> > Dear all, > > I need to implement a Proxy Solution that works as following: > > 1. Proxy should be implementable without any changes on the net, it should > just replace the router > 2. Proxy should log any traffic in a logfile with username, ip and connected > site, should work for http, ftp, https. > 3. Users should authenticate at the proxy before they’ll be granted any > access to the internet. How ? Users are required to open the webbrowser, > type in any page, be redirected to a landing page where they’re required to > type in their username and password, that’s going to be checked from LDAP > if correct they’ll granted internet access (that might work with mac-address ⇔ > ip address ⇔ username coupling) after that combination changes the user is > required to relogin. > > Has anyone any idea how to actually Implement that in a system ? > I've done this with iptables and the 'recent' target in a public access wifi setup. The advantage of doing it at iptables level is that once you have authenticated to the login page, you can access the internet on any port so email etc works. 'recent' makes sure that the authentication times out after a period of inactivity, effectively logging the user off. If you google for 'captive portal' you might turn up some useful info on doing it in squid. James
