PfSense and external Squid server
-
Hi all,
I'm setting up a test environment with pfSense (in fail-over) to learn it and use it later in production.
Now I'm having a problem with my proxy server.I have an external Squid proxy server setup, default port 3128 on a Ubuntu 8.04 OS.
When I use Squid directly from an client computer, websites are cached well.But if I use my setup with pfSense, I can't reach websites (http).
My clients are behind the LAN interface with their own subnet 192.168.4.0/24.
My Squid is behind the DMZ interface, also in his own subnet 192.168.3.65/26.I have enabled port forwarding with:
- interface: LAN
- Ext add: any
- Proto: TCP
- Ext port range: HTTP to other
- Nat IP: 192.168.3.71 (IP of my Squid server in DMZ)
- Local port: other 3128
If I disable this port forwarding, surfing is going well.
With this setup I'm getting the error "The requested URL could not be retrieved (Invalid URL)
Any suggestions?
Many thanks
Kris -
Excuse me for this bump, I'm still looking how to solve this.
-
I don't like to kick up threats, sorry about that.
But I really need a solution for this.
We want to keep our external (in our DMZ, not on a geographic other place) Squid cache server, but without a solution for this problem, we cant.I can't believe I would be the first one who wants to use pfSense and an external Squid server …
We also used OpenBSD as firewall in the past, then we just had to add this rule:
rdr on $lan_if proto tcp to port 80 -> $proxy_servers port 3128I don't want to give up, I find pfSense a great product ...
Thanks
-
From what i read, you could install the squid package on the pfSense and define an upstream proxy which will have everything directed to.
(not sure about that).