Squid Transparent not work with 1:1 NAT



  • Hello!
    I have two pfsense 2.0.3 in HA with CARP
    I have also squid + squidguard in transparent mode. yesterday squid stop to works. After lots of hours i've noticed that if 1:1 NAT is configured the redirect rule of squid automagically disappears… On the second firewall i try to disable all 1:1 NAT entries and the redirect rule of squid automagically reappers... any know bug? Thanks!



  • Really no ideas? a bug? I'm the only one with this problem?  :'( :'( :'(



  • My understanding of 1:1 NAT is that it is similar to putting a device or subnet in the DMZ.  It becomes completely exposed to incoming traffic on the IP address given to it.  I think what you are experiencing is the correct behavior for 1:1 NAT.  If you want the traffic to pass through the proxy, I think you need to set up port forwarding instead of 1:1 NAT.

    If the device on the 1:1 NAT requires a different external IP address than the WAN address of your firewall, I would not have an idea of how to do that and still have the traffic for it go through the proxy.

    http://doc.pfsense.org/index.php/1:1_NAT



  • @Syntax42:

    My understanding of 1:1 NAT is that it is similar to putting a device or subnet in the DMZ.  It becomes completely exposed to incoming traffic on the IP address given to it.  I think what you are experiencing is the correct behavior for 1:1 NAT.  If you want the traffic to pass through the proxy, I think you need to set up port forwarding instead of 1:1 NAT.

    If the device on the 1:1 NAT requires a different external IP address than the WAN address of your firewall, I would not have an idea of how to do that and still have the traffic for it go through the proxy.

    http://doc.pfsense.org/index.php/1:1_NAT

    Thanks. I discover that it is not related to NAT1:1 but to squid module….