WAN=STATIC ADDRESS
LAN-NET1=192.168.1.0/24 - trusted network users
OPT2-NET2=192.168.100.0/25 - untrusted contractors
OPT3-NET3=192.168.100.128/25 - untrusted vendors
OPT3=10.0.0.0/30 - IPcop LAN
OPT4=10.0.0.4/30 - IPcop WAN
Here's what I am attempting .... I want to have the NET1 hosts
(DHCP) go directly to the internet for HTTP(S) [80&443] requests and
NET2&3 get redirected to the IPcop proxy server for all of their
requests as there is a HUGH amount of abuse going on this is the only
real method I can assure the client that all connections (from
NET2&3)are proxied. I do not want to run squid on the pfSense box as
I feel this is not the place for a proxy and cop will give the
gramularity this I need with these clients.
Here's my thinking .... I can NAT all requests from NET2&3 destined
for port 80&443 and send them out the OPT3 interface.
Is my thinking flawed and is there a better way to do this with
redirects???
PS ... sorry the below diagram doesn't come out in this mail, but if
you cut it out and paste it into notepad w/ courier text it should
format correctly.
NET2____(OPT1)____
NET3____(OPT2)____
NET1----(LAN)----pfSense----(WAN)INET
/ /
_(L)(OPT3)___/ /
/ /
IPCOP /
_(W)(OPT4)__/
