Squid is on LAN, I want to pass all http acces to this system…

  • I have to do firewall port forward?

    interface: wan?

    destionation: wan except ip of squid machine and pfsense machine?

    port: 80

    redirect ip: ip of squid

    port: 3128

  • More data on squid machine is web server (port 80 and 3128 are also NAT-ed :)

  • Rebel Alliance Developer Netgate

    You need a bit more complicated rule than that.

    If you want your LAN clients' http traffic transparently redirected to the squid server, it needs to be more like:

    Interface: LAN

    Source Type: Single Host
    Source address: IP of the squid box
    Destination: any (Or you could check NOT and put the IP of the firewall there, too, or use an alias containing local/vpn networks)
    Destination Port: 80
    Redirect target ip: IP of the squid box
    Redirect target port: 3128 (or whatever port you have squid listening for transparent connections on)

    I think that should work, though generally it is recommended to put the squid box on a separate interface from where the clients are entering, then you don't have to use the source part of that redirect.

Log in to reply