Setting up transparent proxy on LAN server

  • I have a low-power pfsense 1.2.3 box with two interfaces LAN & WAN.
    I want to have a transparent squid proxy with a large disk cache that I can't put on the pfsense box itself so I set it up on a server on the LAN side.

    I want all outgoing WWW traffic from the LAN to be redirected to SERVER:3128 and then allow WWW traffic from SERVER to leave the LAN.

    I tried setting up a NAT port forward on the LAN side to redirect all traffic on LAN port 80 to SERVER:3128, but there didn't appear to be a way to
    allow port 80 traffic from SERVER (which is also on the LAN) to flow out to the WAN.

    I could install the squid proxy on pfsense and then use that port for the traffic from SERVER, but I am trying to avoid having the pfsense box do any more processing than needed.  Nor create a way for the proxy to be bypassed.

    What is the right way to do this?  Why isn't there a field in the DHCP protocol to just tell clients what http proxy to use they will use this by default?


  • Have you tried searching the forum? There have been any number of threads on this, including this one.

    The standard for telling clients what proxy to use is called WPAD. It is trivial to set up and just about all modern browsers support it.

Log in to reply