Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Advanced Proxy Setup

    Scheduled Pinned Locked Moved NAT
    4 Posts 2 Posters 2.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dwabraxus
      last edited by

      I have an interesting setup I am trying.
      I have a nice 6 port intel gigabit card and a dedicated proxy server. The proxy server has a Interfaced Masters fallover intel nic card. (IE when the proxy server is powered off the network bridges). Thus when my proxy server dies or is turned off, It should not take down my network. So here is the dilemma. I can not figure out the best way to forward web traffic from lan to the server. Each time I do it, when the serve ris powered off, the web traffic stops.

      Here is the config script I run on the debian proxy box

      
ifconfig eth2 0.0.0.0 promisc up
ifconfig eth3 0.0.0.0 promisc up

brctl addbr br0
brctl addif br0 eth2
brctl addif br0 eth3

ifconfig br0 192.168.99.2 netmask 255.255.255.0 up
route add default gw 192.168.99.1 dev br0

ebtables -t broute -A BROUTING -p IPv4 --ip-protocol 6  \
        --ip-destination-port 80 -j redirect --redirect-target ACCEPT
iptables -t nat -A PREROUTING -i br0 -p tcp --dport 80  \
        -j REDIRECT --to-port 8118

      I am currently running Pfsense 2.0.1

      Lan network is 192.168.100.0/24,
      proxy network is currently on its own subnet. I assume this is the best approach.

      Please advise what sort of rules/natting would created the desired effect.

      1 Reply Last reply Reply Quote 0
      • marcellocM
        marcelloc
        last edited by

        Is this your setup?

        Internet -> pfsense -> proxy -> lan?

        or

        internet -> pfsense -> lan
                          |
                        proxy

        Treinamentos de Elite: http://sys-squad.com

        Help a community developer! ;D

        1 Reply Last reply Reply Quote 0
        • D
          dwabraxus
          last edited by

          My Setup is like

          internet –> pfsense ==> lan
                            | |
                          proxy

          Eth1 is WAN
          Eth2 is Proxy Outbound
          Eth3 is Proxy Inbound
          Eth4,5 is LACP LAN

          Ideally I want to reroute web traffic from the lan to eth2.

          My best Idea was to have Eth2 and Eth3 on the same subnet and route traffic from (eth2 192.168.99.1 to Eth3 192.168.99.2) Thus having the proxy in the middle. When the proxy fails, the Ethernet card installed in it reverts to passthrough, thus preventing the network from crashing.

          So, as far as I can tell, I just need a way to reroute outbound traffic on port 80 on Lan interface to outbound on Eth2 interface.

          1 Reply Last reply Reply Quote 0
          • marcellocM
            marcelloc
            last edited by

            The way I can imagine this setup working is

            Internet -> pfsense -> proxy in bridge mode -> lan

            Using this way you create a nat from wan to lan web server and your proxy when online forwards it to proxy daemon.

            You have the option to install squid on pfsense.

            Internet -> pfsense -> lan

            Treinamentos de Elite: http://sys-squad.com

            Help a community developer! ;D

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.