Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Patch improving anti-lockout, also squid

    NAT
    1
    1
    1.7k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      hcoin
      last edited by

      The web-interface anti-lockout rule would benefit from an enhancement to prevent redirecting lan traffic away from the pfsense box port 80.    With this added, you can use the regular pfsense port forward to redirect port 80 to a lanside box running  transparent squid proxy without blocking access to the pfsense web interface.

      Recipe:  Create up a vlan on pfsense and the squid box, have the squid box send all its outgoing requests aimed at the vlan gateway on pfsense.  Then add a port forward rule on the lan interface sending all the port 80 traffic to the vlan squid box ip.  Don't forget to create a outbound nat on the vlan interface to translate all lan requests to the vlan interface– otherwise squid box replies rom browser requests on the squid box will get lost.  Anyhow, here's the filter.inc change to preserve access to the pfsense web interface when otherwise forwarding port 80 on the lan interface:

      --- /home/quiet/Desktop/filter.inc 2010-04-24 21:29:40.000000000 -0500
      +++ filter.inc 2010-04-24 12:37:43.000000000 -0500
      @@ -629,6 +629,9 @@

      $natrules .= "# FTP proxy\n";
      $natrules .= "rdr-anchor "pftpx/*"\n";

      • if (!isset($config['system']['webgui']['noantilockout'])) {
      • $natrules .= "no rdr on $lanif inet proto tcp from any to $lanip port = http\n";
      • }

      update_filter_reload_status("Creating 1:1 rules…");

      @@ -3342,4 +3345,4 @@

      }

      Cheers and thanks for such a great project.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.