PFsense as http Proxy only
-
I would like to install pfsense into an existing network and use it as a web proxy.
I would like to just be able to change default gateway assignemend for the workstations so i can use squid in transparent mode.
I have attempted to configure this with 2 interfaces, but it does not seem to grab and proxy web traffic.
Can i get away with doing this using a single interface (router on a stick) configuration?
Thanks in advance!
-
It has to be the gateway for the transparent proxy to work.
-
I had it as the gateway. here is a detailed configuration
pfsense
Lan 172.16.0.5/16
gateway 172.16.0.3/16
Wan 172.16.0.6/16computer:
IP 172.16.5.254
GW 172.16.0.5when testing internet access thorough this device, none of the whitelist/blacklist settings would take place.
-
And you've configured it as a transparent proxy, and none of the browsers have a proxy configured?
Is squid installed?
-
yes i have verified that squid is installed, and that the workstations are configured correctly. I will need to re-install pfsense to do further testing as i tried to force all traffic for these subnets to use the wan interface.
-
pfsense
Lan 172.16.0.5/16
gateway 172.16.0.3/16
Wan 172.16.0.6/16How is pfSense supposed to route (through its transparent proxy) with all IPs in the same subnet?
IMHO pfSense's WAN and gateway have to be on a different subnet. -
Can i get away with doing this using a single interface (router on a stick) configuration?
Physically yes, logically not.
You would have to use VLANs which logically makes it different interfaces and subnets. -
I was hoping that when it caught a packet destined for another network on port 80, that it would harness the request and use its wan interface configuration to fetch the desired content.
I will post any results i can find to this thread
-
I have gotten this to work by configuring the following.
LAN: 172.16.0.5/16
WAN: 172.16.0.6/16
Gateway: (your wan gateway) 172.16.0.2install squid, select transparent mode.
the issues I was having were related to windows. when i added the gateway via the TCP/IP properties, it added a second gateway with a higher metric. this made things a bit difficult to test, once the pfsense was set as the lowest metric gateway, it started to proxy traffic for me.
I hope this saves someone else a bit of time!