Need help with forwarding web trafic to the proxy sever on the network



  • Hello pfSense Community

    I would like to ask some help about creating some firewall rules to route all web trafic to a local proxy server to speed up our internet for the things there can be cached.

    Our network is 192.168.0.0/22 and the proxy server is located at 192.168.0.5 and listening on port 3128 for both http and https.

    Its not posible unfortunally to install squid on the pfSense because it only have a 4 gb hdd and no room for expanding storage wich is the reason that we have setup a proxy server on our windows server (192.168.0.5) that we would like to route all the web traffic throug



  • Hi.
    @tanja84dk
    At now all traffik is httpS. And can't to be cached (
    Use squid + guard just only for filtering etc.

    setup a proxy server on our windows server

    Very-very bad solution. Just find any old hdd and configure squid on pfsense.



  • actually that is not true https traffic can be cached and we have done it here at home in a test face for a month where we manually added the proxy's to two test computers. Its not legal everywhere but it is here where I live as long all person there is being impacted by it is informed and agree.

    Another thing you did not answer my question there were how do I forward all the webtrafic ( exept the one ip ) in firewall rules to one ip



  • @tanja84dk said in Need help with forwarding web trafic to the proxy sever on the network:

    https traffic can be cached

    Caching HTTPs requires doing a man in the middle type attack - replacing the SSL certificate with that of the cache server. That certificate will have to be generated on the fly and signed by a local authority.

    In a corporate environment you can make all PCs trust your cache server certificates. But other machines will give certificate errors - which they should. A malicious cache could modify the pages easily.

    Another thing you did not answer my question there were how do I forward all the webtrafic ( exept the one ip ) in firewall rules to one ip

    Port forwarding rule on LAN or give squid address with WPAD\PAC file to client with DHCP.



  • we are doing man in the middle with our own signed ssl cert that is created on the windows server here at home and have imported the cert on our pc's and mobiles as trusted that part I know what to do.

    But AGAIN I asked how I create the firewall rule to forward all trafic automaticly but AGAIN you dont answer on it. Guess I need to contact a moderator about you



  • But AGAIN I asked how I create the firewall rule to forward all trafic automaticly but AGAIN you dont answer on it
    Are u a blind?

    Look it for answer in my previous post.
    And i don't give you any screenshots because you should do it by yourself.

    Guess I need to contact a moderator about you

    WHAAAAT?! Goodbye.



  • I have now tried to create the port forward rules but for some reason it does not forward the trafic to the proxy server.

    I have also tried moving the rules up to the top that there were created within firewall / rules /lan and still no sucess

    screenshoot of the rules I added and the alias ProxyClient is a list of all host ip's in the range we use exept the proxy servers ip ofc
    https://cloud.tanja84.dk/index.php/s/qLP1KGyT1v0PNHl



  • it still wont work and have even tried to reboot the pfSense earlier today


Log in to reply