PFsense as http Proxy only

bruor

I would like to install pfsense into an existing network and use it as a web proxy.

I would like to just be able to change default gateway assignemend for the workstations so i can use squid in transparent mode.

I have attempted to configure this with 2 interfaces, but it does not seem to grab and proxy web traffic.

Can i get away with doing this using a single interface (router on a stick) configuration?

Thanks in advance!

Cry Havok

It has to be the gateway for the transparent proxy to work.

bruor

I had it as the gateway.  here is a detailed configuration
pfsense
Lan 172.16.0.5/16
gateway 172.16.0.3/16
Wan 172.16.0.6/16

computer:
IP 172.16.5.254
GW 172.16.0.5

when testing internet access thorough this device,  none of the whitelist/blacklist settings would take place.

Cry Havok

And you've configured it as a transparent proxy, and none of the browsers have a proxy configured?

Is squid installed?

bruor

yes i have verified that squid is installed,  and that the workstations are configured correctly.  I will need to re-install pfsense to do further testing as i tried to force all traffic for these subnets to use the wan interface.

jahonix

@bruor:

pfsense
Lan 172.16.0.5/16
gateway 172.16.0.3/16
Wan 172.16.0.6/16

How is pfSense supposed to route (through its transparent proxy) with all IPs in the same subnet?
IMHO pfSense's WAN and gateway have to be on a different subnet.

jahonix

@bruor:

Can i get away with doing this using a single interface (router on a stick) configuration?

Physically yes, logically not.
You would have to use VLANs which logically makes it different interfaces and subnets.

bruor

I was hoping that when it caught a packet destined for another network on port 80,  that it would harness the request and use its wan interface configuration to fetch the desired content.

I will post any results i can find to this thread

bruor

I have gotten this to work by configuring the following.

LAN: 172.16.0.5/16
WAN: 172.16.0.6/16
Gateway: (your wan gateway) 172.16.0.2

install squid,  select transparent mode.

the issues I was having were related to windows.  when i added the gateway via the TCP/IP properties, it added a second gateway with a higher metric.  this made things a bit difficult to test,  once the pfsense was set as the lowest metric gateway, it started to proxy traffic for me.

I hope this saves someone else a bit of time!