Advanced Proxy Setup

  • I have an interesting setup I am trying.
    I have a nice 6 port intel gigabit card and a dedicated proxy server. The proxy server has a Interfaced Masters fallover intel nic card. (IE when the proxy server is powered off the network bridges). Thus when my proxy server dies or is turned off, It should not take down my network. So here is the dilemma. I can not figure out the best way to forward web traffic from lan to the server. Each time I do it, when the serve ris powered off, the web traffic stops.

    Here is the config script I run on the debian proxy box

    ifconfig eth2 promisc up
    ifconfig eth3 promisc up
    brctl addbr br0
    brctl addif br0 eth2
    brctl addif br0 eth3
    ifconfig br0 netmask up
    route add default gw dev br0
    ebtables -t broute -A BROUTING -p IPv4 --ip-protocol 6  \
            --ip-destination-port 80 -j redirect --redirect-target ACCEPT
    iptables -t nat -A PREROUTING -i br0 -p tcp --dport 80  \
            -j REDIRECT --to-port 8118

    I am currently running Pfsense 2.0.1

    Lan network is,
    proxy network is currently on its own subnet. I assume this is the best approach.

    Please advise what sort of rules/natting would created the desired effect.

  • Is this your setup?

    Internet -> pfsense -> proxy -> lan?


    internet -> pfsense -> lan

  • My Setup is like

    internet –> pfsense ==> lan
                      | |

    Eth1 is WAN
    Eth2 is Proxy Outbound
    Eth3 is Proxy Inbound
    Eth4,5 is LACP LAN

    Ideally I want to reroute web traffic from the lan to eth2.

    My best Idea was to have Eth2 and Eth3 on the same subnet and route traffic from (eth2 to Eth3 Thus having the proxy in the middle. When the proxy fails, the Ethernet card installed in it reverts to passthrough, thus preventing the network from crashing.

    So, as far as I can tell, I just need a way to reroute outbound traffic on port 80 on Lan interface to outbound on Eth2 interface.

  • The way I can imagine this setup working is

    Internet -> pfsense -> proxy in bridge mode -> lan

    Using this way you create a nat from wan to lan web server and your proxy when online forwards it to proxy daemon.

    You have the option to install squid on pfsense.

    Internet -> pfsense -> lan

Log in to reply