Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Forward all HTTP trffic from a IP address to another IP address on a LAN.

    Scheduled Pinned Locked Moved NAT
    5 Posts 2 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      breedy256
      last edited by

      So I am trying to find out how to setup PFSence to allow me to Forward all HTTP Traffic from one IP  to another IP address on the same LAN.  This will allow me to use multiple proxy servers to test different devices and see there network traffic.

      The only thing i've been able to find is forward all HTTP traffic on a network to a specific IP/proxy server… But I would really like to forward all HTTP traffic from a specific IP address to another IP address to use with Charles Proxy server.

      Anyone have any suggestions?

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        This is a BAD idea.. This would create an asymmetrical routing condition..

        What is the destination of the http traffic - something outside pfsense? Like internet, and then you want to send it to proxy that is inside your network, then the proxy go out to the internet and get something.  So answer comes back to proxy, but then proxy says oh this if for guy on my same lan so sends it direct vs to pfsense.  Now vs answer coming from pfsense traffic comes from different place then where it was sent.  This is almost always BAD..

        My suggestion is want to test proxies on a client, to set those proxies explicit on the client you want to test.

        Or put your proxy on a different network than client then forward it, or nat it at pfsense before sending it to proxy so proxies sends traffic back to pfsense vs client directly.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • B
          breedy256
          last edited by

          Not all devices allow you to configure Proxy servers other wise i would do that.  Some hardware manufactures believe if you do not allow configuring a proxy server in there hardware that it can't be done.

          Currently i use a dd-wrt router and a custom script  It works like this [ Internet > Company Network > dd-wrt router ]

          Device is hardwired into dd-wrt router.  Script forwards all HTTP traffic from the local dd-wrt LAN out the WAN port to my proxy server which is located on the Company Network.

          This works pretty good but more and more co-workers are asking me how i am doing it and adding routers and SSID's to the building I'm sure IT will get annoyed soon.

          IT has setup a QA network using PFsense (and i use PFsense at home and love it)  but I was hoping i can find a way to do that with PFsense.

          Any Suggestions?

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            So your dd-wrt is NATTING the traffic I would guess.. That is not what your asking to do is it?

            "local dd-wrt LAN out the WAN port"

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • B
              breedy256
              last edited by

              That is correct.  Forwarding HTTP from LAN out the WAN.

              It was over a year ago i learned how to do it.  And from memory I thought i was able to forward all LAN traffic to a proxy server on the same LAN not out the WAN.  I just didn't like that because my proxy server was on my work computer that i used 24/7 and i wanted it on the corp backbone.  Anyways it sounds like there's not a simple solution that i've overlooked.

              Guess I'll just try playing around with the settings here at my home and see what i can figure out.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.