pfSense for Squid with only one interface


  • LAYER 8 Rebel Alliance

    Hi,

    I want to replace my old squid CentOS box (in production for 600 users) with pfSense as base system and the squid package.
    Because I like to separate things squid should not reside on my edge pfSense. There is one very beefy box with VMware vSphere 6.5 where I'd like to install pfSense only for squid.
    My edge pfSense already got some DMZ network where the VM pfSense with squid should be connected to. So I would install this VM pfSense with only one vNIC which would then be the WAN interface from pfSense view.
    Now before I do the test setup...any traps I can step into because of only having one interface you guys can think of?
    Any other suggestions?

    Thanks for reading.

    -Rico


  • Netgate Administrator

    That should work fine.

    When you install pfSense with only one interface the default allow rule get placed on it and you will be able to reach the GUI etc on that interface by default.
    The only thing to watch out for is if you ever add another interface the default rules will move to that and potentially lock you out.

    Steve


  • LAYER 8 Rebel Alliance

    Thanks for your answer stephenw10.
    I took a deeper look into the pfSense squid package and now I'm not really sure if I could/should continue with this project because of some limitations.
    e.g. non editable

    acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901  3128 3129 1025-65535
    

    is a no go for my environment.

    -Rico


  • Netgate Administrator

    Because the proxy allows traffic on those ports?

    You can always block it on the firewall.

    Steve


Log in to reply