Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Redirect Traffic…

    Routing and Multi WAN
    2
    6
    4491
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      SB last edited by

      Hi all,

      I want to implement a policy based routing rule that redirects all traffic recieved on certain TCP ports. So for example redirect port 80 to our internal squid proxy, that is running in transparent mode listening on port 80. I've had a play with attempting to do this with a rule using a specific gateway, and a server pool without success.

      Is this possible, and if so how do I accomplish it?

      Thanks,

      Scott :)

      1 Reply Last reply Reply Quote 0
      • S
        SB last edited by

        I've just tried sticking the proxy on an OPT interface, and setting the proxy IP address as the gateway in a load balancer and creating a policy rule to redirect to it.

        Only problem was the firewall didn't seem to accept traffic coming back from the gateway - the proxy could no longer get out onto the internet. Doh!

        1 Reply Last reply Reply Quote 0
        • D
          dwadson last edited by

          Set up a load balancer pool using your internal squid proxy as a "gateway".

          Set up a LAN rule that redirects all port 80 TCP traffic whose source is NOT the squid proxy to the squid load balancer pool.

          Myself, with dual WAN connections, have another rule that redirects port 80 traffic from my web proxy out through a failover pool.

          My squid proxy, running linux, has an iptables rule that redirects the web requests from internal IP addresses to port 8080 that squid is listening on. I can't recall if you can get it to work transparently if you have it listening on port 80. My rule is:

          iptables -t nat -A PREROUTING -i eth0 -d ! <proxy ip="" address="">-p tcp –dport 80 -j REDIRECT --to-ports 8080</proxy>

          1 Reply Last reply Reply Quote 0
          • S
            SB last edited by

            Well… I created a Load Balancer with the squid proxy as a server entry. I set a LAN rule up so that only traffic from my PC IP address on TCP port 80 uses the balancer pool previously created. Nothing happened.

            With a gateway load balancer pool, you can only select interfaces, not servers?

            1 Reply Last reply Reply Quote 0
            • S
              SB last edited by

              OK, I managed to set up the Load Balancer rule by manually editing the config.xml. According to my packet sniffer the HTTP traffic is now being redirected to my internal squid proxy server. Just can't get the transparent proxy working on port 80 as you said. Will have to play with getting it to run on another port and setting up ipfilter. Just gotta remember how to do that under solaris ;)

              1 Reply Last reply Reply Quote 0
              • S
                SB last edited by

                All working :)

                For anyone that is interested:

                I configured a Load Balancing Gateway pool, set up with any interface and a monitor IP of the proxy server.
                I edited config.xml, and changed the interface in the pool above to the IP address of the proxy server. Reupload if edited offline, just reboot if edited on the server.
                Configure squid to run transparently on a port other than 80. I chose 3128 (the default) "http_port 192.168.10.246:3128 transparent" in Squid 2.6.
                Configure a NAT rule to redirect requests on port 80 to the port you chose above. dwadson post a linux rule below, under Solaris I used:

                rdr bge0 0.0.0.0/0 port 80 -> 192.168.10.246 port 3128

                Start Squid and enjoy :)

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post

                Products

                • Platform Overview
                • TNSR
                • pfSense
                • Appliances

                Services

                • Training
                • Professional Services

                Support

                • Subscription Plans
                • Contact Support
                • Product Lifecycle
                • Documentation

                News

                • Media Coverage
                • Press
                • Events

                Resources

                • Blog
                • FAQ
                • Find a Partner
                • Resource Library
                • Security Information

                Company

                • About Us
                • Careers
                • Partners
                • Contact Us
                • Legal
                Our Mission

                We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                Subscribe to our Newsletter

                Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                © 2021 Rubicon Communications, LLC | Privacy Policy