Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Proxy on internal network

    Scheduled Pinned Locked Moved pfSense Packages
    8 Posts 3 Posters 4.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dwabraxus
      last edited by

      First off, im not sure if this is the correct area to post this but I didn't think it fit under "Packages"

      So, I have squid currently running on a computer on my internal network. I want to "transparently" forward all web traffic to the proxy and allow the internal proxy to bypass this rule and access the internet. My current setup is to have Squid with almost no cache (50 mb), and using the internal computer as the parent proxy. I do not want to use this setup anymore. I have been having issues with the overhead of squid (Thus the dedicated machine).

      What is the best(Most efficient and fastest) way to forward all port 80 traffic to the proxy on another port (3128) but to allow all port 80 traffic from the proxy IP address internally?

      Thanks

      1 Reply Last reply Reply Quote 0
      • M
        mhab12
        last edited by

        I'm not sure I completely understand, though it does not sound like you are trying to do anything that cannot be done.  Can you sketch out a diagram of what you have versus what you want or something?

        1 Reply Last reply Reply Quote 0
        • D
          dwabraxus
          last edited by

          So right now all port 80 traffic works like so …

          Client (192.168.100.0/24) ->
          Pfsense (192.168.100.1/32)
            Squid Transparent Process with 50mb internal storage
            Squid routes to parent proxy on internal network (192.168.100.8) ->
          Squid on internal network with HAVP, and squidguard then requests from WAN

          Ideally I would like it to go like so
          Client (192.168.100.0/24) ->
          Pfsense (192.168.100.1/32) ->
          Redirects all port 80 traffic except that from 192.168.100.8 to proxy
          Proxy on 192.168.100.8 requests content from web

          Essentially removing the process on the router is the goal

          Thanks

          1 Reply Last reply Reply Quote 0
          • S
            Supermule Banned
            last edited by

            In short you want a reverse proxy, to take load of eventual webservers??? Correct??

            1 Reply Last reply Reply Quote 0
            • D
              dwabraxus
              last edited by

              I guess… I just want to proxy content requested from all my internal computers. I want to make the network faster and use less bandwidth though WAN. I have squid setup with videocache and HAVP on my internal server. I just want all traffic from my lan on port 80 to go to the proxy on ther internal server and have it request the non cached data from the servers. I want to completely remove squid from my router.

              Not entirely sure the correct lingo for that.

              The simplest way I think is to have 2 rules such as:
              All traffic on port 80 from proxy internal to wan is allowed
              All traffic on LAN subnet that is not from proxy internal using port 80 with destination though WAN to be redirected to local proxy on port 3128.

              1 Reply Last reply Reply Quote 0
              • S
                Supermule Banned
                last edited by

                Then it is not reverse proxy….:)

                Reverse proxy serves WAN side of router with requested pages.....

                http://www.google.dk/search?sourceid=navclient&hl=da&ie=UTF-8&rlz=1T4GGLJ_da&q=proxy+software

                Check to see if there is anything free available....

                1 Reply Last reply Reply Quote 0
                • M
                  mhab12
                  last edited by

                  Sounds like all you need are two pfSense boxes.  The setup would be like this:

                  WAN -> PFS1 (WAN (real IP) & LAN as 192.168.1.1, no packages) -> PFS2 (WAN as 192.168.1.2, gateway 192.168.1.1 and LAN as 192.168.2.1, running Squid, DHCP, etc.)

                  All your clients would pull 192.168.2.x IP addresses.  If you setup squid as a transparent proxy on 192.168.2.1, all the local content would be cached there, and if it was not cached, the content would be pulled down from the 192.168.1.1 router.  Just make sure you add a block rule for traffic from 192.168.2.x to 192.168.1.x, except for the routers themselves and set your subnet masks correctly.

                  Is this setup for a very large installation, or you just like to keep server roles separate?  If you configure/scale your hardware right, you should be able to make things easier and keep the entire setup on one box.

                  1 Reply Last reply Reply Quote 0
                  • S
                    Supermule Banned
                    last edited by

                    In that case, i would suggest doing it in VmWare….. Much easier than 2 seperate boxes. Also a lot cheaper in terms of power used :)

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.