Hi FreeBSD Users
I picked up the task to show some users a splash screen if the are browsing in the internet.
My idea ist, to create a transparent proxy with a captive portal. If a user makes a http request, he gets redirected to a page, where he has to press a button (so we can store the ip address). After that, the user can use the internet "normaly". After a certain time, the message will be shown again and the user has to press the button again. Only http should be affected, all other traffic is allowed without "login"
Is this possible? I would say yes
So far i have a board from pc engines with 3 gig interfaces. one "in" (re2) one "out" (re0) and one for management purposes (re1).
re0 and re2 are bridged. With this oconfiguration everything is working and the users can use http and everything else
squid 4 is installed with pf support
Internet -- Router -- (re0) TProxy (re2) -- CMTS -- SOHO Routers with NAT -- Client
My problem is, that the redirection is not working. As soon as I enable the rdr rule in pf.conf, I can't access http pages anymore, but dont see any traffic on the lo0 interface nor on any interface for port 3218
Since there is no NAT involved, do i need ip addresses on the in and out interfaces? I guess no, because the proxy should be transparent
If I need IP addresses on the proxy, is it ok to just have one on the out (re0) interface?
any help is appreciated
tia
I picked up the task to show some users a splash screen if the are browsing in the internet.
My idea ist, to create a transparent proxy with a captive portal. If a user makes a http request, he gets redirected to a page, where he has to press a button (so we can store the ip address). After that, the user can use the internet "normaly". After a certain time, the message will be shown again and the user has to press the button again. Only http should be affected, all other traffic is allowed without "login"
Is this possible? I would say yes
So far i have a board from pc engines with 3 gig interfaces. one "in" (re2) one "out" (re0) and one for management purposes (re1).
re0 and re2 are bridged. With this oconfiguration everything is working and the users can use http and everything else
squid 4 is installed with pf support
Internet -- Router -- (re0) TProxy (re2) -- CMTS -- SOHO Routers with NAT -- Client
Code:
# rc.conf
hostname="box"
cloned_interfaces="bridge0"
ifconfig_bridge0="addm re0 addm re2 up"
ifconfig_re0="up"
ifconfig_re2="up"
gateway_enable="YES"
sshd_enable="YES"
pf_enable="YES"
pflog_enable="YES"
squid_enable="YES"
dumpdev="AUTO"
Code:
# squid.conf
visible_hostname box
http_port 80
http_port 3128 intercept
#http_port 3128 tproxy
Code:
# pf.conf
int_if="re2"
out_if="re0"
set skip on lo0
rdr pass on $int_if inet proto tcp from any to any port 80 -> 127.0.0.1 port 3128
pass log
My problem is, that the redirection is not working. As soon as I enable the rdr rule in pf.conf, I can't access http pages anymore, but dont see any traffic on the lo0 interface nor on any interface for port 3218
Since there is no NAT involved, do i need ip addresses on the in and out interfaces? I guess no, because the proxy should be transparent
If I need IP addresses on the proxy, is it ok to just have one on the out (re0) interface?
any help is appreciated
tia