Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to setup proxy with parent proxy without being transparent / gateway

    Scheduled Pinned Locked Moved Cache/Proxy
    2 Posts 1 Posters 434 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tperrin
      last edited by

      Hello everyone :)

      I have a question about the squid setup.

      Here is my setup (I'm removing parts that are non-essential to my explanation):

      Network A ---> Network B ---> Network C ---> Internet
      192.168.0.0/16 -> 10.24.1.0/24 -> 10.78.13.0/24 -> The rest

      Before I just had access to network A and had hardware in there. My pfsense is setup with one IP in network A and one IP in network B.

      My upstream proxy is on network C.

      Now I have to manage hosts that are on network B.

      pfsense is only a device on network B, and has a default gateway on that same network, that other hosts have as well.

      pfsense is the only device that is allowed to do requests to the upstream proxy. So if I have a device on network B and I want to send proxy requests, I have to go through the pfsense first. I can't put it as a gateway, otherwise I'll get asymetric routing and that's never good.

      I don't want to setup a transparent proxy, I just want to setup squid and say that for http / ftp / https requests, squid should handle those and forward them to my upstream proxy in network C.

      Thanks for any help you can give me :)

      Happy firewalling !

      1 Reply Last reply Reply Quote 0
      • T
        tperrin
        last edited by

        OK Quick update, this is done using "Remote cache" in the config (the entire tab is done with this).

        I now have a working proxy for http requests, and I'm not sure on how to apply the same thing (forward every request to upstream proxy) for https without having to setup a CA.

        Any ideas?

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.