• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Outbound proxy setup

Scheduled Pinned Locked Moved Cache/Proxy
2 Posts 1 Posters 664 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • J
    Jeremy11one
    last edited by Jeremy11one Jan 14, 2022, 12:40 AM Jan 13, 2022, 9:54 PM

    This post is deleted!
    1 Reply Last reply Reply Quote 0
    • J
      Jeremy11one
      last edited by Jeremy11one Jan 14, 2022, 4:33 AM Jan 14, 2022, 4:28 AM

      I found the solution. Maybe it will help someone:

      HAProxy is intended only for reverse proxy behaviors, so don't bother with that. Their website even explicitly says so, and recommends using Squid if you need a regular proxy server.

      So, install the Squid package in pfSense, click Save on the Local Cache tab, adjust the settings on the General tab and click Save. In my case, I needed to set the listening port on the General tab to some random sacrificial port number that I'll never use, because the real ports will be handled by my code below. Now, scroll to the bottom of the General tab, expand the Advanced area, and put exactly this text in your box labelled "Custom Options (Before Auth)", except replace the IP addresses and port numbers with your own:

      ##### START MY CODE #####
      
      # these are the IP addresses and ports that Squid should listen on.
      # Remember, ignore the listening port you put in the pfSense GUI.
      # I did not actually need these loopback IPs in my code but I included them here in case it helps the copy/pasters.
      http_port 10.200.1.1:8001
      http_port 127.0.0.1:8001
      http_port 10.200.1.1:8002
      http_port 127.0.0.1:8002
      http_port 10.200.1.1:8003
      http_port 127.0.0.1:8003
       
      # Give each port a name
      acl portA localport 8001
      acl portB localport 8002
      acl portC localport 8003
       
      # Map each port name to the IP address you want the traffic to use as it leaves Squid.  These IPs must match the WAN IPs assigned to your pfSense interfaces and/or Virtual IPs.  Squid will automatically put the packets onto whichever interface these IPs are assigned to.
      tcp_outgoing_address 111.111.111.001 portA
      tcp_outgoing_address 111.111.111.002 portB
      tcp_outgoing_address 222.222.222.001 portC
      
      ##### END MY CODE #####
      
      1 Reply Last reply Reply Quote 0
      2 out of 2
      • First post
        2/2
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
        This community forum collects and processes your personal information.
        consent.not_received