• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

PfSense and external Squid server

Scheduled Pinned Locked Moved pfSense Packages
4 Posts 2 Posters 3.0k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • S Offline
    Scormen
    last edited by Jan 3, 2010, 5:58 PM

    Hi all,

    I'm setting up a test environment with pfSense (in fail-over) to learn it and use it later in production.
    Now I'm having a problem with my proxy server.

    I have an external Squid proxy server setup, default port 3128 on a Ubuntu 8.04 OS.
    When I use Squid directly from an client computer, websites are cached well.

    But if I use my setup with pfSense, I can't reach websites (http).

    My clients are behind the LAN interface with their own subnet 192.168.4.0/24.
    My Squid is behind the DMZ interface, also in his own subnet 192.168.3.65/26.

    I have enabled port forwarding with:

    • interface: LAN
    • Ext add: any
    • Proto: TCP
    • Ext port range: HTTP to other
    • Nat IP: 192.168.3.71 (IP of my Squid server in DMZ)
    • Local port: other 3128

    If I disable this port forwarding, surfing is going well.

    With this setup I'm getting the error "The requested URL could not be retrieved (Invalid URL)

    Any suggestions?

    Many thanks
    Kris

    1 Reply Last reply Reply Quote 0
    • S Offline
      Scormen
      last edited by Jan 9, 2010, 9:21 AM

      Excuse me for this bump, I'm still looking how to solve this.

      1 Reply Last reply Reply Quote 0
      • S Offline
        Scormen
        last edited by Jan 10, 2010, 3:52 PM

        I don't like to kick up threats, sorry about that.

        But I really need a solution for this.
        We want to keep our external (in our DMZ, not on a geographic other place) Squid cache server, but without a solution for this problem, we cant.

        I can't believe I would be the first one who wants to use pfSense and an external Squid server …

        We also used OpenBSD as firewall in the past, then we just had to add this rule:
        rdr on $lan_if proto tcp to port 80 -> $proxy_servers port 3128

        I don't want to give up, I find pfSense a great product ...

        Thanks

        1 Reply Last reply Reply Quote 0
        • G Offline
          GruensFroeschli
          last edited by Jan 10, 2010, 9:30 PM

          From what i read, you could install the squid package on the pfSense and define an upstream proxy which will have everything directed to.
          (not sure about that).

          We do what we must, because we can.

          Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

          1 Reply Last reply Reply Quote 0
          4 out of 4
          • First post
            4/4
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received