Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Setting up Multi Wan pfSense with dansguardian + squid on other box

    Scheduled Pinned Locked Moved pfSense Packages
    6 Posts 2 Posters 1.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      kaze
      last edited by

      Hello I have trouble with this setup,
      Running pfSense 2.1 with 2 wan, I have a dansguardian + squid instance running ok on another box in the lan,
      if I setup the dansguardian on the proxy configuration of the clients machines everything is ok,
      if I try to make an "Firewall: NAT: Port Forward" rule to map any port 80 destination to the DG box it does not connect at all.
      Any tips ?

      1 Reply Last reply Reply Quote 0
      • marcellocM
        marcelloc
        last edited by

        @kaze:

        if I try to make an "Firewall: NAT: Port Forward" rule to map any port 80 destination to the DG box it does not connect at all.
        Any tips ?

        Can you check with tcpdump if packages are reaching dansguardian?
        Did you excluded dansguardian ip from this forward rule?

        Treinamentos de Elite: http://sys-squad.com

        Help a community developer! ;D

        1 Reply Last reply Reply Quote 0
        • K
          kaze
          last edited by

          Nope I didn't find out how to exclude the DG ip from nat rule.

          1 Reply Last reply Reply Quote 0
          • marcellocM
            marcelloc
            last edited by

            @kaze:

            Nope I didn't find out how to exclude the DG ip from nat rule.

            Create one before this one, add dansguardian ip and enable option "No RDR".

            Without it, the rule creates a loop between proxy server and firewall.

            Treinamentos de Elite: http://sys-squad.com

            Help a community developer! ;D

            1 Reply Last reply Reply Quote 0
            • K
              kaze
              last edited by

              Thank you very much I'll will try this tomorrow as I don't have access to the server right now,
              I was sure it wasn't looping since the remote DG access.log wasn't showing any activity.

              1 Reply Last reply Reply Quote 0
              • K
                kaze
                last edited by

                Unfortunately not working, the DG host see my machine connecting :
                tcpdump:```
                08:49:34.944203 IP munnin.blkz.net.8080 > 192.168.0.99.51708: Flags [S.], seq 2341763301, ack 4041716888, win 65535, options [mss 1460,nop,wscale 6,sackOK,TS val 1498471935 ecr 35021758], length 0
                08:49:35.408208 IP munnin.blkz.net.8080 > 192.168.0.99.51707: Flags [S.], seq 2293124076, ack 3629114992, win 65535, options [mss 1460,nop,wscale 6,sackOK,TS val 3987869326 ecr 35021205], length 0

                But never connect back.
                
                Here are my pfsense rules and nat:
                
                ![](http://tollen.free.fr/images/NAT.png)
                
                ![](http://tollen.free.fr/images/NATR.png)
                
                ![](http://tollen.free.fr/images/FW.png)
                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.