I'm explaining the problem as best I can. Hopefully, I will be able to answer any questions about what I'm trying to do clearly. Sorry about the subject heading - not quite sure how to word this:
The situation: I'm in a public library with a mandate to provide wireless web access to whoever walks in. Because of security concerns - I want to provide only web access that goes through my proxy and gets logged - no other services no bypassing the proxy. I put up some wireless dsl/cable routers. This will give them a router assigned address 192.168.1.101 and the routers WAN is on our 10.2.2.x network as is my squid proxy at 10.2.2.2 (henceforth referred to as my big squid). Currently, to get out at all our library patrons would have to manually set their browsers to use 10.2.2.2:3128 as their proxy manually with nothing more than a handout saying find SSID linksys and set your proxy to 10.2.2.2:3128. The problem: To get the interaction and assistance of staff down to set your wireless card to use SSID being broadcast. The solutions that I am thinking about - that would be nice if they were simple enough and worked: 1. Just use the Linksys wifi cable DSL routers to provide access on the wireless network and stick a tiny linux box with two nics running squid to transparently proxy and use my the big squid as a parent. Added advantage they are completely excluded from anything on the insdide network that is not secured. 2. Discover settings in recent linksys cable routers so I could automatically portfoward the requests to the big squid. In effect achieving automatically setting the proxy through the dsl/cable router, without it being a transparently proxy. I can't make the big squid transparent because it is accessable to staff (authenticated users) from outside. I have endless older computers that can run redhad and squid but don't have any processing power. I have a linksys wireless dsl/cable router. I don't care to restrict our wireless users or to force them to authenticate, though I suspect if it gets out of hand, I need to keep those options open. -- Josh Kuperman [EMAIL PROTECTED]
