Greetings, The goal is to manage a LAN of 50-100 users dynamically controlling with access list the sites each user can see, and the ones they cant. I also need a simple way of controlling their internet route so that they can be changed to use different IPs from different peer proxies around the world (which i already have). All of this done 100% transparent to the user, all config must be able to be dynamically changed via the server level. Current services used by the users are: Port 80, Port 443, and port 21 and a messenger XML port. Dilemmas: a.) Squid cannot proxy/forward SSL in tranparent mode. So what are my options? Forward port 80 through a different protocol perhaps a VPN just for port 443 so that the particular user originates his/her requests from the IP i want it to be. Not to mention that not all users would be using the same src IP for port 443 so that at least I would have to manage 4-5 different tunnels the way I see it? b.) Squid cannot use the FTP protocol to upload files. Thus I would need to install on all the remote routes another true FTP compliant proxy. --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Why I need this to be 100% transparent: No user should ever be allowed to surf the internet with their local IP all communication should be proxied to a specific route so no bypassing allowed thus the need for a FORCED transparent proxy. My users have a number of different browsers installed ranging from opera, firefox, IE... besides they have applications that manage updates that would also need to have the proxy configured such as AntiVirus software, Anti Spyware. There are ways to automatically config brwosers but what about ftp clients, virus and adware software? We have sites that my users need not be proxied/vpned out because they are in the same location. So aside from configuring each proxy in the browsers stuff like a LAN CRM woudl have to be configured as exceptions. Not all users will use the same proxy, there would be at least 5 possible routes so internal routing must be done. --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- So, all of this is resumed into two proxy software combined with tunnels/vpns. Even if this is done like I suggest I think network diagnostics/maintenance would be *very* time consuming.. Would you guys agree? Is there any commercial solution/open source solution that can do what I want in a combo way? Btw due to the nature of SSL i dont expect to have allow lists or deny lists but it should in a way proxy it so that i can set custom src IPs per user. --Andres
