• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Stand-alone Squid web proxy and NAT

Scheduled Pinned Locked Moved NAT
3 Posts 1 Posters 1.2k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • D
    DaleX001
    last edited by Sep 21, 2014, 12:29 AM

    Hello,

    Here's my setup :

    • 3 sites (2 @home, 1@datacenter)
    • 2 ALIX 2D13 pfsense boxes (@home) and 1 pfSense VM (@datacenter) set as default gateway for their respective sites/subnets
    • All 3 sites connected via IPSEC VPN
    • 1 Debian 7 Squid web proxy machine @datacenter

    What I'm trying to do is getting all HTTP traffic to go through the Squid box which is in a datacenter.

    I successfully routed http traffic from my 2 @home sites (ALIX boxes) to my squid proxy through the VPN tunnel using a NAT rule :

    interface=LAN from=any to=!localnet protocol=tcp source_port=any dest_port=80 => proxy_ip proxy_port

    NB : localnet is an alias including all my local subnets

    Now when it comes to machines in my datacenter, if i set the same NAT rule on the pfSense VM, it doesn't work. I also tried excluding the proxy itself to avoid loops :

    interface=LAN from=!proxy to=!localnet protocol=tcp source_port=any dest_port=80 => proxy_ip proxy_port

    Obvisouly i'm using NAT rules to avoid the need for any client-based proxy configuration.

    Most things I read so far on that matter only deal with the squid module for pfsense, but in my setup Squid is on a stand alone machine.
    Any fresh ideas would be appreciated.

    Thank you.

    1 Reply Last reply Reply Quote 0
    • D
      DaleX001
      last edited by Sep 21, 2014, 1:16 AM

      I've been through the following topic  : https://forum.pfsense.org/index.php?topic=39736.0
      It looks like my issue could be that I try to NAT from and to the same interface (from LAN to LAN).

      Maybe I just need to add an extra interface for my Squid box so as to NAT "from LAN to SQUID".
      It seems consistent with what I already did for the remote sites : natting "from LAN to IPSEC".

      Could anybody confirm that ?
      Thanks.

      PS : All boxes are running pfSense 2.1.5

      1 Reply Last reply Reply Quote 0
      • D
        DaleX001
        last edited by Sep 21, 2014, 2:09 AM

        Adding a new subnet for SQUID/NAT is not working either… I'm stuck... :-[

        1 Reply Last reply Reply Quote 0
        3 out of 3
        • First post
          3/3
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
          This community forum collects and processes your personal information.
          consent.not_received