Redundancy Transparent Proxy server using pfSense



  • hi all,

    i have a questions, whether it is possible to do a redundancy transparent proxy firewall using pfSense?if yes, can you show me how?..if no, can you tell me why?..refer this link for more details http://img824.imageshack.us/i/redundancytransparentpr.png/..ok from the modem or internet, the connection will be go to pfSense firewall, then the firewall will pass the traffic to example proxy 1..before going to LAN…so if Proxy 1 fails, it will directly go to proxy 2..then when proxy 1 active back...proxy 2 will be in standby mode back....so from this, can i set a rules at firewall to go to a certain IP address, if one IP address is fail?...please guide me, as i am new to this..

    FYI, i'm doing this for my final year project at my university...to implement a redundancy transparent proxy server in a small LAN consist less then 20 client to measure the performance of the network.

    regards
    gendit

    thanks :)



  • not to highjack but what did you use to make the png?? I want to make a picture of my setup for something but dont know what people are using to get the lightning bolt thing and the pictures like the firewall and desktops and what not. Thanks



  • As for the chart, maybe here…
    http://www.gliffy.com/



  • Yes, this can be done, with slight modifications to your plan.  If you place the proxy servers inside a separate network segment, you can then intercept the outbound HTML traffic and redirect it, either load balanced or in a failover configuration to your proxy servers.  We did exactly this configuration for a client who was pushing sustained 100mb through that system and it works flawlessly in 1.2.3.  If I remember correctly, there were some minor modifications that needed to be done to pfSense in order to support load balancing from a CARP IP and that work was done by the BSDPerimeter guys under contract (can't recommend their work highly enough btw).  I suspect all this can be done off the shelf inside pfSense 2.0, but I've never set it up.  As always, the limitation of this setup is that only HTTP, HTTPS will not proxy transparently.


Locked