Tricky Setup: Multi-Router, Multi-WAN, SquidGuard. Please help.



  • I'm most of the way there, just getting stuck on a few key points and your help would be greatly appreciated.

    My network has a sonicwall 3060 (192.168.0.1) which handles 1 internet connection and all our client sites VPN connections (10.0.x.0) -where x is different for each site.
    I have a pfSense box running dual-WAN (192.168.0.2) which is working great thanks to some help from this forum earlier in the year. this is used for our general browsing and email access.
    I am now implementing another pfSense proxy box (192.168.0.3) which is installed in a VM. Got it up and running with 1 nic, squid and squidguard configured and tested fine. not transparent so ive entered my proxy settings on my pc as 192.168.0.3:8080. this proxy points to the other pfSense box as the gateway.

    First problem I'm having is from my pc I now cannot get to the management interface of the gateway box. Seems to get stuck at the proxy. It doesn't block it but the browser cannot find the address. Is there a firewall rule or something I need to put in place to be able to access this?

    Also I would like to be able to use the proxy for the client sites. Do I just add a rule on the sonicwall to point anything for :8080 to the proxy and then do I also need to add a rule on the other pfSense box to allow those 10.0.x.0 subnets to use it?

    Last thing is if I tick the transparent proxy option will all this work without me needing to add the proxy details on the computers or do they need to be pointing to the proxy server as their gateway?

    Keep in mind before anyone suggests anything overly drastic. The sonicwall has to stay. I'm not about to go changing 100+ vpn connections as this is a production environment. I've already tried having the squid+squidguard setup on the same pfsense install with the multi-wan and it was problematic. I got multiwan working but once squid was configured everything ended up only using 1 wan again, hence the separate install. Also of the 100+ client sites only about 10-15 will be using the proxy.

    [local pc]  >  [pfS proxy]  >  [pfS router]  >  [internet]
    (stuck trying to access router but can get internet)

    [client site pc]  >  [VPN to sonicwall]  >  [pfS proxy]  >  [pfS router]  >  [internet]
    (haven't implemented yet. Need advice before attempting as I don't want to break anything.)

    Many many thanks for any helpful advice given. Let me know if more info is required.



  • Configure the proxy server ip & port in ur local  pc's browser


Locked