Internet Related/Filtering/Firewall Thread, Another squid/byod thread in Technical; We have BYOD wireless being put in soon (Ruckus) - We have set up our network so that all the ...
30th January 2014, 12:03 PM #1
Another squid/byod thread
We have BYOD wireless being put in soon (Ruckus) - We have set up our network so that all the wireless devices are in their own VLAN, separate from our CC4 network.
We currently use RM SmartCache 2 for filtering, with a CISCO firewall. I need to set it up so that the wireless devices connect through a transparent proxy to the internet. What would be the best way to approach this?
We need to keep costs down so I have been setting up a small squid server to do this by passing traffic from squid, through our SmartCache2 to get filtering, through the firewall and out to the internet. We have a squid box set-up with Kubuntu and 2 NICs but don't really know where to start in terms of configuring it all. Advice welcome
30th January 2014, 12:21 PM #2
What switches do you have?
You can create a new VLAN and the ruckus can do the access control settings.
30th January 2014, 12:57 PM #3
Mainly HP ProCurve switches - So Ruckus can do transparent proxy?
Need to get to the point where the clients don't need to put any proxy/IP settings in to get to the internet.
30th January 2014, 01:07 PM #4
Ruckus can't do proxying itself, but you'd be able to set up DHCP and the like to point at a proxy (by using a WPAD.dat file or by using a proxy which you route via).
You then have Ruckus isolate the devices so they can't access anything else on your network via ACLs.
30th January 2014, 01:17 PM #5
I've heard the WPAD.dat files aren't a great solution, as it doesn't work with all devices.
I thought we would need to configure a transparent proxy server. SmartCache2 can't do transparent, which is why we're currently looking at squid, but not really sure where to start with it all.
30th January 2014, 01:19 PM #6
You can set squid up to do transparent proxying, but without a man in the middle certificate you will find only traffic on port 80 can be routed happily.
We found that getting our ISP to enable their transparent proxy was an easier option.
We setup a dual NIC Linux box on our BYoD vLan to take the wireless clients from the 172.x.x.x range that they get via the Linux DHCP and then forward the port 80 and 443 traffic through to the router's secondary 10.x.x.x range. This has the added bonus of ensuring our ADSL backup connection will not get swapped with remote devices in the case of a fault on our main fibre connection.
If we decide to install Ruckus as our new WiFi provider then the same setup should still work.
30th January 2014, 01:20 PM #7
You're correct, WPAD.dat doesn't work with all devices - some apps on some devices just ignore it entirely.
The thing is 'transparent proxy' is used for various technologies, having a proxy specified via DHCP (the WPAD.dat) option is transparent, just not as universal.
In your case, you'd want to set up an appliance with a cache on it, and you'd then need a routing device (can be the same appliance) which routes traffic to the right place. Squid and iptables on a Linux install could do all this. Or, you could buy into a solution like Smoothwall which can handle it.
30th January 2014, 01:39 PM #8
At the moment we have Squid on a Windows 7 machine and use SoftPerfect Bandwidth Manager to route all 172.10.x.x traffic to our SmartCache2 (192.168.3.202). We followed this guide: SoftPerfect Bandwidth Manager - Online user manual, Adding proxy server but it doesn't seem to work at all. Squid works fine if we enter the proxy settings manually into the test client, just the transparent part doesn't work.
I'm thinking of installing linux instead and configuring squid with ip-tables like @localzuk suggests.
6th February 2014, 08:28 PM #9
- Rep Power
I found this a good starting point for building a Linux proxy and web filter if you need it.
Ubuntu 12.04 Precise Pangolin and DansGuardian - Quick and Dirty
I'm testing it for use in my primary.
By mikes in forum Internet Related/Filtering/Firewall
Last Post: 29th November 2013, 12:27 PM
By truebluesteve in forum Wireless Networks
Last Post: 18th April 2013, 07:09 PM
By Reaper in forum Hardware
Last Post: 5th December 2011, 02:14 PM
By pooley in forum Windows 7
Last Post: 7th July 2011, 05:18 PM
By Easy_506 in forum MIS Systems
Last Post: 25th February 2009, 03:18 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)