Help nating or proxy



  • Hello, i've been searching and searching and can't seem to come up with an easy way to setup a reverse proxy (i think thats what i need) with pfsense even with the squid package installed. (squid seems to only work in a web-proxy mode). I am running PfSense 1.2.3

    Basically I have the need to tighten down a few machines on our network and the idea was to drop a pfsense box in front of them to handle all of their DHCP, etc running behind a sonicwall. so:

    internet –> Sonicwall (192.168.254.254)--> switch -->unsecured subnet(192.168.254.0/24)
                                                                   |___-->pfsense (10.5.2.1)--> secured subnet(10.5.2.0/24)

    the machines on the secured subnet need to have access to servers running in the unsecured subnet. Of course i could just setup some routes so everything can talk and play nice... but then what would be the purpose of the PFsense? lol.

    The users in the secured subnet will need normal internet access for browsing etc (will lock that down later) and will need to be able to communicate with our Domain Controller etc...

    There is 1 server in particular they absolutely need to have access too, but i would like to but the real address needs to remain hidden for security reasons. I would like to setup some sort of proxy service here so that the users could type in something on their secured subnet (such as 10.5.2.100) and the pfsense box would automatically forward all of that traffic destined to that address over to 192.168.254.80 or something. basically making it appear that 10.5.2.100 is the server the clients on the secured subnet are connected too.

    This may be whats needed for the other servers running in the unsecured subnet as well... i dont know what is best practice?

    The secure subnet needs to be locked down so that if someone got into our network they would not be able to get past the pfsense box and run wild on that secure subnet. so i guess making it "invisible" is the best approach (what you can't see, you can't hack lol)... i'm just unsure of how to accomplish this wtih pfsense, and there doens't seem to be good walk-throughs for those of use who are not familiar with pfsense (i'm a mikrotik RouterOS guy myself).


Log in to reply