I have a internal LAN , DMZ and a WAN. My proxy is in the DMZ. I redirect all http traffic from the LAN to the proxy in the DMZ. The rule looks like this:
rdr on vr0 inet proto tcp from any to any port = http -> 10.6.0.10 port 8080
I would like to eventually have a rule that reads something like:
no rdr on vr0 inet proto tcp from any to 10.2.0.0/16 port = http
above it.
The "no nat" feature available on outbound nat currently doesn't even allow me to select my internal interface. So I'm not sure if this rule will work because its probably going to be caught by the the rdr rule above anyways.
Unless I'm not suppose to be using rdr for this in the first place, which doesn't make sense to me, how should I then be doing this ?
thanks,
e.
On 10/31/05, Bill Marquette <[EMAIL PROTECTED]> wrote:
On 10/31/05, Etienne Ledoux <[EMAIL PROTECTED]> wrote:
> I'm using pfsense to redirect all outgoing http traffic to a transparent
> proxy. But I need to not redirect a specific range when browsing to that
> specific range. pf supports "not rdr" as well as other options to achieve
> this. But I can't figure out how can do this via pfsense ? Perhaps the "No
> nat" feature somehow ?
Yup, no nat. I assume you are redirecting to another server and not
using the squid on box. If so, 'no nat' should work for you, just
make sure the 'no nat' rule is before the fall through redirect that
redirects everything else.
--Bill
