Advanced Proxy Setup
-
I have an interesting setup I am trying.
I have a nice 6 port intel gigabit card and a dedicated proxy server. The proxy server has a Interfaced Masters fallover intel nic card. (IE when the proxy server is powered off the network bridges). Thus when my proxy server dies or is turned off, It should not take down my network. So here is the dilemma. I can not figure out the best way to forward web traffic from lan to the server. Each time I do it, when the serve ris powered off, the web traffic stops.Here is the config script I run on the debian proxy box
ifconfig eth2 0.0.0.0 promisc up ifconfig eth3 0.0.0.0 promisc up brctl addbr br0 brctl addif br0 eth2 brctl addif br0 eth3 ifconfig br0 192.168.99.2 netmask 255.255.255.0 up route add default gw 192.168.99.1 dev br0 ebtables -t broute -A BROUTING -p IPv4 --ip-protocol 6 \ --ip-destination-port 80 -j redirect --redirect-target ACCEPT iptables -t nat -A PREROUTING -i br0 -p tcp --dport 80 \ -j REDIRECT --to-port 8118
I am currently running Pfsense 2.0.1
Lan network is 192.168.100.0/24,
proxy network is currently on its own subnet. I assume this is the best approach.Please advise what sort of rules/natting would created the desired effect.
-
Is this your setup?
Internet -> pfsense -> proxy -> lan?
or
internet -> pfsense -> lan
|
proxy -
My Setup is like
internet –> pfsense ==> lan
| |
proxyEth1 is WAN
Eth2 is Proxy Outbound
Eth3 is Proxy Inbound
Eth4,5 is LACP LANIdeally I want to reroute web traffic from the lan to eth2.
My best Idea was to have Eth2 and Eth3 on the same subnet and route traffic from (eth2 192.168.99.1 to Eth3 192.168.99.2) Thus having the proxy in the middle. When the proxy fails, the Ethernet card installed in it reverts to passthrough, thus preventing the network from crashing.
So, as far as I can tell, I just need a way to reroute outbound traffic on port 80 on Lan interface to outbound on Eth2 interface.
-
The way I can imagine this setup working is
Internet -> pfsense -> proxy in bridge mode -> lan
Using this way you create a nat from wan to lan web server and your proxy when online forwards it to proxy daemon.
You have the option to install squid on pfsense.
Internet -> pfsense -> lan