3

I am using PFSense 2.0 and trying to get transparent proxy to work. As the internal Squid won't work with loadbalancing and dual-wan (and it seems Squid doesn't work at all on the latest build), I installed Squid on one of the Linux servers I have on my LAN.

My LAN is 10.10.10.0/24 and all my servers are between 10.10.10.10-20 and desktops 10.10.10.200-250. How can I redirect HTTP connections from my desktops to my Squid server at 10.10.10.13:3128? I have tried looking the answer with google, but only seem to come up with transparent proxy Howtos for running the Squid on PFSense box.

Raynet
  • 511
  • 2
  • 4
  • 11
  • I'm curious to see the answer to this as well, as I have a network I'm needing to set this up on soon. – EEAA Oct 27 '09 at 00:29

1 Answers1

1

SO in PF you have to do the following:

int_if="fxp0"
ext_if="em0"

rdr on $int_if inet proto tcp from any to any port www -> 127.0.0.1 port 3128

pass in on $int_if inet proto tcp from any to 127.0.0.1 port 3128 keep state
pass out on $ext_if inet proto tcp from any to any port www keep state

Be sure that your SQUID has the transparent module when you compiled it, or the package is transparent enabled you are using.

Istvan
  • 2,582
  • 3
  • 22
  • 29
  • Would that work with the dual WAN configuration, also the Squid is not running on the pfsense server but on another server on my LAN, therefore there really should be some kind of rule saying: forward outgoing traffic (to port 80) to this Squid server on LAN, but do not forward its traffic back to itself. – Raynet Oct 27 '09 at 18:52
  • Yes it is working like that. – Istvan Oct 27 '09 at 19:47
  • Somehow it doesn't open to me, why is there 127.0.0.1? Wouldn't that mean it directs the traffic to the PFSense machine, not to the Linux machine? And where in PFSense I need to write those commands? Assume that I've only used the webui. – Raynet Oct 27 '09 at 21:40
  • of course the 127.0.0.1 must be replaced by the ip you have the squid – Istvan Oct 28 '09 at 23:02
  • Where in PFSense do I need to write these commands? Also I have two external interfaces, so I think just using ext_if="em0" wouldn't work. – Raynet Oct 29 '09 at 21:22
  • this is pf.conf and of cource you need to replace with the proper interface names – Istvan Nov 03 '09 at 10:13