Creating personal proxy with authentication
-
Hello All
I am trying to create a "Resedential Proxy" server from my Netgate pfsense box. I did install Squid Proxy, enabled it and assigned it a specific network port. I enabled authentication via "Local" and have created a firewall rule which looks as followed:
I have the source IP set as my external server IP address, and the destination and source port set as the port I specific in the proxy setup. Does this look right? When I try and test it from my proxy tester on the server in the cloud, it doesnt appear to work so I suspect something is missing.
Thanks.
-
@ericarias1984 said in Creating personal proxy with authentication:
Does this look right?
No.. What interface did you set that on? You almost never actually set a source port, since pretty much all traffic source is going to be some random port above 1024.. Source port that is specific is very limited use case..
Why would you hide the ports is another ? ;) Its like hiding your house number, when I don't even know what country you are in ;) let alone city or street name.
So you want some external server/client from the internet talking to pfsense on its wan? Why would you be allowing it to all the possible firewall IPs, you would just use say the WAN address for the destination..
edit: When troubleshooting firewall rules, be it wan or lan side.. Its a good idea to set logging on the rule - to validate if something hits that rule. You can also look at the states column, that 0/0 you see on the those rules - if they continue to stay 0/0 this means that rule has never been triggered.
Without any rules at all, or forwards or anything setup you can actually validate if traffic can get to your wan IP by using say can you see me . org.. You can have it send tcp traffic to your wan IP on any port. And sniffing on your wan interface you can see if it gets there, or looking in firewall log to see if was blocked by the default deny, etc.
Possible your isp blocks whatever inbound ports your trying to allow, or maybe your behind a carrier grade nat 100.64/10 address space, or maybe your behind a double nat.. Is your wan IP actually a public IP?
-
@johnpoz said in Creating personal proxy with authentication:
Possible your isp blocks whatever
Thank you for your information, I really appreciate it. I dont believe I am behind a double NAT, my modem is setup in bridge mode along with my wifi access point. Basically what I am trying to do is use my local IP as a proxy from my server in the cloud. It sounds like I might have the Squid portion configured correctly right? It doesnt seem like there is that muh to do there but I need to hone in on the firewall rules. This is were I am confused.
-
@ericarias1984 if you have proxy setup listening on your wan.. Then the firewall rule you would need on the wan is the destination port would be the port your proxy is listening on, defaults to 3128 I believe
The destination IP would be wan address, and the source would be your outside public IP that is going to access it.
Source port would normally always be any.. I don't see any way that a client connection using a proxy would have a specific port set as source.
-
@johnpoz said in Creating personal proxy with authentication:
nd the source would be your outside public IP that
Thank you for the information! I seem to be getting further as it is failing much quicker but it still isnt working. I checked the squid logs and here is what I get:
TCP_DENIED/407
From the external server, I am using FOGLDN proxy tester which allows you to input the login and password. Any ideas?
Thanks
-
Figured it out. Looks like the password I was using was too long (must have been truncating it).
