Install packages through LAN proxy

  • Guys, I'm having an issue where pfSense is used as an internal network, which has no access to the internet. It just routes and firewalls some internal, industrial-purposed networks, where internet access is not needed/allowed.
    However, I need some packages to install on it, and I can manage to get some temporary internet access through a host connected to one of the internal LANs behind it, by running an http proxy.

    I've got in System: Advanced: Miscellaneous: Proxy support enabled an set up to the working proxy. The update checker in the dashboard uses it and correctly detects that I'm on the latest release.

    But in System: Package Manager: Available Packages I still get an error message saying it's unable to download the packages list after some considerable timeout. It seems the Package Manager doesn't take into account the proxy setting specified in the Proxy support page. Only the update checker works.

    Note the special case when the proxy is not seen through the WAN interface, but through one of the LANs. Could that be the cause?

  • From the sound of it, you'll have to find a way to get the PFS to route out directly to the internet, even if only temporarily. If you have a gateway out to the web on the same network as the PFS WAN you can just change your default gateway out and that should do it. Otherwise, you may have to add a route to your switch to allow the PFS to 'see' the internet properly.

  • I know that. But I was hoping I could just use the local proxy for that, there's no way to put any internet connection on the WAN side at all.

  • Had a quick look at the php involved in downloading and installing the packages. From what I can see, the system pulls down a '*.pbi' package file and drops it in the /tmp folder from where it installs it. If you can set up a second PFS which can pull down the relevant package file directly from the internet, you could transfer the *.pbi to your internal PFS and install it manually perhaps.

  • Banned

    That certainly would not work, downloading the PBIs will get you no GUI.

  • Yep, that's what I was afraid of.

  • Banned

    Other than that - this should work on any 2.2.x box (see Random pointers (this really is not debuggable in a meaningful way without logs from the proxy or some packet captures)

    • If you have IPv6 set up there, tick the "Prefer IPv4" checkbox.
    • Remember that the traffic is HTTPS (if the proxy won't proxy HTTPS, it won't work)

  • It doesn't work, sorry. (and I'm using IPv4 only)

    On my proxy's log, I see when it connects from the dashboard to via HTTPS. But there's no log entry at all for anyone trying to access in any way, despite the fact that I clicked several times in the web gui to the Available Packages link. It just says "unable to communicate with…" but in reality, it doesn't even try to touch the configured proxy server.

  • Banned

    Do some packet capture, perhaps, and file a bug eventually.

  • OK, packages don't download through LAN proxy that's for sure.
    Worked around by setting up a VPN server on LAN side, connecting from pfSense to that as VPN client and routing all internet traffic through it.

  • @doktornotor:

    That certainly would not work, downloading the PBIs will get you no GUI.

    My bad. Hadn't tried it, so wasn't sure but thought it might be worth a go. Good to hear you found a workaround.

  • Hello i am new to this too . I have as a project to make a Computer work as DHCP ,  Firewall , DNS , http(s) proxy and L3 routing  and route traffic from trusted and DMZ to and the outside network of the school that has internet connection threw another proxy.  (Proxy support isn't working for me either) Is there any way to install the packages manually (even the pkg is not installed)?I can download any packages from my trusted network but i have no internet connection on pfsense.I posted here as its similar problem .

Log in to reply