Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    routing internal traffic to specific gateway

    Scheduled Pinned Locked Moved Routing and Multi WAN
    4 Posts 2 Posters 48 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B Offline
      beanboy
      last edited by

      I'm trying to route traffic from Squid Proxy server, installed on pfSense, out a VPN gateway, and it always uses the default gateway instead. My understanding is that since Squid is running on the same box as pfSense, the traffic from Squid is internal and never sees any of the firewall rules, even though Squid is setup to use the VPN interface for egress traffic. Is there some way I can intercept the traffic from Squid and direct to a specific gateway? Thanks.

      V 1 Reply Last reply Reply Quote 0
      • V Offline
        viragomann @beanboy
        last edited by

        @beanboy said in routing internal traffic to specific gateway:

        My understanding is that since Squid is running on the same box as pfSense, the traffic from Squid is internal and never sees any of the firewall rules

        Apart from floating rules for outging traffic on the outgoing interface.

        Is there some way I can intercept the traffic from Squid and direct to a specific gateway?

        Policy-routing floating rules for direction "out" on the outgoing (default) interface.

        B 1 Reply Last reply Reply Quote 0
        • B Offline
          beanboy @viragomann
          last edited by

          Thanks for info.

          @viragomann said in routing internal traffic to specific gateway:

          Policy-routing floating rules for direction "out" on the outgoing (default) interface.

          I've tried this in varying forms with no success, but just to make sure I understand, I should create a floating rule with the following config:
          Interface: default gateway interface (WAN)
          Direction: out
          Source: ?
          Destination: Any
          Gateway: VPN gateway

          If I use 'self' for source, then the internet breaks for LAN clients. If I use the VPN interface address, Squid egress traffic still gets routed through WAN.

          Appreciate any further ideas. Thanks.

          V 1 Reply Last reply Reply Quote 0
          • V Offline
            viragomann @beanboy
            last edited by

            @beanboy said in routing internal traffic to specific gateway:

            If I use 'self' for source

            I'm not familiar with squid. Maybe you can bind it to a certain IP.
            In any case you have to add an outbound NAT rule to the VPN gatway for the source IP.

            "firewall self" directs any traffic from pfSense itself to the stated gatway, so DNS as well. And this would also need an outbound NAT rule.
            It you're not able to bind squid to a certain IP, add an outbound NAT rule for the source 127.0.0.0/8.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.