NAT rule for Squid is not working


  • Again a noob question.

    I got Squid (authenticating/explicit mode with local users) and SquidGuard working on top of pfSense.

    My pfSense machine is 192.168.1.1/24; two other systems on same subnet with dynamic IP derived from a DHCP service running on Win2k8 server.

    My NAT rule is like this:

    Src Address: *
    Src Ports: *
    Destination Address: WAN net
    Destination Port: (80) HTTP
    Destination IP: 192.168.1.1
    Destination Port: 3128

    It doesn't seem to redirect the traffic to proxy. What am I doing wrong?

    I read somewhere on the forum that the pfSense/Squid machine need to be on a different subnet for such rule to work. But I believe that would be the case if Squid and pfSense are running on different machines.

    I have been fiddling with this all night and now I am at wit's end. Any help would be godsend.


  • Change the destination address in your rule to 'Any'. When you're making connections from a client machine to the internet the destination address can be literally anything and your rule is not catching them now.


  • Yes finally got it working. Thanks a lot.