[WNYLUG-Users] Captive Portal + Squid

Joe Hoot joehoot at gmail.com
Fri Feb 12 11:20:47 EST 2010


Similar to this, I've been looking into testing wireless captive portal software for awhile.  It seems like it would be a fun test while staying at hotels, for example.   Just as fun as driving home from work with KisMAC or other wireless software running and seeing 100's of wide-open access points <-- pretty ridiculous that we're not training our new generations of users as well as educating the older generation on this stuff.  I think that would be good stimulus for congress to work on.

There is software called CoovaChilli which can also be associated with a Squid Transparent Proxy (along with iptables) to basically force all traffic to be authenticate and authorized as well as allow for accounting.  This would basically alllow you to setup wireless access points as well as wired networks and force all outbound traffic to be authenticated, authorized, accounted for, and filtered without relying on LTSP, Group Policies, or other URL proxy configurations (which can be bypassed if not locked down properly).

Here are the links:
================

Captive Portal:      	http://coova.org/CoovaChilli
Transparent Proxy:  	http://coova.org/node/2917

If anyone tries it out, please keep me in the loop on how you feel about it.  I haven't tried it out yet, but would like to

Cya,
Joe

=====================
Joseph R. Hoot
Network Penguin
joe at networkpenguin.com
GPG KEY:   7145F633
=====================

On Feb 12, 2010, at 9:08 AM, Cyber Source wrote:

> I'm going to look into squidguard as that's in the repos for Ubuntu. The iptables would work but would be a major pain dealing with multi-homed sites as it's not dealing with DNS.
> 
> On the ethical bit that got brought up, I was thinking of you mattski, Doesn't Tops give you guys "windows of playtime" for the internet? 
> 
> Matthew Koerner wrote:
>> Pete,
>> you can block ip destinations by user id with iptables, thats free:
>> we use it at work to block certain facebook offenders
>> i.e.
>> 
>> iptables -t filter -A OUTPUT -d 64.65.239.35 --match owner --uid-owner 666 -j DROP
>> that would block satan from the source
>> 
>> 
>> 
>> 
>> On Fri, Feb 12, 2010 at 6:21 AM, Christopher Hawkins <chawkins at bplinux.com> wrote:
>> I second that. DansGuardian is the commercial version of SafeSquid, which is FOSS. I use it on a little Centos VMware instance at one customer site for general web content filtering (porn, hate sites, etc.) and it does a great job. It has per user controls and all that, but it's more complicated than a file with sites to block. If you need help getting a working config I can always peek at mine and help with Q&A. 
>> 
>> Chris
>> 
>> 
>> ----- "Cyber Source" <peter at cybersource.us> wrote: 
>>> I'd rather keep it in house and free. SIMPLE and customizable for each user. I don't want to have to reroute all the internet traffic. In the old days (and still could) restrict with bogus info in a hosts file but not sure how I could do this on a per user basis, especially within an LTSP environment.
>>> 
>>> Wolfe, Robert wrote:
>>> 
>> Could always set up something like Dan’s Guardian/Squid to and direct all web traffic through that to filter out websites you don’t want people to go to.
>> 
>> 
>>> 
>> From: users-bounces at wnylug.org [mailto:users-bounces at wnylug.org] On Behalf Of Cyber Source
>>> Sent: Thursday, February 11, 2010 4:58 PM
>>> To: Western New York Linux Users Group Users Mailing List
>>> Subject: [WNYLUG-Users] Restrictions
>> 
>> 
>> Gonna throw this out here and see what hits. Looking for ideas here. I have a client whom I've setup with an LTSP environment. He called me a while ago and said, I want to block Joyce from the internet, or at least restrict her, she's always on facebook, etc..
>> 
>> 
>>> This is a common problem today, I see this stuff all the time and I know of a few things I could implement, like squid but I'm looking for ideas because this is becoming more and more of a request in the work environments that I administer. I would rather not just block the user entirely cause they might need the internet to actually do some work. Any ideas as to how one could SIMPLY restrict sites? Keep in mind the LTSP environment. TIA, Peter
>> -- 
>>> 
>> 
>> 
>>> 115 Richfield Road 
>>> Williamsville, New York 14221 
>>> 716-553-8525
>> 
>> _______________________________________________
>> Users mailing list
>> 
>> Users at wnylug.org
>> http://wnylug.org/mailman/listinfo/users_wnylug.org
>> 
>> 
>> 
>> 
>>> 
>>> -- 
>>> 
>> 
>>> 115 Richfield Road 
>>> Williamsville, New York 14221 
>>> 716-553-8525
>> 
>>> _______________________________________________ Users mailing list Users at wnylug.org http://wnylug.org/mailman/listinfo/users_wnylug.org
>> 
>> _______________________________________________
>> Users mailing list
>> Users at wnylug.org
>> http://wnylug.org/mailman/listinfo/users_wnylug.org
>> 
>> 
>> 
>> 
>> -- 
>> Matthew Koerner
>> 
>> _______________________________________________
>> Users mailing list
>> 
>> Users at wnylug.org
>> http://wnylug.org/mailman/listinfo/users_wnylug.org
>> 
>> 
>> 
> 
> -- 
> <logo.jpg>
> 115 Richfield Road 
> Williamsville, New York 14221 
> 716-553-8525
> _______________________________________________
> Users mailing list
> Users at wnylug.org
> http://wnylug.org/mailman/listinfo/users_wnylug.org




More information about the Users mailing list