Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Forward pot 80 to 8080 on the same lan

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 4 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J Offline
      jjalbert73
      last edited by

      I am looking for help on doing a port redirect for any traffic on my Lan interface going to port 80 to a different box running dansguardian. I am running PFSENSE 2.2.4 I have a Lan and Wan interface. The history is the firewall/filter solution we were using is obsolete. I have replaced that unit with this PFSense box, but dansguardian was not working, it kept going up and down. So I have a separate linix machine that is running dansguardian on the same Lan as the PFSense box. I have set a redirect saying anything on the Lan net going out to port 80 is to go through the filter machine on port 8080. It does redirect the traffic, but the filter machine is not seeing the ip from the Lan net the traffic is coming from, it sees the Lan address from PFSense, and due to that it is blocking Web access. Is what I am looking to do possible?
      Here is the senerio I am looking at. Lan subnet is 192.168.1.0/21
      Lan address 192.168.1.1
      Protection forward says if Lan, source !192.168.1.2, destination any, destroyed port 80 redirect address
      192.168.1.2, redirect port 8080

      Is there a way to get the forward to use the client ip instead of the interface ip?

      1 Reply Last reply Reply Quote 0
      • D Offline
        doktornotor Banned
        last edited by

        No, because that traffic to a different machine on LAN will not hit the firewall at all, so the end result is exactly what you described.

        1 Reply Last reply Reply Quote 0
        • J Offline
          jjalbert73
          last edited by

          Would this be possible through a vlan? Or even putting the filter in the public WAN?

          1 Reply Last reply Reply Quote 0
          • M Offline
            muswellhillbilly
            last edited by

            Your best bet is to set your cilents' browsers to use the Linux proxy. You can either do this explicitly, entering the proxy server address in the network settings on the browser, or by using a proxy PAC file and setting your clients' browsers to refer to that.

            1 Reply Last reply Reply Quote 0
            • johnpozJ Offline
              johnpoz LAYER 8 Global Moderator
              last edited by

              ^ exactly or use of autodiscovery like wpad if your clients support that..  Its much better to do explicit pointing to your proxy then redirect from the gateway to the proxy just for the proxy to send the traffic back to the gateway.. That is a horrific hairpin setup..

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 24.11 | Lab VMs 2.8, 24.11

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.