Pfsense as proxy server on an existing VPN network
-
Hi guys,
Good day!
I've been searching since last month on how to configure my pfsense box that will work as a proxy server.
Im working on a small company that has an existing VPN lease line provided by the ISP.
Heres the story.
The current setup is that the cable from ISPs modem is directly inserted to our internal switch (currently we don't have firewall),so they have all the control of in/out of our network. So everytime we control internet access (giving internet access to specific IP, blocking websites etc.) we always call our ISP to perform the task. And this is very tedious on our part.
So i decided to explore pfsense installed on an i7 PC with 2 NIC.
Since I cant modify the current physical setup (as what is advised by my superior) what I did is put the other end of the 2 NICs (LAN&WAN) from pfsense box to our internal switch.
Everything is ok, I can access the webGui and even install packages including 'squid' (proxy server). Except when after configuring the proxy settings of the client PC it cant connect to the internet and it only return the page " DNS rebinding". I been searching google for the solution but still no luck.Hope somebody could assist me in configuring my first pfsense box.
Here is the additional settings for reference.
WAN IP - 192.168.0.251 - static (provided by the ISP; with internet access)
LAN IP - 192.168.0.250
WAN Gateway - 192.168.0.6 - static (provided by ISP)
Lan gateway - noneThanks in advance for the help guys.
-
This is completely broken. You cannot have LAN on the same subnet as WAN.
-
Hi sir dok,
Thanks for your quick reply.
I tried to change my LAN to 192.168.7.1 but still same error when i try to connect the client pc.
Any advice on what should I do with my setup sir?.Thanks in advance again.
-
Hi Sir Dok,
Good Day!
I am providing here with a simple diagram for your reference.
Hope this will help in figuring out on how to correctly setup my pfsense box.Thank you again in advance.

 -
Does not make any sense whatsoever unless it's a managed switch with VLANs. Cannot even see how does that fix the "everytime we control internet access (giving internet access to specific IP, blocking websites etc.) we always call our ISP to perform the task" issue.