Claer wrote:

quoted text
> On Wed, Apr 23 2008 at 40:17, Monah Baki wrote:

>

>> Hi all,

>>

> Hi,

>

>

>> I implemented the following rule and so far I can see that all users are

>> accessing my proxy server

>>

>> Tried the following in /etc/inetd.conf

>>

>>     127.0.0.1:5000 stream tcp nowait nobody /usr/bin/nc nc -w \

>>        20 192.168.3.106 8080

>>

>>

>>     rdr on $int_if proto tcp from $int_net to $ext_if port 80 -> \

>>        127.0.0.1 port 5000

>>

>>

>> But I have one question, my proxy requires authentication before browsing,

>> how can I have the firewall also authenticate, because if I disable on the

>> squid proxy authentication, it works. If I enable it, all sites I try to

>> visit comes up with a page that I need authentication first to use the

>> proxy.

>>

> Using transparent proxying + auth is generally considered a bad idea.

>

>

But if you really want to do this, I would suggest using authpf.  You

can set  up squid to do the proxying without authentication, set up pf

to deny all traffic to the squid instance and set up authpf rules to

allow all authenticated users passage to squid.

http://www.openbsd.org/faq/pf/authpf.html

Hope this helps.
Aaron