3. PFsense as http Proxy only

PFsense as http Proxy only

  • B

    I would like to install pfsense into an existing network and use it as a web proxy.

    I would like to just be able to change default gateway assignemend for the workstations so i can use squid in transparent mode.

    I have attempted to configure this with 2 interfaces, but it does not seem to grab and proxy web traffic.

    Can i get away with doing this using a single interface (router on a stick) configuration?

    Thanks in advance!

    0

  • It has to be the gateway for the transparent proxy to work.

    0
  • B

    I had it as the gateway.  here is a detailed configuration
    pfsense
    Lan 172.16.0.5/16
    gateway 172.16.0.3/16
    Wan 172.16.0.6/16

    computer:
    IP 172.16.5.254
    GW 172.16.0.5

    when testing internet access thorough this device,  none of the whitelist/blacklist settings would take place.

    0

  • And you've configured it as a transparent proxy, and none of the browsers have a proxy configured?

    Is squid installed?

    0
  • B

    yes i have verified that squid is installed,  and that the workstations are configured correctly.  I will need to re-install pfsense to do further testing as i tried to force all traffic for these subnets to use the wan interface.

    0

  • @bruor:

    pfsense
    Lan 172.16.0.5/16
    gateway 172.16.0.3/16
    Wan 172.16.0.6/16

    How is pfSense supposed to route (through its transparent proxy) with all IPs in the same subnet?
    IMHO pfSense's WAN and gateway have to be on a different subnet.

    0

  • @bruor:

    Can i get away with doing this using a single interface (router on a stick) configuration?

    Physically yes, logically not.
    You would have to use VLANs which logically makes it different interfaces and subnets.

    0
  • B

    I was hoping that when it caught a packet destined for another network on port 80,  that it would harness the request and use its wan interface configuration to fetch the desired content.

    I will post any results i can find to this thread

    0
  • B

    I have gotten this to work by configuring the following.

    LAN: 172.16.0.5/16
    WAN: 172.16.0.6/16
    Gateway: (your wan gateway) 172.16.0.2

    install squid,  select transparent mode.

    the issues I was having were related to windows.  when i added the gateway via the TCP/IP properties, it added a second gateway with a higher metric.  this made things a bit difficult to test,  once the pfsense was set as the lowest metric gateway, it started to proxy traffic for me.

    I hope this saves someone else a bit of time!

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy