Forcing all Web traffic to advanced proxy authentication server/forcing proxy



  • I am trying to setup pfsense to force all Web traffic to a separate proxy server that authenticates users against a W2K3 AD.  I have tried creating firewall rules and have looked into using CP, but I haven't found a way to do this.  An example would be the setting in Sonicwalls where you click a button under "force proxy" and put the IP address of the proxy server.

    Basically I am trying to route port 80 and 443 traffic on the LAN side to a proxy on the LAN that does the authentication against AD and filtering.  I would like to send all other traffic through to the WAN interface on pfsense.

    Thank you.



  • Block outbound traffic on 80/TCP and 443/TCP for anything but the proxy server IP.



  • Thanks for the reply.  Unfortunately I still have not been able to get this to work.  Let me give a little more detail.

    Pfsense - LAN = 172.16.0.1 WAN = unique public IP
    Endian proxy - LAN = 172.16.0.2 WAN = unique public IP

    The proxy works on port 8080.  I tried passing all port 80 and 443 traffic to the proxy IP with destination port of 8080 (on the LAN subnet).  That did not work.  I even tried adding a third rule after the port 80 and 443 redirect rules giving all other ports access.  All I am trying to do is redirect Web traffic to port 8080 on my proxy machine.  Sounds easy but I am missing something.  Any ideas?  Thanks.


Log in to reply