Squid reverse proxy not working



  • Hi all,

    So I'm trying to set up Squid (V0.4.44_7) as a reverse proxy with the use of the following guide but on my system it's not working as it should. I have a webserver that also has Exchange 2013 installed on it.

    The plan is that if I succeed in using the reverse proxy properly I can use a second server that only houses the websites separately from my Exchange environment.

    I've created a FW rule as was stated in the guide with the exception of allowing HTTP and HTTPS in my custom ports option:
    117acdea-df33-4bf4-b4db-8e5e4a7ffb67-image.png

    But when I disable my NAT rule, the reverse proxy is not working. I've tried connecting with my mobile phone's 4G connection (IP 63.143.42.243) at the time towards my websites and OWA. I keep getting the error message "TCP_DENIED/403"

    NAT rule:
    9fdf9d3e-70ac-46ac-8008-7fb8a6900acb-image.png

    Squid realtime log:
    d59543ff-0350-4d54-b0d9-6f7c2cfbb9a1-image.png

    Squid settings:
    899b6e9b-c5a3-45b5-906e-ea447d9a9693-image.png
    1b489478-1393-4d98-b0d8-6b9f20923ae9-image.png

    Reverse proxy settings:
    765a909d-023f-40fb-ba3b-0cdedcebcd76-image.png
    d5322300-b2da-4b30-a81c-486589d1b150-image.png
    0a731440-1b44-4685-be27-4d4fa98c21c0-image.png
    1c760227-2045-49ec-ac15-7c13cbcf887b-image.png
    a415312e-97d1-4db5-bca6-0ce69444d97d-image.png
    ca017df5-bee3-496c-9f83-27453dc8b1d4-image.png

    Someone that might have an idea about what could cause my issue?

    Thanks!



  • Could this perhaps come from the fact that I also enabled Exchange support on the reverse proxy? At the moment my webserver and exchange server are on the same guest...

    Just tested disabling this option and that did not solve my issue. When I disable nat no website and exchange front end are working/ reachable from the WAN.

    Problem now is that I need to disable NAT for properly using the reverse proxy, or am I mistaken in this regard? If so, to which IP address do I need to point it, as my exchange & webserver will be split up when I have a proxy properly running in my network.

    So ideal example setup:
    9e861813-65cb-43a9-9e31-d3a7589575d5-image.png



  • No one? :(



  • Hello, I've never used the reverse of squid with the exchange, so I do not know how to comment on it.
    however in my uses of the reverse it is necessary to use a regex according to the attached image.
    another question is about the ports, although it is not recommended, the way I do is the following, I create a rule with port 80 and 443 and point them to pfsense itself - print below - (this is not recommended, however for me it works)

    REGEX

    alt text

    Firewall Rules

    alt text



  • Thanks for the information.
    Seems about the same settings as it's on my PFsense.

    I'll give it a try with an additional webserver, might be that my OWA is messing up the mappings.


Log in to reply