routing internal traffic to specific gateway
-
I'm trying to route traffic from Squid Proxy server, installed on pfSense, out a VPN gateway, and it always uses the default gateway instead. My understanding is that since Squid is running on the same box as pfSense, the traffic from Squid is internal and never sees any of the firewall rules, even though Squid is setup to use the VPN interface for egress traffic. Is there some way I can intercept the traffic from Squid and direct to a specific gateway? Thanks.
-
@beanboy said in routing internal traffic to specific gateway:
My understanding is that since Squid is running on the same box as pfSense, the traffic from Squid is internal and never sees any of the firewall rules
Apart from floating rules for outging traffic on the outgoing interface.
Is there some way I can intercept the traffic from Squid and direct to a specific gateway?
Policy-routing floating rules for direction "out" on the outgoing (default) interface.
-
Thanks for info.
@viragomann said in routing internal traffic to specific gateway:
Policy-routing floating rules for direction "out" on the outgoing (default) interface.
I've tried this in varying forms with no success, but just to make sure I understand, I should create a floating rule with the following config:
Interface: default gateway interface (WAN)
Direction: out
Source: ?
Destination: Any
Gateway: VPN gatewayIf I use 'self' for source, then the internet breaks for LAN clients. If I use the VPN interface address, Squid egress traffic still gets routed through WAN.
Appreciate any further ideas. Thanks.
-
@beanboy said in routing internal traffic to specific gateway:
If I use 'self' for source
I'm not familiar with squid. Maybe you can bind it to a certain IP.
In any case you have to add an outbound NAT rule to the VPN gatway for the source IP."firewall self" directs any traffic from pfSense itself to the stated gatway, so DNS as well. And this would also need an outbound NAT rule.
It you're not able to bind squid to a certain IP, add an outbound NAT rule for the source 127.0.0.0/8.