How to setup LAN to use proxy tru rules?



  • setup is:

    dual wan
    proxy server (not transparent)

    network is DHCP

    –-------
    I want to set one of the client to use my proxy (192.168.xx.xx:3128) without manually or automatic (script) setting it up on that particular client.

    I want to do it using firewall rules, is it possible?



  • I'm not sure if it's work.
    But have you try it?
    the concept is redirect port 80 traffic from the specified IP address to the proxy server address via port 3128. (CMIIW)

    one question I want to ask you, did your proxy run well with 2 WAN, AFAIK squid only can handle one WAN.



  • @yellowhat89:

    I'm not sure if it's work.
    But have you try it?
    the concept is redirect port 80 traffic from the specified IP address to the proxy server address via port 3128. (CMIIW)

    I've tried it, yet it didn't worked :(

    @yellowhat89:

    one question I want to ask you, did your proxy run well with 2 WAN, AFAIK squid only can handle one WAN.

    nope it doesn't run with 2 WAN, yet it is right there waiting for a client which is explicitly proxified.



  • You can block port 80 traffic from going outbound from that particular box. This will force the client to configure the proxy.

    I don't know of anyother way. The best thing to do is run the proxy transparently and tell squid not to cache the IPs that you don't want to be proxied.

    Squid does not work with multiWAN. When a clent request data on port 80 from pfsense, squid will get the data using WAN 0 and always WAN 0. If you put a dedicated squid box behind pfsense then traffic will be routed on the round robbin model.



  • @tommyboy180:

    You can block port 80 traffic from going outbound from that particular box. This will force the client to configure the proxy.

    yup, but this will affect the whole network instead of just only one client.

    @tommyboy180:

    Squid does not work with multiWAN. When a clent request data on port 80 from pfsense, squid will get the data using WAN 0 and always WAN 0. If you put a dedicated squid box behind pfsense then traffic will be routed on the round robbin model.

    yup, this is correct

    thanks tommy

    well, I guess there's no way to do it tru rules :(

    anyone?



  • @cruzades:

    @tommyboy180:

    You can block port 80 traffic from going outbound from that particular box. This will force the client to configure the proxy.

    yup, but this will affect the whole network instead of just only one client.

    You can setup the outbound rules so that only one box will have port 80 blocked. It won't affect your entire network, just that one box. Example, deny port 80 from 192.168.1.199; all others pass.



  • @tommyboy180:

    @cruzades:

    @tommyboy180:

    You can block port 80 traffic from going outbound from that particular box. This will force the client to configure the proxy.

    yup, but this will affect the whole network instead of just only one client.

    You can setup the outbound rules so that only one box will have port 80 blocked. It won't affect your entire network, just that one box. Example, deny port 80 from 192.168.1.199; all others pass.

    oh I missed the 'box' thing, anyway I want to make it automatic without further configuration at the user's end, is it possible?


Log in to reply