NAT Config help

  • I would like to set up a transparent proxy for my WLAN users, current setup is as following:

    i Currently have 3 interfaces:

    • WAN
    • LAN
    • WLAN

    My proxy will be running on a server on the LAN interface as it don't like to run the unstable squid package in the FW.

    So what i want to do is redirect all outgoing requests on port 80 from WLAN to port 80 on the LAN server, how will i approach this?

  • Has nothing to do with NAT.
    Create a rule that blocks everything except traffic from your proxy.
    Then change the browsers (IE / FF) of your clients to use the proxy.

  • that would not be transparent would it.

    The whole purpose of this solution is that i don't have control over every client accessing the WLAN, thats why i want to redirect all of their http traffic to the proxy in a transparent solution without configuring anything on the clients.

    F eks, i know how to do this with IPtables:

    iptables -t nat -A PREROUTING -i $LAN_IN -p tcp --dport 80 -j DNAT --to $SQUID_SERVER:$SQUID_PORT

    i just need a little guidance in the PF nat rule for this

  • well that's why i'd set up the rules to "block all except the proxy".
    It forces your clients to use the proxy or they dont have internet.

    i'm not sure that the approach you wrote is possible.
    and if it is you would have to do it manually from the console which is not supported
    did you take a look at the man pages of pf?

  • i have some experience with pf from running a openbsd firewall, but not to much on the NAT/RDR part, im guessing a rule like this would suffice:

    rdr pass on $wlan_if inet proto tcp from any to any port www -> $squid_server port $squid_port

    But i wanted to do it in the web gui as you said, configuring from the command line is not supported :(

    Is there a file or something that can contain custom rules?

Log in to reply