PfSense and external Squid server



  • Hi all,

    I'm setting up a test environment with pfSense (in fail-over) to learn it and use it later in production.
    Now I'm having a problem with my proxy server.

    I have an external Squid proxy server setup, default port 3128 on a Ubuntu 8.04 OS.
    When I use Squid directly from an client computer, websites are cached well.

    But if I use my setup with pfSense, I can't reach websites (http).

    My clients are behind the LAN interface with their own subnet 192.168.4.0/24.
    My Squid is behind the DMZ interface, also in his own subnet 192.168.3.65/26.

    I have enabled port forwarding with:

    • interface: LAN
    • Ext add: any
    • Proto: TCP
    • Ext port range: HTTP to other
    • Nat IP: 192.168.3.71 (IP of my Squid server in DMZ)
    • Local port: other 3128

    If I disable this port forwarding, surfing is going well.

    With this setup I'm getting the error "The requested URL could not be retrieved (Invalid URL)

    Any suggestions?

    Many thanks
    Kris



  • Excuse me for this bump, I'm still looking how to solve this.



  • I don't like to kick up threats, sorry about that.

    But I really need a solution for this.
    We want to keep our external (in our DMZ, not on a geographic other place) Squid cache server, but without a solution for this problem, we cant.

    I can't believe I would be the first one who wants to use pfSense and an external Squid server …

    We also used OpenBSD as firewall in the past, then we just had to add this rule:
    rdr on $lan_if proto tcp to port 80 -> $proxy_servers port 3128

    I don't want to give up, I find pfSense a great product ...

    Thanks



  • From what i read, you could install the squid package on the pfSense and define an upstream proxy which will have everything directed to.
    (not sure about that).


Log in to reply