Forward Web Proxy on NAT interface



  • Hi New pfSense user here.

    Finally got sick of my ISP supplied mega efficent state of the art router (Which broke down and cried at anything of 10Mbs - sold for a 20mb residential connection), and built my self a pfSense box. [And Loving it]

    I'm not a newbie in the networking an I.T game (I'm an ex GSM/I.P networks engineer for Orange UK) , I am however a little wet behind the ears with pfSense and would like a little advice from the community if at all possible.

    With my current setup I have a port forward on my WAN side that opens WWW (and Soon HTTPS WWW too) and funnels it into my forward proxy.  The forward proxy is currently running on Lighty [Light Httpd] (On a sparc T1 of all things :0)  ) and that decides based on the domain name coming in, which web application server to proxy the request too.

    Basically I have the following:

    INTERNET –> WAN(80) --> [pfSense using port forward] –> LAN(xx) --> Sparc(IF1-80) --> [Lighty domain check] –> Sparc(IF2-xx) --> Other web servers

    What I'd like to do if at all possible, is move the functionality provided by the Sparc onto the pfSense box (It's a twin core 3.02ghz P4 w 2gb Ram) and then retire the Sparc, as it's starting to get quite unreliable (It's close to being the same age as me!!!) :-)

    What I want to achieve is:

    INTERNET --> WAN(80) --> [pfSense - www domain check (Send to appropriate Web server via Lan side)] [pfSense Normal routing for everything else] –> LAN(xx)

    I do have 3 NIC's in the pfSense box, one which is currently set up as optional IF 1, but is not in use (IE: NO cable plugged in)

    If it's not possible to have pfS accept traffic direct into a web forwarder on 80, then that's fine, I'll figure out other ways, Iv'e had a poke around in pfS, I can see it's just BSD under the hood, so I could probably modify the OS install manually to do this, I can't see any of the plugins that jump out and suggest they are the ones to use, so before I end up kill my pfS box, has anyone got any thoughts on a way I can achieve this?

    Cheers
    Shawty



  • No one have any ideas how I can achieve this then?



  • You may want to look into the right part of the forum: https://forum.pfsense.org/index.php?board=60.0 and read the existing posts.


  • Rebel Alliance Global Moderator

    Yes you can install reverse proxy package on pfsense to provide that function, ie look at fqdn your trying to hit and send to specific IP behind pfsense.  The section Grimson linked too is prob the better place for such questions..