Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Forward pot 80 to 8080 on the same lan

    General pfSense Questions
    4
    5
    827
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jjalbert73 last edited by

      I am looking for help on doing a port redirect for any traffic on my Lan interface going to port 80 to a different box running dansguardian. I am running PFSENSE 2.2.4 I have a Lan and Wan interface. The history is the firewall/filter solution we were using is obsolete. I have replaced that unit with this PFSense box, but dansguardian was not working, it kept going up and down. So I have a separate linix machine that is running dansguardian on the same Lan as the PFSense box. I have set a redirect saying anything on the Lan net going out to port 80 is to go through the filter machine on port 8080. It does redirect the traffic, but the filter machine is not seeing the ip from the Lan net the traffic is coming from, it sees the Lan address from PFSense, and due to that it is blocking Web access. Is what I am looking to do possible?
      Here is the senerio I am looking at. Lan subnet is 192.168.1.0/21
      Lan address 192.168.1.1
      Protection forward says if Lan, source !192.168.1.2, destination any, destroyed port 80 redirect address
      192.168.1.2, redirect port 8080

      Is there a way to get the forward to use the client ip instead of the interface ip?

      1 Reply Last reply Reply Quote 0
      • D
        doktornotor Banned last edited by

        No, because that traffic to a different machine on LAN will not hit the firewall at all, so the end result is exactly what you described.

        1 Reply Last reply Reply Quote 0
        • J
          jjalbert73 last edited by

          Would this be possible through a vlan? Or even putting the filter in the public WAN?

          1 Reply Last reply Reply Quote 0
          • M
            muswellhillbilly last edited by

            Your best bet is to set your cilents' browsers to use the Linux proxy. You can either do this explicitly, entering the proxy server address in the network settings on the browser, or by using a proxy PAC file and setting your clients' browsers to refer to that.

            1 Reply Last reply Reply Quote 0
            • johnpoz
              johnpoz LAYER 8 Global Moderator last edited by

              ^ exactly or use of autodiscovery like wpad if your clients support that..  Its much better to do explicit pointing to your proxy then redirect from the gateway to the proxy just for the proxy to send the traffic back to the gateway.. That is a horrific hairpin setup..

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              2440 2.4.5p1 | 2x 3100 2.4.4p3 | 2x 3100 22.01 | 4860 22.05

              1 Reply Last reply Reply Quote 0
              • First post
                Last post