Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Bridge Mode forward port 80 to 8080 from LAN doesn't work

    Scheduled Pinned Locked Moved NAT
    2 Posts 2 Posters 2.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      thec0dy
      last edited by

      Here is an overview of what I have. 1 virtual server linked to 2 physical NICs. 1 NIC is the WAN and the other is the LAN.

      [Cisco 10.100.0.1] –-> [pfSense (WAN) 10.100.0.254] –-> [pfSense (LAN) 10.100.0.253] –-> [Switch to PCs]

      I created a NAT the would forward all traffic from the LAN with the destination port of 80 to redirect to 10.100.0.253 port 8080. This is DansGuardian which listens on the LAN and uses Squid on 127.0.0.1 3128 listening on localhost.

      I would like for traffic to pass through the LAN port get filtered for websites and continue the journey out to the WAN if allowed. Now the proxy 8080 works in IE with the proxy settings. So I know it has to be something with my NAT. I noticed on some sites it mentioned you could not have the NAT on the same interface, but I am unsure if that applies here, or even how to fix it.

      1 Reply Last reply Reply Quote 0
      • T
        TravisAustin
        last edited by

        I'm not understanding your question fully.  You want to screen ALL outbound traffic to web sites right?  So what is not working, and what happens instead.

        You are correct that you cannot redirect traffic on one network segment back to a host in the same segment, unless if appears to be addressed outside the segment so that it gets routed to the gateway.  Think about it:  why would the switches and hosts bother addressing the gateway firewall if they are trying to reach a sibling host on their same subnet?  So hosts on the LAN are welcome to access their peers' http port without the firewall, but I think this is not your main concern.

        Are you trying to do what captive portal does, maybe?  Might look at that.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.