[squid-users] transparent proxy forward to authenticating proxy

From: Josh Kuperman <[email protected]>
Date: Wed, 5 Mar 2003 10:42:47 -0500

I'm explaining the problem as best I can. Hopefully, I will be able to
answer any questions about what I'm trying to do clearly. Sorry about
the subject heading - not quite sure how to word this:

The situation: I'm in a public library with a mandate to provide
wireless web access to whoever walks in. Because of security concerns
- I want to provide only web access that goes through my proxy and
gets logged - no other services no bypassing the proxy. I put up some
wireless dsl/cable routers. This will give them a router assigned
address 192.168.1.101 and the routers WAN is on our 10.2.2.x network
as is my squid proxy at 10.2.2.2 (henceforth referred to as my big
squid). Currently, to get out at all our library patrons would have to
manually set their browsers to use 10.2.2.2:3128 as their proxy
manually with nothing more than a handout saying find SSID linksys and
set your proxy to 10.2.2.2:3128.

The problem: To get the interaction and assistance of staff down to
set your wireless card to use SSID being broadcast.

The solutions that I am thinking about - that would be nice if they
were simple enough and worked:

1. Just use the Linksys wifi cable DSL routers to provide access on
   the wireless network and stick a tiny linux box with two nics
   running squid to transparently proxy and use my the big squid as a
   parent. Added advantage they are completely excluded from anything
   on the insdide network that is not secured.

2. Discover settings in recent linksys cable routers so I could
   automatically portfoward the requests to the big squid. In effect
   achieving automatically setting the proxy through the dsl/cable
   router, without it being a transparently proxy.

I can't make the big squid transparent because it is accessable to
staff (authenticated users) from outside. I have endless older
computers that can run redhad and squid but don't have any processing
power. I have a linksys wireless dsl/cable router. I don't care to
restrict our wireless users or to force them to authenticate, though I
suspect if it gets out of hand, I need to keep those options open.

-- 
Josh Kuperman                       
josh@saratoga.lib.ny.us
Received on Wed Mar 05 2003 - 08:42:51 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:13:56 MST