Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Force specific outgoing traffic through a remote transparent proxy?

    Scheduled Pinned Locked Moved NAT
    2 Posts 2 Posters 3.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      antidigerati
      last edited by

      Hi all.

      I live in Canada and would like to redirect certain outgoing traffic (to Pandora, Hulu, etc) through a transparent proxy I have setup in the US.

      This is almost do-able through the GUI by setting up a Proxy ARP VIP for x.x.x.x/24 then matching on that VIP as the "External Address" on the Port Forward page. Unfortunately when the actual PF "rdr" rule is constructed the /24 is ignored and instead uses /32 which causes problems with the matching. I'm thinking the "/24" in this config area isn't what I think it is.  :-\

      Instead I inserted some PHP code in filter.inc that adds custom "rdr" rules based on a separate config file that I edit as needed.
      This approach is working great but of course is "unsupported" and will break during any upgrades. It does mean I can inject whatever rdr rule that PF supports.

      Is there a way to accomplish what I want through the GUI? Does the 2.0 beta support this type of functionality?

      The type of rule I want to construct would look like:

      rdr on $LAN proto { tcp udp } from any to $PANDORA_IP/24 port { 80 } -> $REMOTE_TRANSPARENT_SQUID_PROXY port 3128

      Any thoughts appreciated.
      Dylan

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        There is some work happening in 2.0 right now to increase the functionality of the port forward page, and I think what you want to do may be possible in the near future if not already.

        As for the proxy ARP IP setting, that is not a subnet mask per se, it will create a range of individual proxy arp IPs.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.