How to setup proxy with parent proxy without being transparent / gateway

tperrin

Hello everyone :)

I have a question about the squid setup.

Here is my setup (I'm removing parts that are non-essential to my explanation):

Network A ---> Network B ---> Network C ---> Internet
192.168.0.0/16 -> 10.24.1.0/24 -> 10.78.13.0/24 -> The rest

Before I just had access to network A and had hardware in there. My pfsense is setup with one IP in network A and one IP in network B.

My upstream proxy is on network C.

Now I have to manage hosts that are on network B.

pfsense is only a device on network B, and has a default gateway on that same network, that other hosts have as well.

pfsense is the only device that is allowed to do requests to the upstream proxy. So if I have a device on network B and I want to send proxy requests, I have to go through the pfsense first. I can't put it as a gateway, otherwise I'll get asymetric routing and that's never good.

I don't want to setup a transparent proxy, I just want to setup squid and say that for http / ftp / https requests, squid should handle those and forward them to my upstream proxy in network C.

Thanks for any help you can give me :)

Happy firewalling !

tperrin

OK Quick update, this is done using "Remote cache" in the config (the entire tab is done with this).

I now have a working proxy for http requests, and I'm not sure on how to apply the same thing (forward every request to upstream proxy) for https without having to setup a CA.

Any ideas?