Squidguard/WPAD working on one port, what about 2nd and so on…

AliasNeo

Hello, my pfSense has a NIC with 4 ports. One is the WAN, and the other port had a “router on a stick” configuration. So I configured squid/squidguard/wpad on that port under the IP 192.168.130.1 it all works fine. I can monitor http and https traffic and I’m using a blacklist to block some content.
Under the Proxy Interface(s) in Services - Proxy Server I bound only that 192.168.130.1 interface.

Now I want to use the 3th port for a new network 192.168.120.0 – do I have to repeat everything I’ve done for the 130.1 interface? So add that interface for the “Proxy Interface(s)”, make a new wpad, make new NAT port forward for DNS?

When I read other posts, people bind stuff to the pfSense “lan” interface. But what is the lan interface if I have several ports? Every port I use? Or just one which I declare the main port?

Thank you!

"what about second breakfast"

AliasNeo

So… today it’s working. I’m still not sure that everything is done by the book but this is it:

#WAN interface
#My main interface 192.168.130.1 (router on a stick with several VLAN-s on it)
#My second interface 192.168.120.1 (router on a stick with several VLAN-s on it)

In Services – Squid Proxy Server under Proxy Interface(s) I have selected both the 130.1 and 120.1 interface and every VLAN interface.

In Firewall – NAT I have this:
130InterfaceNet    TCP/UDP    *    *    *    53 (DNS)    127.0.0.1    53 (DNS)    Redirect DNS   
120InterfaceNet    TCP/UDP    *    *    *    53 (DNS)    127.0.0.1    53 (DNS)    Redirect DNS

(in Firewall Rules I allow/block traffic between VLAN-s)

And in the WPAD file everything returns to the 192.168.130.1:3128

My two questions are:
#1 Why do I only have to make the NAT port forward for the main interface and not for the VLAN interfaces?
#2 Is it OK, since it does work, that the WPAD returns everything to that one 192.168.130.1:3128 or should the 192.168.120.0 network return to 192.168.120.1:3128?