Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Tricky Setup: Multi-Router, Multi-WAN, SquidGuard. Please help.

    Scheduled Pinned Locked Moved Routing and Multi WAN
    2 Posts 2 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      skyrice
      last edited by

      I'm most of the way there, just getting stuck on a few key points and your help would be greatly appreciated.

      My network has a sonicwall 3060 (192.168.0.1) which handles 1 internet connection and all our client sites VPN connections (10.0.x.0) -where x is different for each site.
      I have a pfSense box running dual-WAN (192.168.0.2) which is working great thanks to some help from this forum earlier in the year. this is used for our general browsing and email access.
      I am now implementing another pfSense proxy box (192.168.0.3) which is installed in a VM. Got it up and running with 1 nic, squid and squidguard configured and tested fine. not transparent so ive entered my proxy settings on my pc as 192.168.0.3:8080. this proxy points to the other pfSense box as the gateway.

      First problem I'm having is from my pc I now cannot get to the management interface of the gateway box. Seems to get stuck at the proxy. It doesn't block it but the browser cannot find the address. Is there a firewall rule or something I need to put in place to be able to access this?

      Also I would like to be able to use the proxy for the client sites. Do I just add a rule on the sonicwall to point anything for :8080 to the proxy and then do I also need to add a rule on the other pfSense box to allow those 10.0.x.0 subnets to use it?

      Last thing is if I tick the transparent proxy option will all this work without me needing to add the proxy details on the computers or do they need to be pointing to the proxy server as their gateway?

      Keep in mind before anyone suggests anything overly drastic. The sonicwall has to stay. I'm not about to go changing 100+ vpn connections as this is a production environment. I've already tried having the squid+squidguard setup on the same pfsense install with the multi-wan and it was problematic. I got multiwan working but once squid was configured everything ended up only using 1 wan again, hence the separate install. Also of the 100+ client sites only about 10-15 will be using the proxy.

      [local pc]  >  [pfS proxy]  >  [pfS router]  >  [internet]
      (stuck trying to access router but can get internet)

      [client site pc]  >  [VPN to sonicwall]  >  [pfS proxy]  >  [pfS router]  >  [internet]
      (haven't implemented yet. Need advice before attempting as I don't want to break anything.)

      Many many thanks for any helpful advice given. Let me know if more info is required.

      1 Reply Last reply Reply Quote 0
      • B
        benson4u2c
        last edited by

        Configure the proxy server ip & port in ur local  pc's browser

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.