Setting up Multi Wan pfSense with dansguardian + squid on other box
-
Hello I have trouble with this setup,
Running pfSense 2.1 with 2 wan, I have a dansguardian + squid instance running ok on another box in the lan,
if I setup the dansguardian on the proxy configuration of the clients machines everything is ok,
if I try to make an "Firewall: NAT: Port Forward" rule to map any port 80 destination to the DG box it does not connect at all.
Any tips ? -
if I try to make an "Firewall: NAT: Port Forward" rule to map any port 80 destination to the DG box it does not connect at all.
Any tips ?Can you check with tcpdump if packages are reaching dansguardian?
Did you excluded dansguardian ip from this forward rule? -
Nope I didn't find out how to exclude the DG ip from nat rule.
-
Nope I didn't find out how to exclude the DG ip from nat rule.
Create one before this one, add dansguardian ip and enable option "No RDR".
Without it, the rule creates a loop between proxy server and firewall.
-
Thank you very much I'll will try this tomorrow as I don't have access to the server right now,
I was sure it wasn't looping since the remote DG access.log wasn't showing any activity. -
Unfortunately not working, the DG host see my machine connecting :
tcpdump:```
08:49:34.944203 IP munnin.blkz.net.8080 > 192.168.0.99.51708: Flags [S.], seq 2341763301, ack 4041716888, win 65535, options [mss 1460,nop,wscale 6,sackOK,TS val 1498471935 ecr 35021758], length 0
08:49:35.408208 IP munnin.blkz.net.8080 > 192.168.0.99.51707: Flags [S.], seq 2293124076, ack 3629114992, win 65535, options [mss 1460,nop,wscale 6,sackOK,TS val 3987869326 ecr 35021205], length 0But never connect back. Here are my pfsense rules and nat: ![](http://tollen.free.fr/images/NAT.png) ![](http://tollen.free.fr/images/NATR.png) ![](http://tollen.free.fr/images/FW.png)