I dont think optional interfaces have the correct code to hijack connections... Only the LAN supports this at the moment.
On 4/7/06, David Strout <[EMAIL PROTECTED]> wrote: > Thanks for the reply. > > Yes, I am trying to redirect all http(s) traffic > (while not interrupting any other traffic) to the > proxy server on the OPT2 network to either > transparently proxy or possibly authenticate users > for http(s) access. I would like it to be > transparent so the users will get content > screening and not have to actually login, but that > is optional at this point, and out-of-scope for > this question. > > All users on the LAN network have a series of > "allowed ports" ie. FTP, HTTP, POP3, SMTP, VPN, > and IM. All I am looking to accomplish is provide > some content control with the proxying and URL > filtering of 80 & 443 traffic ... nothing more. I > would like for ALL of the other "allowed ports" to > flow through the pfSense GW as designed by filter > rules. I just need http(s) / 80 & 443 to be > redirected to the OPT2 network to be picked up by > the proxy server. > > Hope that helps to clarify for all ... > > Thanks in advance ... > > -- > David L. Strout > Engineering Systems Plus, LLC > > ----- Original Message ----- > Subject: Re: [pfSense Support] SNAPSHOT_04-06-2006 > ??'s > From: [EMAIL PROTECTED] > To: [email protected] > Date: 04-07-2006 2:58 pm > > > > I probably don't fully understand what you're > trying to do, but try a > > Port Forward on the LAN interface and redirect > all source to all dest > > port 80 to the proxy port on the IPCop. Ditto > for HTTPS, although I'm > > not sure you can transparently proxy HTTPS. > > > > --Bill > > > > On 4/7/06, David Strout <[EMAIL PROTECTED]> > wrote: > > > Everyone, > > > > > > Some nice additions to this rel. .. KUDOS!! > > > > > > A question though on port redirecting ... > > > > > > Here is the setup: > > > > > > --> pfSense boxes acting as a contractor GW w/ > > > LAN, WAN, OPT1(DMZ) and OPT2(PROXY) > > > > > > --> WAN is static (business DSL w/ 8 > addresses) w/ > > > global IP. > > > --> LAN is private 192.168.100.0/128 > > > --> OPT1 is private 10.1.1.0/24 > > > --> OPT2 is private 10.1.2.0/24 > > > > > > --> OPT2 has an IPcop proxy server sitting on > that > > > network w/ two interfaces. I will eventually > put > > > one interface into the ISP network and grab a > > > static from my "small"pool, but I want to make > > > sure that I can accomplish what I have > conceived > > > before doing so. > > > > > > MY question: > > > > > > Is there a way to redirect all port 80 & 443 > > > traffic coming in the LAN interface to the > OPT2 > > > interface to provide that all web traffic is > > > monitored and accounted for. I would like to > do > > > this wo/ getting into the SSH shell and doing > > > command line pf redirects. I was thinking and > > > looking around at outbound NAT ... can I > > > accomplish this with outbound NAT? > > > > > > If not is there any way of getting this done > in > > > the GUI wo/ having to do it through the shell? > > > > > > Are there any plans for pf redirects in the > GUI in > > > the foreseeable future? > > > > > > Thanks in advance ... !! > > > -- > > > David L. Strout > > > Engineering Systems Plus, LLC > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: > [EMAIL PROTECTED] > > > For additional commands, e-mail: > [EMAIL PROTECTED] > > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: > [EMAIL PROTECTED] > > For additional commands, e-mail: > [EMAIL PROTECTED] > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
