Bridge Mode forward port 80 to 8080 from LAN doesn't work



  • Here is an overview of what I have. 1 virtual server linked to 2 physical NICs. 1 NIC is the WAN and the other is the LAN.

    [Cisco 10.100.0.1] –-> [pfSense (WAN) 10.100.0.254] –-> [pfSense (LAN) 10.100.0.253] –-> [Switch to PCs]

    I created a NAT the would forward all traffic from the LAN with the destination port of 80 to redirect to 10.100.0.253 port 8080. This is DansGuardian which listens on the LAN and uses Squid on 127.0.0.1 3128 listening on localhost.

    I would like for traffic to pass through the LAN port get filtered for websites and continue the journey out to the WAN if allowed. Now the proxy 8080 works in IE with the proxy settings. So I know it has to be something with my NAT. I noticed on some sites it mentioned you could not have the NAT on the same interface, but I am unsure if that applies here, or even how to fix it.



  • I'm not understanding your question fully.  You want to screen ALL outbound traffic to web sites right?  So what is not working, and what happens instead.

    You are correct that you cannot redirect traffic on one network segment back to a host in the same segment, unless if appears to be addressed outside the segment so that it gets routed to the gateway.  Think about it:  why would the switches and hosts bother addressing the gateway firewall if they are trying to reach a sibling host on their same subnet?  So hosts on the LAN are welcome to access their peers' http port without the firewall, but I think this is not your main concern.

    Are you trying to do what captive portal does, maybe?  Might look at that.


Locked