NAT rule to redirect traffic to proxy port



  • Hi all, I have a wpad setup that uses squid proxy and squidguard, I have a lan rule that blocks outgoing traffic from port 80 and 443.

    The issue I am having is some programs (Adobe CC and other programs which have no proxy settings) are not using the "system internet settings" and still wants to go through port 80.

    Is there a way to redirect traffic going to port 80 to the proxy port?

    I tried something like this

    LAN	TCP	LAN address	80 (HTTP) WAN address	80 (HTTP)	192.168.1.1	3128
    LAN	TCP	LAN address	443 (HTTPS)	WAN address	443 (HTTPS)	192.168.1.1	3128
    

    But it did not seem to redirect the traffic, any ideas?



  • You can't do explicit mode and transparent mode at the same time, which is what you're essentially doing by trying to redirect that traffic while having transparent mode disabled.  A quick hack would be to add a firewall rule above the 80/443 block that allows all users of such programs to connect directly via 80/443 to destination servers at particular IP addresses.  Create two aliases to hold your user's IP addresses and the destination IPs.



  • You can't do explicit mode and transparent mode at the same time

    That is what I was afraid of.

    a quick hack would be to add a firewall rule above the 80/443 block that allows all users of such programs to connect directly via 80/443

    So if all users are using such programs then all users would bypass the port 80/443 then all users can bypass the proxy, this is not a good option.

    What I am doing at the moment is when I need to connect to such programs I temporary create a rule to bypass that user then when I am done I disable the rule.

    Was just looking for a better option.



  • So if all users are using such programs then all users would bypass the port 80/443 then all users can bypass the proxy, this is not a good option.

    Like I said, your rule would only allow 80/433 out from particular users to specified destination addresses, like the update, authentication or control servers that these apps want to talk to.