• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Howto : Direct transparent linux proxy on the lan

Scheduled Pinned Locked Moved Documentation
2 Posts 2 Posters 8.5k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • S
    stefb
    last edited by Oct 16, 2012, 9:07 AM Oct 16, 2012, 8:58 AM

    Hi All,

    This little howto is for people who want to use a transparent proxy without installing squid on the pfsense box (I have a alix and running squid there takes a bit too much resources in my point of view)

    First install squid on a linux box on your lan,

    On the Linux Squid Box
    in the squid config add the lines (preferably close to similar lines in the config) :

    http_port 3129 intercept # this sets up transparent proxy support

    acl localnet src 192.168.75.0/24        # replace the network with whatever your network is

    http_access allow localnet # allows your network to use the proxy

    then add an iptables rule that redirects incoming traffic for port 80 with a destination ip different from the one of the squid box to port 3129 (in this example 192.168.75.178 is the ip of the squid box)

    /sbin/iptables -A PREROUTING -t nat -i eth0 -p tcp ! -d 192.168.75.178 –dport 80 -j REDIRECT --to-port 3129

    with that rule you can still run a webserver on port 80 on the same box
    if you want to keep the rule across reboots you can add it to /etc/rc.local

    In pfSense interface:
    add a gateway with the ip address of your squid box, on the lan interface (do not set it as a default gateway and do not monitor it)

    and you can use policy routing in the firewall rules to redirect traffic originating from your lan but the squid box with destination port 80 to be forwarded to the squid box, and in advanced properties choose sloppy state as state type  and choose your "squid gateway" as gateway .

    In the attachment you can see screenshots of pfsense config.

    Cheers,
    Stéphane

    pfsense_squid_ext.png
    pfsense_squid_ext.png_thumb

    1 Reply Last reply Reply Quote 0
    • J
      jazzl0ver
      last edited by Oct 24, 2012, 3:30 PM

      Thank you very, VERY, much!! The "sloppy state" is the answer to my issue!

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
        This community forum collects and processes your personal information.
        consent.not_received