• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Patch improving anti-lockout, also squid

Scheduled Pinned Locked Moved NAT
1 Posts 1 Posters 1.7k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • H
    hcoin
    last edited by Apr 25, 2010, 10:50 PM Apr 25, 2010, 2:44 AM

    The web-interface anti-lockout rule would benefit from an enhancement to prevent redirecting lan traffic away from the pfsense box port 80.    With this added, you can use the regular pfsense port forward to redirect port 80 to a lanside box running  transparent squid proxy without blocking access to the pfsense web interface.

    Recipe:  Create up a vlan on pfsense and the squid box, have the squid box send all its outgoing requests aimed at the vlan gateway on pfsense.  Then add a port forward rule on the lan interface sending all the port 80 traffic to the vlan squid box ip.  Don't forget to create a outbound nat on the vlan interface to translate all lan requests to the vlan interface– otherwise squid box replies rom browser requests on the squid box will get lost.  Anyhow, here's the filter.inc change to preserve access to the pfsense web interface when otherwise forwarding port 80 on the lan interface:

    --- /home/quiet/Desktop/filter.inc 2010-04-24 21:29:40.000000000 -0500
    +++ filter.inc 2010-04-24 12:37:43.000000000 -0500
    @@ -629,6 +629,9 @@

    $natrules .= "# FTP proxy\n";
    $natrules .= "rdr-anchor "pftpx/*"\n";

    • if (!isset($config['system']['webgui']['noantilockout'])) {
    • $natrules .= "no rdr on $lanif inet proto tcp from any to $lanip port = http\n";
    • }

    update_filter_reload_status("Creating 1:1 rules…");

    @@ -3342,4 +3345,4 @@

    }

    Cheers and thanks for such a great project.

    1 Reply Last reply Reply Quote 0
    1 out of 1
    • First post
      1/1
      Last post
    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
      This community forum collects and processes your personal information.
      consent.not_received