Squidguard/WPAD working on one port, what about 2nd and so on…

  • Hello, my pfSense has a NIC with 4 ports. One is the WAN, and the other port had a “router on a stick” configuration. So I configured squid/squidguard/wpad on that port under the IP it all works fine. I can monitor http and https traffic and I’m using a blacklist to block some content.
    Under the Proxy Interface(s) in Services - Proxy Server I bound only that interface.

    Now I want to use the 3th port for a new network – do I have to repeat everything I’ve done for the 130.1 interface? So add that interface for the “Proxy Interface(s)”, make a new wpad, make new NAT port forward for DNS?

    When I read other posts, people bind stuff to the pfSense “lan” interface. But what is the lan interface if I have several ports? Every port I use? Or just one which I declare the main port?

    Thank you!

    "what about second breakfast"

  • So… today it’s working. I’m still not sure that everything is done by the book but this is it:

    #WAN interface
    #My main interface (router on a stick with several VLAN-s on it)
    #My second interface (router on a stick with several VLAN-s on it)

    In Services – Squid Proxy Server under Proxy Interface(s) I have selected both the 130.1 and 120.1 interface and every VLAN interface.

    In Firewall – NAT I have this:
    130InterfaceNet    TCP/UDP    *    *    *    53 (DNS)    53 (DNS)    Redirect DNS   
    120InterfaceNet    TCP/UDP    *    *    *    53 (DNS)    53 (DNS)    Redirect DNS

    (in Firewall Rules I allow/block traffic between VLAN-s)

    And in the WPAD file everything returns to the

    My two questions are:
    #1 Why do I only have to make the NAT port forward for the main interface and not for the VLAN interfaces?
    #2 Is it OK, since it does work, that the WPAD returns everything to that one or should the network return to

Log in to reply