Pfsense, Squid, etc… need an advice

  • Hello to everyone,

    I would like to ask some questions:

    1. Can I do configuration like this (I only have two WAN static IP):

    Internet line1–---PFsense (one static IP X)---Squid-------|
                                      |                                            |--- Server Apache A (,
                                      |                                            |                                
                                      |                                            |--- Server Apache B (,
                                      |(load balancing &                     |
                                      | failover)                                |--- Server Apache C (,
                                      |                                            |
                                      |                                            |
    Internet line2-----PFsense (one static IP Y)-----Squid----

    The whole point of this scheme is using just one static IP for redirecting request by squid on port80 to different apache servers.
    But I don't know is it logical and correct.

    2. Can I install in both PFsense TinyDNS packages and use them as name servers (DNS servers) for couple hundreds domains. It is for small hosting.

    3. Is there any way to configure PFsense with just ONLY ONE WAN STATIC IP to handle combination like this

    |–-- Apache server A,, port80,
                                                    |-----Apache server B,, port80,
    PFsense with one static WAN IP-----|---- Apache server C, port80,
                                                    | -----Apache server D, port80,
                                                    |-----Apache server E,  port80,

    Thanks in advance.

  • Netgate Administrator

    3. Yes but it's not straight forward. In order to redirect the incoming requests using host headers for routing you need to install a reverse proxy. There are a number of posts on the forum on this subject, here's one to get you started:,33566.0.html


  • Steve, big thanks for your answer! You point me to the right direction. I am using 1.2.3 version and as for packages, stable versions has only Squid and vHosts which uses the lighttpd web server that is already installed in it. Does someone know, is it possible to do such configurations with these packages not using CLI, but only from GUI? Are they stable enough or should i look into Pfsense 2.0 version/packages if it has it?

    I noticed and Proxy Server with mod_security package, but it is marked as ALPHA. Is there people using it in production environment and having success?

  • Netgate Administrator

    Unfortunately there doesn't seem to be any way to do this from the GUI only at this time.  :(
    Squid definitely not.
    Pound is CLI only, not a pfSense package.
    HAProxy, don't know. I've never used it but it's a package from pfSense devs so it will be well supported.

    How bad do you want this? You could offer a bounty for someone to turn pound into a package.
    I've no idea how much it would take, time/money.


    Edit: looks like you can with HAProxy:

  • I just wondering if it is possible (my question 3.) to do with existing packages. I have couple of workstations/servers where I plan to host some domains. Nothing big about that.
    Because of lack of computers I thought about economic variant - to set up cache and reverse proxy on top of PFsense. It is sad that I can't do it in easy way logged on PFsense GUI area, but one more time thanks for your information. Actualy hard to believe that such big product does not have this funkctionality.

  • Netgate Administrator

    It looks like you can do it with the haproxy package. I'm not sure if you can do it all from the gui, I've never used it.
    If you just have a few domains why not host them all on one machine and avoid the problem?
    I just stumbled across this thread. You might get more/better help if you started a thread in the packages section.


    Edit: Here's a post explaining how to do it on pfSense 1.2.3:,21748.msg118061.html#msg118061

  • Steve one more time thank you for info and searched links. The great news is that seems I do not need to write into config every website domain together with IP address of the server.
    HAproxy let write just IP address of servers and then requets searching the necessary server for website by his own, if I understood correctly? If anyone knows more way to achieve this goals, please let me know.