2.0 How to redirect LAN port 80 to a proxy server
-
i use this configuration to redirect ALL LAN traffic to my transparent proxy that using port 3128
interface : LAN
external address : any
protocol : TCP
external port range : HTTP
nat ip : my transparent proxy IP
local port : transparent proxy portand it works under pfsense 1.2.3 :)
-
Thanks gendit.
Like miafya/me say, on 1.2.3 works, but now we want to setup this on 2.0RC3.
Thanks :)
-
After my posts a few days ago I left things alone for a day. When I came in the next morning, I realized that the NAT was working. I did not do anything different that I can think of, but it seems to be working just like with 1.2.3.
The only thing I can think of is that perhaps I still had some active states in the firewall that needed time to die before the NAT settings took effect.
I've attached the current rules I have. The first is of the NAT rule, the second is the firewall rule.
-
Just want to confirm what I had read.
I got my pfsense LAN/WAN nics.
Squid listen in LAN address port 3128.
LAN 192.168.50.1
I cannot setup a port forward from my LAN subnet X port to LAN address Y port?
If I add another NIC in my pfsense box:
opt1 192.168.50.2
I setup squid to listen on this nic, I can do the port forward?
Or I must be on different subnet?
Pfsense 2.0 doubts.
Thanks!!!
-
The process I'm talking about is if you have an external squid box outside of pfSense and want to forward traffic to it. In version 1.2.x you had to have the external box on another interface in order to be able to NAT to it.
However under pfsense 2 you can install the squid package and do a transparent proxy directly in pfsense without using NAT or other interfaces. It is pretty simple to set up. Once you install the squid package, a "Proxy server" item will show up under the Services menu.
-
Thanks miafya.
In my case, my pfsense box have squid running?
Thanks.
-
If your pfsense box has squid running and you want to use that, just enable squid for the interfaces you wish to use. The settings are under "Services -> Proxy Server". It has a nice transparent proxy option too.
If you want to use an external squid box, make sure to remove squid from your pfsense box or disable it from the interface you wish to use. Then use the NAT settings to forward to your external box.
-
I had done this, my squid settings have the new interface, I cannot use transparent mode because I need to use my ldap users.
Thanks miafya. -
Unless you have something else above that rule that would be overriding it, that should work. That would also including having the squid package installed on the firewall and running in transparent mode there.
jimp, what about https? I can't get it to work on 2.0, forwarding 443 on LAN to proxy_ip port 3128.
TCP_DENIED/400 3012 NONE error:unsupported-request-method - NONE/- text/html
thanks
-
You cannot transparently proxy https.