Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Squid Transparent not work with 1:1 NAT

    NAT
    2
    4
    1284
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      baba last edited by

      Hello!
      I have two pfsense 2.0.3 in HA with CARP
      I have also squid + squidguard in transparent mode. yesterday squid stop to works. After lots of hours i've noticed that if 1:1 NAT is configured the redirect rule of squid automagically disappears… On the second firewall i try to disable all 1:1 NAT entries and the redirect rule of squid automagically reappers... any know bug? Thanks!

      1 Reply Last reply Reply Quote 0
      • B
        baba last edited by

        Really no ideas? a bug? I'm the only one with this problem?  :'( :'( :'(

        1 Reply Last reply Reply Quote 0
        • S
          Syntax42 last edited by

          My understanding of 1:1 NAT is that it is similar to putting a device or subnet in the DMZ.  It becomes completely exposed to incoming traffic on the IP address given to it.  I think what you are experiencing is the correct behavior for 1:1 NAT.  If you want the traffic to pass through the proxy, I think you need to set up port forwarding instead of 1:1 NAT.

          If the device on the 1:1 NAT requires a different external IP address than the WAN address of your firewall, I would not have an idea of how to do that and still have the traffic for it go through the proxy.

          http://doc.pfsense.org/index.php/1:1_NAT

          1 Reply Last reply Reply Quote 0
          • B
            baba last edited by

            @Syntax42:

            My understanding of 1:1 NAT is that it is similar to putting a device or subnet in the DMZ.  It becomes completely exposed to incoming traffic on the IP address given to it.  I think what you are experiencing is the correct behavior for 1:1 NAT.  If you want the traffic to pass through the proxy, I think you need to set up port forwarding instead of 1:1 NAT.

            If the device on the 1:1 NAT requires a different external IP address than the WAN address of your firewall, I would not have an idea of how to do that and still have the traffic for it go through the proxy.

            http://doc.pfsense.org/index.php/1:1_NAT

            Thanks. I discover that it is not related to NAT1:1 but to squid module….

            1 Reply Last reply Reply Quote 0
            • First post
              Last post