Transparent redirect to a separate Squid proxy
Using instructions from http://forum.pfsense.org/index.php/topic,3086.0.html, I was able to succesfully redirect web traffic (port 80) to my Squid proxy running on a separate computer.
However, in the Squid access log, the IP address of pfSense firewall is recorded as the one making the request (not the particular workstation which actually did). This causes some problems for us as we do from time to time need to see precisely which machine was accessing what. Using a NAT rule makes all traffic from our internal machines get lumped under on IP address in the Squid log.
On our current Linux-based firewall/router, the redirect is accomplished via routing tables and using iptables to mark the port 80 packets. There's no NAT happening so the Squid logs have the proper client IP address listed.
Is it possible to do this with pfSense?
Think I solved my own problem: http://forum.pfsense.org/index.php/topic,4225.msg25915.html#msg25915