Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Transparent bridge and web redirection (not squid)

    Scheduled Pinned Locked Moved Routing and Multi WAN
    3 Posts 2 Posters 1.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      scoob8000
      last edited by

      I'm trying to set up pfsense as transparent bridge to use on a public network.

      DHCP, and ICMP needs to be able to pass, and then I want to redirect all outbound
      http requests to a public webserver in order display a message to users.

      Much like a captive portal that has no exit.

      I've been able to make this work sans the redirection..  Is this even possible?

      1 Reply Last reply Reply Quote 0
      • S
        scoob8000
        last edited by

        FWIW, Here is how I'm doing this now with iptables..

        Again this is on a RH box with both interfaces setup as a bridge.

        Chain PREROUTING (policy ACCEPT)
        num  target    prot opt source              destination       
        1    DNAT      tcp  – 0.0.0.0/0          0.0.0.0/0          tcp dpt:80 to:xxx.xxx.xxx.xxx:88

        Where xxx.xxx.xxx.xxx is my webserver I'm redirecting my users to.

        1 Reply Last reply Reply Quote 0
        • jimpJ
          jimp Rebel Alliance Developer Netgate
          last edited by

          Port forward on the LAN interface (or whatever internal interface)

          Interface: LAN
          Protocol TCP
          Source: LAN/internal subnet
          Source port: any
          Destination: any
          Destination port: 80
          Redirect Target IP: server ip to redirect toward
          Redirect Target Port: whatever port your proxy is running on

          That would do it on a normal system, not sure if the bridge might make that fail in some way. Usually you can't reflect back out the same interface it comes in, so your proxy should be on a DMZ or other internal interface. If it's in the same subnet as the bridged interface(s), I don't think it would allow the redirect to work properly.

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.