iptables, squid, and redirecting web traffic for guest access

[nuclearsnake]

Hi everyone,

Little background. We have two SSID networks, one WPA2, secured that has full access to our network, and the internet over a proxy on that VLAN.
Our second network, is going to be open, with a linux firewall to bridge the connection from that VLAN to corporate VLAN for only web traffic. The thing is I want to have a "Please logon / portal page" that gets displayed when you try to access the web on the guest wireless.

Before I setup the redirecting the 1st page to a logon page I need to get webaccess from the guest to the corporate proxy working
What would I need to add to the firewall script to setup a transparent Proxy from one vlan to a proxy on another.

 

[archivalbackup]

If you have 2 vlans, one 'trusted' and one 'untrusted' your are going to either need to trunk to your proxy server (which I have no clue if it can support) then assign two IP's in the various vlans (use different subnets) then apply the firewall rules as necessary. You may even be able to add another NIC for the 'untrusted' assuming you have two different physical APs.

Otherwise you may need a Layer 3 device (switch/router) to sit between your two APs/VLANs and your proxy, enable routing (static will get you by) and write the appropriate access lists/firewall rules to restrict access on the guest vlan, and between the two vlans.