Setting up Multi Wan pfSense with dansguardian + squid on other box



  • Hello I have trouble with this setup,
    Running pfSense 2.1 with 2 wan, I have a dansguardian + squid instance running ok on another box in the lan,
    if I setup the dansguardian on the proxy configuration of the clients machines everything is ok,
    if I try to make an "Firewall: NAT: Port Forward" rule to map any port 80 destination to the DG box it does not connect at all.
    Any tips ?



  • @kaze:

    if I try to make an "Firewall: NAT: Port Forward" rule to map any port 80 destination to the DG box it does not connect at all.
    Any tips ?

    Can you check with tcpdump if packages are reaching dansguardian?
    Did you excluded dansguardian ip from this forward rule?



  • Nope I didn't find out how to exclude the DG ip from nat rule.



  • @kaze:

    Nope I didn't find out how to exclude the DG ip from nat rule.

    Create one before this one, add dansguardian ip and enable option "No RDR".

    Without it, the rule creates a loop between proxy server and firewall.



  • Thank you very much I'll will try this tomorrow as I don't have access to the server right now,
    I was sure it wasn't looping since the remote DG access.log wasn't showing any activity.



  • Unfortunately not working, the DG host see my machine connecting :
    tcpdump:```
    08:49:34.944203 IP munnin.blkz.net.8080 > 192.168.0.99.51708: Flags [S.], seq 2341763301, ack 4041716888, win 65535, options [mss 1460,nop,wscale 6,sackOK,TS val 1498471935 ecr 35021758], length 0
    08:49:35.408208 IP munnin.blkz.net.8080 > 192.168.0.99.51707: Flags [S.], seq 2293124076, ack 3629114992, win 65535, options [mss 1460,nop,wscale 6,sackOK,TS val 3987869326 ecr 35021205], length 0

    But never connect back.
    
    Here are my pfsense rules and nat:
    
    ![](http://tollen.free.fr/images/NAT.png)
    
    ![](http://tollen.free.fr/images/NATR.png)
    
    ![](http://tollen.free.fr/images/FW.png)

Log in to reply