PfSense and external Squid server
I'm setting up a test environment with pfSense (in fail-over) to learn it and use it later in production.
Now I'm having a problem with my proxy server.
I have an external Squid proxy server setup, default port 3128 on a Ubuntu 8.04 OS.
When I use Squid directly from an client computer, websites are cached well.
But if I use my setup with pfSense, I can't reach websites (http).
My clients are behind the LAN interface with their own subnet 192.168.4.0/24.
My Squid is behind the DMZ interface, also in his own subnet 192.168.3.65/26.
I have enabled port forwarding with:
- interface: LAN
- Ext add: any
- Proto: TCP
- Ext port range: HTTP to other
- Nat IP: 192.168.3.71 (IP of my Squid server in DMZ)
- Local port: other 3128
If I disable this port forwarding, surfing is going well.
With this setup I'm getting the error "The requested URL could not be retrieved (Invalid URL)
Excuse me for this bump, I'm still looking how to solve this.
I don't like to kick up threats, sorry about that.
But I really need a solution for this.
We want to keep our external (in our DMZ, not on a geographic other place) Squid cache server, but without a solution for this problem, we cant.
I can't believe I would be the first one who wants to use pfSense and an external Squid server …
We also used OpenBSD as firewall in the past, then we just had to add this rule:
rdr on $lan_if proto tcp to port 80 -> $proxy_servers port 3128
I don't want to give up, I find pfSense a great product ...
GruensFroeschli last edited by
From what i read, you could install the squid package on the pfSense and define an upstream proxy which will have everything directed to.
(not sure about that).