How do I use Squid to harden my Public Wi-fi?

Posted on 2008-11-17
Last Modified: 2012-06-21
Hi Experts,

I have been asked to setup 2 public wifi access points for my company both are unsecured their idea not mine!  Anyways was trying to develop some thing that could be used to stop 95% of people logging onto the network. The public wifi is on it's own private range and is firewalled by an IPcop. Have been playing around with squid and I beleive something like the following would suffice:

I need squid to forward all web requests unless authenticated to a web page
This web page will consist of a login page for use with the public wifi which users will use the username and password supplied by myself which will then give them Internet access. Ideally logging client MAC address so streamlining future connections, but probably beyond my expertise.

Have taken some principles from the Upsidedownternet ( as a form of trial and error

Very new to IPtables, Squid and Perl so any help is appreciated  

Also IPcop is different in the way it uses its proxy (I cant seem to find the squid.conf file to make changes)

Many Thanks
Question by:mrawli
    LVL 18

    Accepted Solution

    If I were you, I would move form IPCop to ClarkConnect. The community version is free and you can do everything you need and easily form a web based GUI, from bandwidth management, time restrictions, allow users to log on for Internet access and etc. It does use Squid. It has been very stable and is simply very good.  (Forums have been very helpful)

    You will need several NICs in an old PC, one for the WAN and others for each separate network you are planning. It also has a wireless side of things which I have never played with but I think that is for a hardware wireless NIC that will turn a CC box into a full blown AP/Router.

    I have used CC for ... well since it came out and that has been many years ago.

    LVL 18

    Expert Comment

    I wish I could type... form := from
    LVL 13

    Expert Comment

    You could try something like the CopSpot Addon for IPCOP.  Its an addon to add captive portal functionallity to the IPCOP Box.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    Hi All,  Recently I have installed and configured a Sonicwall NS220 in the network as a firewall and Internet access gateway. All was working fine until users started reporting that they cannot use the Cisco VPN client to connect to the customer'…
    DECT technology has become a popular standard for wireless voice communication. DECT devices are not likely to be affected by other electronic devices and signals because they operate in a separate frequency-band.
    This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
    Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

    733 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    25 Experts available now in Live!

    Get 1:1 Help Now