Hi tim, I'm also having the same setup as you are, what i do is : 1. At the routing menu, i registered the squid ip as the gateways and use the policy routing in the firewall to pass all the http traffic to the squid server after all those http traffic to the remote VPN. At the squid, i'm using shorewall to redirect all those http traffic coming into the squid server to the squid port. So far, this work best for me for the transparent proxy setup.
2. (Optionally if i need to filter https traffic also, and maybe do the authentications with squid) I setup the pfSense DNS forwarder to register the squid ip as the wpad domain host and setup the 252 DHCP code at the DHCP server to point to the full web server url that have wpad.dat file configure, then i setup the browser to auto-detect proxy setting (most of the IE setting already have it set, Firefox need to be set manually). HTH, Really love to heard how people implement this type of config also. Thanks and Regards, P/S : sorry for my bad english. ----- Original Message ----- From: "Tim Korves" <t...@korves.org> To: list@lists.pfsense.org Sent: Wednesday, September 21, 2011 3:38:32 PM Subject: [pfSense] Transparent Proxy on a different system Hi there, first off, this is the configuration used: - pfSense 2.0-release (amd64) - 2 DSL lines, configured as failover gatewaygroup - Squid 3.1.4 on CentOS 6 (amd64) with SquidGuard 1.3. Squid is configured to: http_port 192.168.1.2:80 transparent NAT in this way -- redirect from any TCP/80 to !localnets via 192.168.1.2 TCP/80 does not seem work as no traffic seems to be redirected to the Proxy-Server. Otherwise this -- redirect from any to any TCP/80 via 192.168.1.2 TCP/80 does work. But this also inherits, that all connections to other subnets like subnets connected via OpenVPN, VLANs etc. to TCP/80 are getting redirected to the Proxy-Server which is not what I want actually. Anyone got an idea to this? Thanks and regards, Tim _______________________________________________ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list _______________________________________________ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
