Force specific outgoing traffic through a remote transparent proxy?



  • Hi all.

    I live in Canada and would like to redirect certain outgoing traffic (to Pandora, Hulu, etc) through a transparent proxy I have setup in the US.

    This is almost do-able through the GUI by setting up a Proxy ARP VIP for x.x.x.x/24 then matching on that VIP as the "External Address" on the Port Forward page. Unfortunately when the actual PF "rdr" rule is constructed the /24 is ignored and instead uses /32 which causes problems with the matching. I'm thinking the "/24" in this config area isn't what I think it is.  :-\

    Instead I inserted some PHP code in filter.inc that adds custom "rdr" rules based on a separate config file that I edit as needed.
    This approach is working great but of course is "unsupported" and will break during any upgrades. It does mean I can inject whatever rdr rule that PF supports.

    Is there a way to accomplish what I want through the GUI? Does the 2.0 beta support this type of functionality?

    The type of rule I want to construct would look like:

    rdr on $LAN proto { tcp udp } from any to $PANDORA_IP/24 port { 80 } -> $REMOTE_TRANSPARENT_SQUID_PROXY port 3128

    Any thoughts appreciated.
    Dylan


  • Rebel Alliance Developer Netgate

    There is some work happening in 2.0 right now to increase the functionality of the port forward page, and I think what you want to do may be possible in the near future if not already.

    As for the proxy ARP IP setting, that is not a subnet mask per se, it will create a range of individual proxy arp IPs.


Log in to reply