Please help NEWBIE: proxy in the same network with PFSENSE

jdangjohnny

I am sorry but I have a problem and I need your guidance. I know 100% that is something in PFSENSE. I am new to PFSENSE and welcome any guidance. I install PFSENSE on a server for my home. The internal IP address is 192.168.1.1. I also have a Linux server (192.168.1.10) running proxy (squid 3.x) on port 5128. Everything is working fine except, from a Windows 10 PC (192.168.1.6), I use Firefox which point to 192.168.1.10 as the Manual Proxy. WHY? Just for testing because, I will use OPENVPN from my office to the same Linux PC (192.168.1.10) but using SPLIT TUNNEL so the PC at work can still use Local Area Network, I will then use Firefox at work to browse the Internet which use 192.168.1.10 as the proxy TCP 5128. Before PFSENSE, I use the VZ FIOS as the router and it works perfectly. So it has to be the PFSENSE. So why is PFSENSE is giving problem browsing the Internet from 192.168.1.6 using 192.168.10 as proxy server on port 5128?
Believe me, when I replace the PFSENSE with the slow chunky VZ FIOS G1100, it works… As soon as I put the PFSENSE back, the proxy stops working. What drives me crazy is some web sites like Amazon work but most are are not working. How could log those blocked traffic or why does PFSENSE stops the proxy service while I am in the same LAN? Thanks for your guidance..

KOM

You're asking why your Windows LAN client has to be told about your Linux proxy server?  Maybe your old router has some proxy redirection feature?  No idea about that.  If you want your LAN clients to autodiscover your proxy, that can be done via WPAD.  You can also hand out your proxy address as an option 252 from your DHCP server.

jdangjohnny

First of all, thanks for the reply… I appreciate it. I specify the proxy setting in Firefox (192.168.1.10 port 5128.) And just for fun, I ask my neighbor to patch over a COMCAST LINE (Edge Route Lite with IP 192.168.1.254), then change the linux server gateway from 192.168.1.1 (PFSENSE) to 192.168.1.254 and boom, the proxy works. So for some reason (I put the linux server gateway back to 192.168.1.1 and then Windows PC can no longer browse the Internet via proxy) PFSENSE stop the proxy traffic:

PFSENSE: 192.168.1.1 LAN
Linux Server 192.168.1.10
WINDOWS 192.168.1.6
EDGE ROUTER 192.168.1.254.

It has to be the PFSENSE but what is it?

johnpoz

This has ZERO to do with pfsense - ZERO!!!  Pfsense doesn't give 2 shits if the traffic is from a client browser directly or via some proxy on your network for a different client..

Have you modified the lan rules in any way on pfsense? Or the default any any?  Are you running and sort of IPS package on pfsense or proxy?

If I had to guess most likely related to asymmetrical traffic.  Seems to me your proxy is 1 armed bandit mode and hairpin to get to the gateway (pfsense)..

What I would do is sniff on pfsense lan interface to find out where your problem is..

KOM

It has to be the PFSENSE but what is it?

You're not listening.  Your old router probably had some kind of proxy helper where it would intercept 80/443 tcp and forward it to another client on LAN.  This is not a standard option with most routers that I have seen.  In general, your clients either need to be explicitly told about your proxy via manual configuration, or they need to detect it on their own using WPAD which I previously linked to.  There is no magic switch to flip.