Forward all HTTP trffic from a IP address to another IP address on a LAN.

  • So I am trying to find out how to setup PFSence to allow me to Forward all HTTP Traffic from one IP  to another IP address on the same LAN.  This will allow me to use multiple proxy servers to test different devices and see there network traffic.

    The only thing i've been able to find is forward all HTTP traffic on a network to a specific IP/proxy server… But I would really like to forward all HTTP traffic from a specific IP address to another IP address to use with Charles Proxy server.

    Anyone have any suggestions?

  • LAYER 8 Global Moderator

    This is a BAD idea.. This would create an asymmetrical routing condition..

    What is the destination of the http traffic - something outside pfsense? Like internet, and then you want to send it to proxy that is inside your network, then the proxy go out to the internet and get something.  So answer comes back to proxy, but then proxy says oh this if for guy on my same lan so sends it direct vs to pfsense.  Now vs answer coming from pfsense traffic comes from different place then where it was sent.  This is almost always BAD..

    My suggestion is want to test proxies on a client, to set those proxies explicit on the client you want to test.

    Or put your proxy on a different network than client then forward it, or nat it at pfsense before sending it to proxy so proxies sends traffic back to pfsense vs client directly.

  • Not all devices allow you to configure Proxy servers other wise i would do that.  Some hardware manufactures believe if you do not allow configuring a proxy server in there hardware that it can't be done.

    Currently i use a dd-wrt router and a custom script  It works like this [ Internet > Company Network > dd-wrt router ]

    Device is hardwired into dd-wrt router.  Script forwards all HTTP traffic from the local dd-wrt LAN out the WAN port to my proxy server which is located on the Company Network.

    This works pretty good but more and more co-workers are asking me how i am doing it and adding routers and SSID's to the building I'm sure IT will get annoyed soon.

    IT has setup a QA network using PFsense (and i use PFsense at home and love it)  but I was hoping i can find a way to do that with PFsense.

    Any Suggestions?

  • LAYER 8 Global Moderator

    So your dd-wrt is NATTING the traffic I would guess.. That is not what your asking to do is it?

    "local dd-wrt LAN out the WAN port"

  • That is correct.  Forwarding HTTP from LAN out the WAN.

    It was over a year ago i learned how to do it.  And from memory I thought i was able to forward all LAN traffic to a proxy server on the same LAN not out the WAN.  I just didn't like that because my proxy server was on my work computer that i used 24/7 and i wanted it on the corp backbone.  Anyways it sounds like there's not a simple solution that i've overlooked.

    Guess I'll just try playing around with the settings here at my home and see what i can figure out.

Log in to reply