Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfSense for Squid with only one interface

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 2 Posters 340 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • RicoR
      Rico LAYER 8 Rebel Alliance
      last edited by

      Hi,

      I want to replace my old squid CentOS box (in production for 600 users) with pfSense as base system and the squid package.
      Because I like to separate things squid should not reside on my edge pfSense. There is one very beefy box with VMware vSphere 6.5 where I'd like to install pfSense only for squid.
      My edge pfSense already got some DMZ network where the VM pfSense with squid should be connected to. So I would install this VM pfSense with only one vNIC which would then be the WAN interface from pfSense view.
      Now before I do the test setup...any traps I can step into because of only having one interface you guys can think of?
      Any other suggestions?

      Thanks for reading.

      -Rico

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        That should work fine.

        When you install pfSense with only one interface the default allow rule get placed on it and you will be able to reach the GUI etc on that interface by default.
        The only thing to watch out for is if you ever add another interface the default rules will move to that and potentially lock you out.

        Steve

        1 Reply Last reply Reply Quote 1
        • RicoR
          Rico LAYER 8 Rebel Alliance
          last edited by

          Thanks for your answer stephenw10.
          I took a deeper look into the pfSense squid package and now I'm not really sure if I could/should continue with this project because of some limitations.
          e.g. non editable

          acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901  3128 3129 1025-65535
          

          is a no go for my environment.

          -Rico

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            Because the proxy allows traffic on those ports?

            You can always block it on the firewall.

            Steve

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.