Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Dansguardian CARP Interface

    Scheduled Pinned Locked Moved pfSense Packages
    2 Posts 2 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tj.krause
      last edited by

      Hi Guys,

      We have a very large network with 12 locations and on average 3,000 users per day all running through Dansguardian and pfSense with no issues. However, we only have HTTP filtering since we're using NAT to redirect traffic to Dansguardian from port 80 to 8080. We would like to change this by using WPAD to configure the clients browser to use the proxy for HTTPS as well so we can at least filter by hostname. The problem is that we have a primary/secondary pfSense pair using CARP and as far as I can tell Dansguardian will not listen on a CARP IP Address which is what we need since when the main box goes down the second box will not have the same IP attached.

      My thoughts have been to using DNS Forwarder to override a domain name and use that for the address of our proxy but we're using it for split DNS for our in-house servers and would not be able to use XMLRPC sync to keep the DNS Forwarders in sync on both boxes so my next idea was to edit the config file manually but won't it get overridden when any changes are made to Dansguardian?

      Does anyone have any ideas to make this sort of thing work?

      Thanks in advance!

      1 Reply Last reply Reply Quote 0
      • M
        mschiek01
        last edited by

        I have this configuration on a few boxes.

        1 Squid needs to point to loopback
        2 Dansguardian needs to point to loopback
        3 You need a port forward from your carp ip to your loopback

        listen squid/dansguardian on loopback and create a rdr nat to forward from carp address to proxy daemon

        user –> carp address -> dansguardian@127.0.0.1 -> squid@127.0.0.1 -> internet

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.