Redirect to alternate proxy



  • Basically, I want to redirect all outgoing http traffic to my proxy but allow my proxy to pass its own http through (so that a nasty and pointless loop is avoided)

    I found this old topic http://forum.pfsense.org/index.php/topic,3086.0.html

    It describes exactly what I want to do and as it is an old topic I thought there might be some developments in this area

    I've tried various NAT/Firewall configs but nothing works as I would hope.

    I want to avoid having to manually configure proxy settings on each host as that is very boring indeed.

    Cheers,
    Neil



  • Would adding 'Source / Dest' rules, for port redirection, be considered a bounty topic?

    Whilst I am EXTREMELY impressed with pfSense, I think the NAT/Redirection could be improved upon.

    I now have two troublesome points due to the inability to identify Source Dest IPs/Subnets whilst performing redirection:

    1. HTTP Proxy - internal clients need to be manually configured or network topology has to change (first is problematic due to mobile users, second is just not a viable workaround for me). Could be fixed (easily?) with a Source IP/Net scope in the redirect

    2. Mail configuration for locally hosted server. Whether this is a bug or not, I can't tell. Here is the scenario:

    WAN IP resolvable to mydomain.com (for which MX record exists)
    WAN redirect rule for port 143 to go to mailserver.my.lan on LAN
    LAN client tries to connect to mailserver with public DNS of mailserver.hosted.com but passthrough does not occur as request comes from LAN (or at least that is what appears to be happening). Setting up a LAN redirect for port 143 is simply not an option due to connecting to multiple IMAP servers UNLESS a Destination IP/Net Scope can be implemented. What would probably be better is that if the outgoing LAN packet resolves back to the router then it be classified as WAN source and dealt with as such.

    There is another fix (maybe more) if internal DNS registrations for local clients are enabled and the LAN host name matches the public DNS record. And when I say fix, I mean the end user doesn't have to reconfigure their mail client whenever they are outside of the LAN. however, that is not such a great fix if you have more than one domain.

    Many, many thanks for a superb product in any case!

    n


Locked