Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Stand-alone Squid web proxy and NAT

    NAT
    1
    3
    955
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      DaleX001 last edited by

      Hello,

      Here's my setup :

      • 3 sites (2 @home, 1@datacenter)
      • 2 ALIX 2D13 pfsense boxes (@home) and 1 pfSense VM (@datacenter) set as default gateway for their respective sites/subnets
      • All 3 sites connected via IPSEC VPN
      • 1 Debian 7 Squid web proxy machine @datacenter

      What I'm trying to do is getting all HTTP traffic to go through the Squid box which is in a datacenter.

      I successfully routed http traffic from my 2 @home sites (ALIX boxes) to my squid proxy through the VPN tunnel using a NAT rule :

      interface=LAN from=any to=!localnet protocol=tcp source_port=any dest_port=80 => proxy_ip proxy_port

      NB : localnet is an alias including all my local subnets

      Now when it comes to machines in my datacenter, if i set the same NAT rule on the pfSense VM, it doesn't work. I also tried excluding the proxy itself to avoid loops :

      interface=LAN from=!proxy to=!localnet protocol=tcp source_port=any dest_port=80 => proxy_ip proxy_port

      Obvisouly i'm using NAT rules to avoid the need for any client-based proxy configuration.

      Most things I read so far on that matter only deal with the squid module for pfsense, but in my setup Squid is on a stand alone machine.
      Any fresh ideas would be appreciated.

      Thank you.

      1 Reply Last reply Reply Quote 0
      • D
        DaleX001 last edited by

        I've been through the following topic  : https://forum.pfsense.org/index.php?topic=39736.0
        It looks like my issue could be that I try to NAT from and to the same interface (from LAN to LAN).

        Maybe I just need to add an extra interface for my Squid box so as to NAT "from LAN to SQUID".
        It seems consistent with what I already did for the remote sites : natting "from LAN to IPSEC".

        Could anybody confirm that ?
        Thanks.

        PS : All boxes are running pfSense 2.1.5

        1 Reply Last reply Reply Quote 0
        • D
          DaleX001 last edited by

          Adding a new subnet for SQUID/NAT is not working either… I'm stuck... :-[

          1 Reply Last reply Reply Quote 0
          • First post
            Last post