Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    External Proxy using NAT

    Scheduled Pinned Locked Moved NAT
    6 Posts 2 Posters 3.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mynullvoid
      last edited by

      Hi I am using pfsense 2.0,

      My setup got 3 NIC, one WAN (PPPoE), one LAN (172.25.55.102) and one DMZ (172.25.55.103). The LAN and DMZ is bridged together.

      LAN default gateway via PPPoE (which uses proxy within the box) - where the originating IP will be a dynamic IP provided by the ISP.

      In order for the LAN client to access using fixed IP, the LAN client must use DMZ's gateway IP (172.25.55.253), which need it to have a different proxy IP (172.16.254.16 at port 8080). - I need this fixed IP to access some servers which only allow by originating IP, and I am setting a static route for this.

      At the moment besides than getting the static route to accomplish this, I had to manually set the IP, Gateway and Proxy settings.

      I had tried creating NAT –> Port Forward:

      Interface: LAN
      Protocol: TCP
      Destination: Single Host & <ip of="" my="" a="" server="" which="" require="" passing="" by="" proxy="">Destination Port: HTTP
      Redirect target IP: <ip of="" my="" other="" proxy="" server="" in="" another="" subnet="">Redirect target Port: 8080
      NAT reflection: use system default

      Anything that I miss?</ip></ip>

      1 Reply Last reply Reply Quote 0
      • S
        SeventhSon
        last edited by

        The better solution (imho) for this would be via WPAD. Providing a proxy config script to the clients for accessing some servers through a different proxy.

        1 Reply Last reply Reply Quote 0
        • M
          mynullvoid
          last edited by

          I am not very sure on your recommendation, as I am running a transparent proxy at my pfsense box, only certain IP which I have made the static route via my DMZ Gateway need this other proxy server.

          In other words, if the http traffic routed via my DMZ gateway, I need it to be redirected to other proxy server IP and port

          1 Reply Last reply Reply Quote 0
          • S
            SeventhSon
            last edited by

            If you are running a proxy on your pfSense already and all the clients are using that, it should be possible to set a upstream proxy for those specific hosts in the squid ACLs?

            1 Reply Last reply Reply Quote 0
            • M
              mynullvoid
              last edited by

              Thank you for the reply,

              My pfsense box proxy (with squidguard+havp) are having different rules then what my external proxy box. If there are specific content requested by my client, there is a static route via my other gateway, which should pass this non-transparent proxy there.

              Hope you could help me out.

              1 Reply Last reply Reply Quote 0
              • M
                mynullvoid
                last edited by

                I am not sure if my question is something sounds stupid, but I seriously want to know, and I guess many of us have alike situation. Any so called expert could respond to my question?

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.