC
          last edited by

          Seems like the problem is really Squid3-dev.
          With squid only active in transparent mode on LAN interface, no CP no Squidguard, the client browser always receives: CONNECTION_REFUSED.
          Not even telnet on server can connect to port 3128 on LAN address or localhost, always connection refused.
          Removed Squid3-dev, installed Squid 2.x, same configuration, all goes correctly, with or without CP.
          Damn! I woud like to try ssl filtering and antivirus integration via i-cap

          1 Reply Last reply Reply Quote 0
          • marcellocM
            marcelloc
            last edited by

            check missing libs for squid3-dev and squid config created by the package You will need also ipv6 enabled on system advanced.
            Without this, squid port will stay closed.

            squid -k parse and netstat -an | grep -i listen could help you.

            Treinamentos de Elite: http://sys-squad.com

            Help a community developer! ;D

            1 Reply Last reply Reply Quote 0
            • S
              SuperC
              last edited by

              It was just ipv6!! :o
              Thank you very much

              1 Reply Last reply Reply Quote 0
              • D
                doktornotor Banned
                last edited by

                @marcelloc:

                check missing libs for squid3-dev and squid config created by the package You will need also ipv6 enabled on system advanced.
                Without this, squid port will stay closed.

                Should really be checked on package install and spit out some notice.

                1 Reply Last reply Reply Quote 0
                • R
                  roburoris
                  last edited by

                  Hi guys,
                  I have the same problem but I could't solve.
                  CP with local user authentication and "Enable Pass-through MAC automatic additions", squid3 not work (trasparent e non trasparent mode)

                  All requests are managed nly by CP , but i want:

                  clients–-->CP----->Squid3&SquidGuard(Trasparent Mode)----WAN

                  anyone can help me?

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.