Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    PFsense as http Proxy only

    pfSense Packages
    3
    9
    13661
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bruor last edited by

      I would like to install pfsense into an existing network and use it as a web proxy.

      I would like to just be able to change default gateway assignemend for the workstations so i can use squid in transparent mode.

      I have attempted to configure this with 2 interfaces, but it does not seem to grab and proxy web traffic.

      Can i get away with doing this using a single interface (router on a stick) configuration?

      Thanks in advance!

      1 Reply Last reply Reply Quote 0
      • Cry Havok
        Cry Havok last edited by

        It has to be the gateway for the transparent proxy to work.

        1 Reply Last reply Reply Quote 0
        • B
          bruor last edited by

          I had it as the gateway.  here is a detailed configuration
          pfsense
          Lan 172.16.0.5/16
          gateway 172.16.0.3/16
          Wan 172.16.0.6/16

          computer:
          IP 172.16.5.254
          GW 172.16.0.5

          when testing internet access thorough this device,  none of the whitelist/blacklist settings would take place.

          1 Reply Last reply Reply Quote 0
          • Cry Havok
            Cry Havok last edited by

            And you've configured it as a transparent proxy, and none of the browsers have a proxy configured?

            Is squid installed?

            1 Reply Last reply Reply Quote 0
            • B
              bruor last edited by

              yes i have verified that squid is installed,  and that the workstations are configured correctly.  I will need to re-install pfsense to do further testing as i tried to force all traffic for these subnets to use the wan interface.

              1 Reply Last reply Reply Quote 0
              • jahonix
                jahonix last edited by

                @bruor:

                pfsense
                Lan 172.16.0.5/16
                gateway 172.16.0.3/16
                Wan 172.16.0.6/16

                How is pfSense supposed to route (through its transparent proxy) with all IPs in the same subnet?
                IMHO pfSense's WAN and gateway have to be on a different subnet.

                1 Reply Last reply Reply Quote 0
                • jahonix
                  jahonix last edited by

                  @bruor:

                  Can i get away with doing this using a single interface (router on a stick) configuration?

                  Physically yes, logically not.
                  You would have to use VLANs which logically makes it different interfaces and subnets.

                  1 Reply Last reply Reply Quote 0
                  • B
                    bruor last edited by

                    I was hoping that when it caught a packet destined for another network on port 80,  that it would harness the request and use its wan interface configuration to fetch the desired content.

                    I will post any results i can find to this thread

                    1 Reply Last reply Reply Quote 0
                    • B
                      bruor last edited by

                      I have gotten this to work by configuring the following.

                      LAN: 172.16.0.5/16
                      WAN: 172.16.0.6/16
                      Gateway: (your wan gateway) 172.16.0.2

                      install squid,  select transparent mode.

                      the issues I was having were related to windows.  when i added the gateway via the TCP/IP properties, it added a second gateway with a higher metric.  this made things a bit difficult to test,  once the pfsense was set as the lowest metric gateway, it started to proxy traffic for me.

                      I hope this saves someone else a bit of time!

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post