routing port 80 and 443 through an upstream proxy
-
Hello,
can the pfsense route port 80 and 443 through an upstream proxy?
What do i have to configure?
My problem is a unifi dream machine does not support an proxy.
Thank you.
Tobias -
@itob
You can do this with Policy Routing. -
If I understand the rules correctly, I bypass my own proxy in the pfsense.
We have an upstream proxy in front of our network, which I am not allowed to configure.
Therefore the pfsense should forward all requests on port 80 and 443 to this proxy. -
@itob
You have to add the proxy as a gateway at first in System > Routing > Gateways.Create an alias and a dd the ports 80 and 443 to it. Call it say HTTP_HTTPS.
Add a firewall rule to the interface, where your clients are connected to, destination IP = any, dest. port = alias > HTTP_HTTPS. Open the advanced settings and state the proxy gateway.
Put this rule to the top of the rule set. -
when creating I get the message:
The gateway address 10.101.1.127 does not lie within one of the chosen interface's subnets.The proxy only listens to port 8080. Then 80 and 443 would have to be implemented in it.
-
@itob said in routing port 80 and 443 through an upstream proxy:
The gateway address 10.101.1.127 does not lie within one of the chosen interface's subnets.
Yes, the server must be within a subnet with pfSense for this. I'm wondering why it isn't.
The proxy only listens to port 8080.
You can for sure forward the traffic to port 8080, but isn't it the more reliable way to configure the clients for using the proxy instead?
Additionally you can block direct upstream traffic on the firewall. -
The Problem is, we must use in the LAN an upstream proxy for safety reasons.
So my question was whether I can convert this into a kind of transparent proxy...
but the "outdoor" proxy i can not configure. -
@itob said in routing port 80 and 443 through an upstream proxy:
So my question was whether I can convert this into a kind of transparent proxy...
No, you didn't matter before that it should be transparent.
Configuring the clients won't be. But why is this a need at all?but the "outdoor" proxy i can not configure.
There won't no settings be possible.
You can try it with redirecting the upstream traffic if you want to have a transparent proxy, but I'm not sure, if this would work.