PFsense as http Proxy only

  • I would like to install pfsense into an existing network and use it as a web proxy.

    I would like to just be able to change default gateway assignemend for the workstations so i can use squid in transparent mode.

    I have attempted to configure this with 2 interfaces, but it does not seem to grab and proxy web traffic.

    Can i get away with doing this using a single interface (router on a stick) configuration?

    Thanks in advance!

  • It has to be the gateway for the transparent proxy to work.

  • I had it as the gateway.  here is a detailed configuration


    when testing internet access thorough this device,  none of the whitelist/blacklist settings would take place.

  • And you've configured it as a transparent proxy, and none of the browsers have a proxy configured?

    Is squid installed?

  • yes i have verified that squid is installed,  and that the workstations are configured correctly.  I will need to re-install pfsense to do further testing as i tried to force all traffic for these subnets to use the wan interface.

  • @bruor:


    How is pfSense supposed to route (through its transparent proxy) with all IPs in the same subnet?
    IMHO pfSense's WAN and gateway have to be on a different subnet.

  • @bruor:

    Can i get away with doing this using a single interface (router on a stick) configuration?

    Physically yes, logically not.
    You would have to use VLANs which logically makes it different interfaces and subnets.

  • I was hoping that when it caught a packet destined for another network on port 80,  that it would harness the request and use its wan interface configuration to fetch the desired content.

    I will post any results i can find to this thread

  • I have gotten this to work by configuring the following.

    Gateway: (your wan gateway)

    install squid,  select transparent mode.

    the issues I was having were related to windows.  when i added the gateway via the TCP/IP properties, it added a second gateway with a higher metric.  this made things a bit difficult to test,  once the pfsense was set as the lowest metric gateway, it started to proxy traffic for me.

    I hope this saves someone else a bit of time!

Log in to reply