Captive portal for Squid in transparent mode



  • Hello all,

    I'm noob here.
    I already setup PFsense 2.1.5-RELEASE (amd64) with squid 2.7.9 pkg v.4.3.4 and squidGuard 1.4_4 pkg v.1.9.6 using one interface (LAN)
    Checked the transparent mode on squid proxy server.
    Here's my network configuration

    Internet
    ||
    ||
    (eth2)
    Mikrotik Router(eth1)=====(LAN)PFsense
    (eth3)
    ||
    ||
    switch
    ||
    ||
    Users

    The HTTP traffic from user, I force from my router to port 3128 which running squid on Pfsense machine.
    Is it possible to setup Captive portal, to make user login first before they access squid?
    Because i already try that, but not working. I try patch the captive portal from this linkhttp://sametyilmaz.com.tr/pfsense-captiveportal-bypass-patch.html
    When I enable the captive portal Zone rules, user can't access internet.
    But when i disable the Captive portal zone rules, user can access internet using the transparent proxy.

    Here, I want user login using the captive portal before they access the internet using the transparent proxy

    Sorry for my English, and hope anyone can help me by giving suggestion or correct me.
    Thanks.


  • LAYER 8 Netgate

    I don't think so.  You'll probably need a captive portal in line between your users and the rest of the network.



  • @Derelict:

    I don't think so.  You'll probably need a captive portal in line between your users and the rest of the network.

    thanks for the response.
    The problem with captive portal in line, i need to bypass some users, they don't need to login to access the internet.
    Is that possible to bypass some ip address range on Pfsense captive portal?


  • LAYER 8 Netgate

    Yes.  Users that don't need the captive portal on one interface, users that need to go through the portal on another interface with the portal enabled.

    Or you could put them all on one interface with passthrough MAC address entries for the NICs that don't need to go through the portal.  Two networks with different access policies is how I would go.



  • @Derelict:

    Yes.  Users that don't need the captive portal on one interface, users that need to go through the portal on another interface with the portal enabled.

    Or you could put them all on one interface with passthrough MAC address entries for the NICs that don't need to go through the portal.  Two networks with different access policies is how I would go.

    Ok thank you very much for your sugesstion. I will try with with MAC address passthrough first, because it sound more fit-able to my network condition. If not work, i will try with the other solution 2 NIC.


Log in to reply