Redirect Web Traffic from LAN to Squid Box on LAN



  • I know that this has been asked before, but so far I haven't been able to get any of the suggested solutions to work. My internal LAN is 192.168.0.*. I have a Squid server on 192.168.0.30 and pfSense 1.2.3 on 192.168.0.1.

    I want to redirect any traffic on port 80 from my LAN that does not originate from my Squid box to be redirected to my Squid box. I have been following http://forum.pfsense.org/index.php?action=post;board=3.0 . I have set up a Load Balancer:

    Type: gateway
    Servers/gateways: wan
    Port:
    Monitor: 192.168.0.30 (my Squid box)

    I have a LAN firewall rule:
    Source: !192.168.0.30
    Port: *
    Destination: *
    Port:80
    Gateway: my Squid Load Balancer

    Computers in the LAN can browse the Web. However, if I look at my Squid access log the traffic isn't being routed through Squid. If I manually set the proxy in my browser to the Squid box I can see traffic flowing through Squid. Squid is configured to run in transparent mode.

    I don't want to run Squid on the pfSense box, as there are several options I need that can't be configured from the Web GUI.

    Ian.



  • Have you tried manually assigning IP addresses to the systems on the network and set the gateway to the 192.168.0.30 box?  Some how you are going to have to tell those systems what pfSense box to route traffic through.  You may also have to tweak that pfSense box to be a router by turning off firewall in Advanced option; I've not tried this… I'm just making a suggestion.  I've done two pfSense before, but as one behind the other; I did it to keep the load down on each of my older pcs.  I had Snort on one and Squid on the other; depending on what kind of access you need on each pfSense box, that might work too.



  • if your LAN PC's has 192.168.0.1 as gateway, if the destination is not in the lan request will sent to pfsense(192.168.0.1) since its the gateway for you LAN Pc's instead set squidbox ip as Gateway to lan Pc's so that for every request from LAN PC's will go to your squid box(192.168.0.30). and pfsense as the gateway for squidbox.



  • Ugh, that is terrible, IMO (sending all the traffic to the squidbox.)  A much cleaner solution is to enable the proxy mode for your client PC's web browsers.  See this http://nscsysop.hypermart.net/setproxy.html.  Since I run my own apache web server on the LAN, I went for option #5.


Log in to reply