Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Comprehension question: NAT plus Squid3

    Scheduled Pinned Locked Moved NAT
    9 Posts 5 Posters 3.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P Offline
      paulfred
      last edited by

      Good Day to all of you,

      I would like to use Squid3 to Redirect 3 urls to internal resources.  All of them are Port 443 urls.

      What do I need to do to get that to work with NAT rules? May I have multiple of these NAT rules?

      To describe what I would like to do:

      1. https://webaccess.tld.com
        Internal: 172.16.xx.2
        Port: 443

      2. https://whatever.tld.com
        Internal 172.16.xx.10
        Port: 443

      So… is there something I have think about or is it just dead simple? May I add multiple NAT rules for the same port?

      Thank you in advance and please excuse if I may asked stupid things here.

      Cheers,
      Alexander

      1 Reply Last reply Reply Quote 0
      • P Offline
        paulfred
        last edited by

        Hi there,

        okay - I think that I did not actually pointed out where my issue is coming from.

        Currently I am just point to one webserver externally published.

        -> https://subdomain1.domain.com
        -> NAT - External:443 to Internal 172.16.xx.2:443
        -> Corresponding Firewall Rule for Port 443

        Now I would like to extend this to a few more machines. Some of those have to listen on Port 443 too. Adding multiple NAT Rules for Port 443 does not work - so my initial question is related to the NAT Settings, to get this below mentioned scenario to work:

        -> https://subdomain1.domain.com
        -> NAT - External:443 to Internal 172.16.xx.2:443

        plus

        -> https://subdomain2.domain.com
        -> NAT - External:443 to Internal 172.16.xx.22:443

        plus

        -> https://subdomain3.domain.com
        -> NAT - External:443 to Internal 172.16.xx.33:443

        Squid 3 Setup has been made according to the "howto" provided here.

        Thank you in advance for your hints. Any help is very much appreciated.

        Kind regards,
        Alexander

        1 Reply Last reply Reply Quote 0
        • L Offline
          LeMa
          last edited by

          hi paulfred,

          basically im just interested into pfSense and testing out a few things myself. unfortunately it seems that answers here are more on the rare side…

          what i can tell you is, that you can only forward port 443 in the wan side once. because: how should pfSense know which server to use? besides, i would recommend that you put them into a dmz zone, guess you do that anyways.

          so three choices: either you have more than one (static) wan ip's from your internet provider.
          or you forward another port (e.g. 10443) to your second (, third) server to internal port 443.
          or there is only one internal server who can choose via subdomain which site to use.

          if anyone has another idea, it's welcome.

          1 Reply Last reply Reply Quote 0
          • johnpozJ Offline
            johnpoz LAYER 8 Global Moderator
            last edited by

            You can not forward the same port on the same IP to different machines based upon url - pfsense just sees IP and port.. So as mentioned you have more than 1 public IP, or you use different ports or you use a reverse proxy to your IP that understands what to do based upon url.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • P Offline
              paulfred
              last edited by

              Hi John,

              please accept my apologies in advance.

              @johnpoz:

              So as mentioned you have more than 1 public IP, or you use different ports or you use a reverse proxy to your IP that understands what to do based upon url.

              To me it seems as if my Post subject has not been either read or understood. The subject of my post was already “NAT plus Squid3” so I am fully aware, that pfSense can’t serve me any miracles. I already tried to setup Squid 3-dev to do the magic here – but I am either to numb or simple don’t get the complete picture where I am missing minor details to get this up and running.

              I need guidance how to setup the reverse proxy to get this flyin. Or just an answer, that I should go home, or get commercial support – or whatever. But this is frustrating… as pfSense is the only product since many years to serve my requirements. If tried a lot of others – just 30 mins ago again a Zywall USG50 without success.

              All I can do is to describe what I need, and what I have done to achieve that. I’ve been reading posts here in this forum, I’ve been trying to do the same setup to get my desired setup running… and I am simply failing.

              @paulfred:

              Squid 3 Setup has been made according to the "howto" provided here.

              Kind regards,
              Alexander

              1 Reply Last reply Reply Quote 0
              • B Offline
                bryan.paradis
                last edited by

                @paulfred:

                Hi John,

                please accept my apologies in advance.

                @johnpoz:

                So as mentioned you have more than 1 public IP, or you use different ports or you use a reverse proxy to your IP that understands what to do based upon url.

                To me it seems as if my Post subject has not been either read or understood. The subject of my post was already “NAT plus Squid3” so I am fully aware, that pfSense can’t serve me any miracles. I already tried to setup Squid 3-dev to do the magic here – but I am either to numb or simple don’t get the complete picture where I am missing minor details to get this up and running.

                I need guidance how to setup the reverse proxy to get this flyin. Or just an answer, that I should go home, or get commercial support – or whatever. But this is frustrating… as pfSense is the only product since many years to serve my requirements. If tried a lot of others – just 30 mins ago again a Zywall USG50 without success.

                All I can do is to describe what I need, and what I have done to achieve that. I’ve been reading posts here in this forum, I’ve been trying to do the same setup to get my desired setup running… and I am simply failing.

                @paulfred:

                Squid 3 Setup has been made according to the "howto" provided here.

                Kind regards,
                Alexander

                Please reference the how to. Screenshots of your setup of squid3 and maybe log from squid showing us what is actually happening.

                1 Reply Last reply Reply Quote 0
                • johnpozJ Offline
                  johnpoz LAYER 8 Global Moderator
                  last edited by

                  "Squid 3 Setup has been made according to the "howto" provided here."

                  What howto are you using?  And what are you squid settings.  Can we see them?  Your mention of nat rules threw me and I over looked the squid reverse proxy setup that you mention - my bad ;)

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.8, 24.11

                  1 Reply Last reply Reply Quote 0
                  • B Offline
                    bsmither
                    last edited by

                    Can we keep progressing on a resolution to this topic?

                    "What are your squid settings?"

                    If the system (pfSense/Squid/etc) is not performing the task(s) desired, why bother looking at settings? I do not need to know what I did wrong (although there is value in understanding that), I need to know what to do right.

                    1 Reply Last reply Reply Quote 0
                    • johnpozJ Offline
                      johnpoz LAYER 8 Global Moderator
                      last edited by

                      And who are you?  The OP was named paulfred.. As to looking at the settngs - well if its not performing the task the OP wanted is prob because he set it up wrong, or it doesn't even do what he thinks it can do.  Some clear understanding of what he did, or thinks he did wold be helpful in trying to figure out if it would work or not even.

                      He mentions he followed a guide, but never even links to the what guide..

                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                      If you get confused: Listen to the Music Play
                      Please don't Chat/PM me for help, unless mod related
                      SG-4860 24.11 | Lab VMs 2.8, 24.11

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.