Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [SOLVED] selectively let random LAN IP bypass port forwarding to squid/DG/SG

    Scheduled Pinned Locked Moved NAT
    5 Posts 2 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      nicknack
      last edited by

      let's say i want all LAN from 192.168.100.0/24 http traffic
      to go through squid / dansguardian / squidguard,
      how do I add exception to some IP to pass through directly ?

      in iptables i can just put their IP in PREROUTING and use ACCEPT taget,
      But I can't find out how I should do this in Firewall - NAT - Port Forwarding menu in pfsense…

      Anybody care to point me how ?

      TIA...

      1 Reply Last reply Reply Quote 0
      • R
        rjcrowder
        last edited by

        It's right on the rule creation page… When you create the "forward" rule, you just enter a "not" exception for the address or range of addresses you don't want to be forwarded...

        1 Reply Last reply Reply Quote 0
        • N
          nicknack
          last edited by

          Thank you for replying this ….

          If i understand correctly, that is for just one exception ?
          i need to allow some IP to bypass the DansGuardian + squid alltogether..
          What if i need to exclude some IP ?

          1 Reply Last reply Reply Quote 0
          • R
            rjcrowder
            last edited by

            You can do a range. For example: 192.168.5.200/29 would exclude address from 192.168.5.200 though 192.168.5.207. See this online calculator http://www.subnet-calculator.com/and you can play with masks to see how it works.

            You can also create an alias and then use the alias in your rule. In the alias, you can setup any combination of individual addresses or ranges of addresses.

            1 Reply Last reply Reply Quote 0
            • N
              nicknack
              last edited by

              Yes… alias, i didn't think of that..
              the IP i want to allow is not necessarily in sequence,
              they're like 10.0.1.5, 10.0.1.59, 10.0.1.151 and so on...

              So alias it is ...

              Thank you very much !

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.