External Proxy using NAT



  • Hi I am using pfsense 2.0,

    My setup got 3 NIC, one WAN (PPPoE), one LAN (172.25.55.102) and one DMZ (172.25.55.103). The LAN and DMZ is bridged together.

    LAN default gateway via PPPoE (which uses proxy within the box) - where the originating IP will be a dynamic IP provided by the ISP.

    In order for the LAN client to access using fixed IP, the LAN client must use DMZ's gateway IP (172.25.55.253), which need it to have a different proxy IP (172.16.254.16 at port 8080). - I need this fixed IP to access some servers which only allow by originating IP, and I am setting a static route for this.

    At the moment besides than getting the static route to accomplish this, I had to manually set the IP, Gateway and Proxy settings.

    I had tried creating NAT –> Port Forward:

    Interface: LAN
    Protocol: TCP
    Destination: Single Host & <ip of="" my="" a="" server="" which="" require="" passing="" by="" proxy="">Destination Port: HTTP
    Redirect target IP: <ip of="" my="" other="" proxy="" server="" in="" another="" subnet="">Redirect target Port: 8080
    NAT reflection: use system default

    Anything that I miss?</ip></ip>



  • The better solution (imho) for this would be via WPAD. Providing a proxy config script to the clients for accessing some servers through a different proxy.



  • I am not very sure on your recommendation, as I am running a transparent proxy at my pfsense box, only certain IP which I have made the static route via my DMZ Gateway need this other proxy server.

    In other words, if the http traffic routed via my DMZ gateway, I need it to be redirected to other proxy server IP and port



  • If you are running a proxy on your pfSense already and all the clients are using that, it should be possible to set a upstream proxy for those specific hosts in the squid ACLs?



  • Thank you for the reply,

    My pfsense box proxy (with squidguard+havp) are having different rules then what my external proxy box. If there are specific content requested by my client, there is a static route via my other gateway, which should pass this non-transparent proxy there.

    Hope you could help me out.



  • I am not sure if my question is something sounds stupid, but I seriously want to know, and I guess many of us have alike situation. Any so called expert could respond to my question?


Log in to reply