Pfsense behind a proxy server is not connecting to the internet

arsalan · Oct 27, 2022, 8:19 AM

Hi,
I have a Pfsense machine behind a proxy. The proxy server is connected to the internet.
All of the LAN clients are supposed to connect to the Internet through Pfsense.
How should I configure Pfsense in this scenario?

I tried this configuration unsuccessfully:
System-->Advanced-->Miscellaneous-->Proxy URL: 192.168.55.100
System-->Advanced-->Miscellaneous-->Proxy Port:8080 (no username, no password)

Thank you

stephenw10 · Oct 27, 2022, 5:57 PM

That field configured pfSense itself to use the proxy for connections it creates itself, for updates for example.
https://docs.netgate.com/pfsense/en/latest/config/advanced-misc.html#proxy-support

If clients are not set to use the proxy directly and the proxy is not redirecting that traffic itself you could add a port forward to redirect client web traffic to it in pfSense. That's what Squid does if you're running that in pfSense.

Steve

zaibi12345 · May 29, 2024, 3:48 PM

@stephenw10
Sir i am stuck please help me below

I am working in an organization already having proxy configured, and managed by other department
Now I install pfsense and set wan as dhcp and lan with static and enable dhcp I am able to ping my company network resouces from that dhcp (used win 10 as vm ) also set company's proxy in system-->advanced --> misc tab alongwith port.
I would like to pass traffic through pfsense I also installed squid package and set proxy address of my pfsense LAN interface alongwith 3128 port but unable to browse internet (err connection time out) but ping works fine
when I put company's proxy then internet works fine but i need to pass traffic through my pfsense
please help me I am new to pfsense need your kind support
thankyou

WAN IP static 10.101.4.38 DNS 10.10.0.10 and 11---> LAN IP 192.168.1.100 (dhcp enabled) dns for client 10.101.4.1 and 8.8.8.8

stephenw10 · May 29, 2024, 5:44 PM

If you are using Squid you need to set the upstream proxy in Squid directly in the Remote Cache settings.

zaibi12345 · May 30, 2024, 12:13 PM

@stephenw10
Sir I already set remote cache , screen shot is below attached

stephenw10 · May 30, 2024, 1:02 PM

Do you see connections to it in the state table? (Diag > States)

zaibi12345 · May 30, 2024, 1:02 PM

@stephenw10
Sir connection from wan ip to my actual production proxy is established as stated below

complete states are below

stephenw10 · May 30, 2024, 1:08 PM

So what is not working here? Does the upstream proxy show it failing?

zaibi12345 · May 30, 2024, 1:14 PM

@stephenw10
sir actually ping to upstream works fine but browsing is not err connectin timed out is showing if i give proxy to browser but it i pass traffic from prod proxy then internet works fine but i want to pass traffic through my pfsense,
Is there any network restriction may from production side ? actually wan ip 10.101.4.38 is of my lab and this network is fine for browsing this ip should be enough to communicate with the world.
any suggestions is highly appreciated sir

stephenw10 · May 30, 2024, 1:24 PM

Does it show blocked on the upstream proxy?

Is it authenticated? Do you have a username/password entered there?

zaibi12345 · May 30, 2024, 1:30 PM

@stephenw10
there is no username password
just ip and port no

stephenw10 · May 30, 2024, 1:38 PM

Probably need to check the logs then. Both in Squid and the upstream proxy.

stephenw10 · May 30, 2024, 1:42 PM

Oh you might need this in the advanced options:

zaibi12345 · May 30, 2024, 1:49 PM

@stephenw10
superb sir you are awesome it works fine thankyou so much sir