-
Are both hosted on the same WAN IP of your setup??
-
Yes they are. Does that carry any significance?
[edit]
Silly me, of course it does!
How should I do this? -
Then how do you plan to route the traffic when it enters the PFSense???
Edit: Ok….then PFSense would not be able to handle the traffic.....it has to be header based routing and that takes L7 capability.
Squid could be an option for solving this, but I am not that much into Squid.
I use ISAserver from Microsoft to handle my L7 traffic. I only use PFSense as a frontend....
But this will change the moment PF can handle L7 and publish all what is behind ....
Yes they are. Does that carry any significance?
-
I'm realizing just how stupid I can be by the second.
I don't want to have to do port forwarding but I will if I must. Suggestions?
[Edit]
Aha, so I was given good advice (re L7)!
Well, then my question is now whether PFsense's L7 implementation (which I currently see as "block" only) will encompass this?
-
Thats the only current way to do it at the moment.
I'm realizing just how stupid I can be by the second.
I don't want to have to do port forwarding but I will if I must. Suggestions?
-
dagnabit!
I tried squid before but Lordy did it slow down the whole network.
Is there a reference on squid and pfsense? I could have easily bungled the whole thing.
-
http://www.squid-cache.org/
-
Pffft!
I just downloaded ISA off of MSDN, figuring I should use it. Now, here's the irony, it doesn't run on a 64bit computer. All our servers are 64bit computers.
Squid it is.
-
Just put it in a virtual pc running 32 bit… ;)
Pffft!
I just downloaded ISA off of MSDN, figuring I should use it. Now, here's the irony, it doesn't run on a 64bit computer. All our servers are 64bit computers.
Squid it is.
-
And another thing, I'm starting to hate today real bad, I installed squid about an hour ago, and now it won't uninstall. Tried going to the command line and typed "pkg_info" but its not there, meanwhile, looking at the list of installed packages, its there and will not go away. Rebooting is not helping.
Man, you're hating me now aren't you? :)
Thank you LOADS for putting up with me today man, real nice of you.
-
No worries :)
-
I tried squid before but Lordy did it slow down the whole network.
Is there a reference on squid and pfsense? I could have easily bungled the whole thing.
http://forum.pfsense.org/index.php/topic,7186.msg59302.html#msg59302
http://doc.pfsense.org/index.php/Squid_Package_TuningTry those. I've been quite happy with squid on 1.2.3, but it did require some tweaking as per above. I think some of the noted changes are automatically adjusted in 2.0.
-
Nice, thanks, but would you know of any decent "tutorials" on how to work with squid? Or should I stick to what's available on their site?
Also, a question that is begging to be answered now is whether anyone knows if PFsense 2.0 is coming out with an answer to my predicament in its release build?
-
Nice, thanks, but would you know of any decent "tutorials" on how to work with squid? Or should I stick to what's available on their site?
You might try this one. It's not really in-depth, as I recall, and he's running it on Linux rather than pfsense, but it's the only thing I know of off hand.
http://www.anandtech.com/show/3715/family-proxy
-
Nice, thanks, but would you know of any decent "tutorials" on how to work with squid? Or should I stick to what's available on their site?
There is a lot of info here on the forum, and also on the doc wiki:
http://doc.pfsense.org/index.php/Setup_Squid_as_a_Transparent_Proxy
http://doc.pfsense.org/index.php/SquidGuard_packageBut they don't cover doing what you are asking originally
Also, a question that is begging to be answered now is whether anyone knows if PFsense 2.0 is coming out with an answer to my predicament in its release build?
What you want to do, route traffic based on hostname, is best accomplished by a lightweight reverse proxy of some kind, not necessarily squid. There are packages for haproxy, mod_security, and varnish, I believe they can all do this.
-
Layer7 is application layer….not only for routing, but defending of unwanted traffic and hacking....That is why it is so effective!
-
That is why it is so effective!
I do not agree with you but hey anybody buys what fits him.
-
That was a very informative post…:(
Could you give examples of WHY NOT?
@ermal:
That is why it is so effective!
I do not agree with you but hey anybody buys what fits him.
-
Also, a question that is begging to be answered now is whether anyone knows if PFsense 2.0 is coming out with an answer to my predicament in its release build?
What you want to do, route traffic based on hostname, is best accomplished by a lightweight reverse proxy of some kind, not necessarily squid. There are packages for haproxy, mod_security, and varnish, I believe they can all do this.
Which in a roundabout way says that PFsense will not be implementing something like this, right? : ;)
Well, I've decided to take a second swing at squid since I don't want to mess up the system by installing something else from the command line. Call me a scaredy-cat.
Off topic:
Excellent job on the guide. Its sitting right in front of me on the desk :) -
True L7 is what could make pFSense into a full blown firewall…..
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.