Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    NAT Config help

    Scheduled Pinned Locked Moved NAT
    5 Posts 2 Posters 2.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mastrboy
      last edited by

      I would like to set up a transparent proxy for my WLAN users, current setup is as following:

      i Currently have 3 interfaces:

      • WAN
      • LAN
      • WLAN

      My proxy will be running on a server on the LAN interface as it don't like to run the unstable squid package in the FW.

      So what i want to do is redirect all outgoing requests on port 80 from WLAN to port 80 on the LAN server, how will i approach this?

      1 Reply Last reply Reply Quote 0
      • GruensFroeschliG
        GruensFroeschli
        last edited by

        Has nothing to do with NAT.
        Create a rule that blocks everything except traffic from your proxy.
        Then change the browsers (IE / FF) of your clients to use the proxy.

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • M
          mastrboy
          last edited by

          that would not be transparent would it.

          The whole purpose of this solution is that i don't have control over every client accessing the WLAN, thats why i want to redirect all of their http traffic to the proxy in a transparent solution without configuring anything on the clients.

          F eks, i know how to do this with IPtables:

          iptables -t nat -A PREROUTING -i $LAN_IN -p tcp --dport 80 -j DNAT --to $SQUID_SERVER:$SQUID_PORT
          

          i just need a little guidance in the PF nat rule for this

          1 Reply Last reply Reply Quote 0
          • GruensFroeschliG
            GruensFroeschli
            last edited by

            well that's why i'd set up the rules to "block all except the proxy".
            It forces your clients to use the proxy or they dont have internet.

            i'm not sure that the approach you wrote is possible.
            and if it is you would have to do it manually from the console which is not supported
            did you take a look at the man pages of pf?

            We do what we must, because we can.

            Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

            1 Reply Last reply Reply Quote 0
            • M
              mastrboy
              last edited by

              i have some experience with pf from running a openbsd firewall, but not to much on the NAT/RDR part, im guessing a rule like this would suffice:

              rdr pass on $wlan_if inet proto tcp from any to any port www -> $squid_server port $squid_port
              

              But i wanted to do it in the web gui as you said, configuring from the command line is not supported :(

              Is there a file or something that can contain custom rules?

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.