Don't know which squid and sitro are you using, but in my scenario, using pfsense as gateway and IPCop as squid (before started using squid on pfSense), the IPCop host would automaticly send the trafic (in case of http, after entering the squid process) to it's gateway, that would be the pfsense host
it's like: IPCop : 192.168.0.2 pfSense: 192.168.0.1 Client pc tries to connect to the outside world through http pc > IPCop > IPCop's internal squid process > pfsense > www in this case, it's proxy, not nat Client pc tries to connect to the outside world through VNC pc > IPCop > pfsense > www In this case, it's pure nat, no foltering Dom, 2008-05-11 às 21:57 +0200, Mike Lever escreveu: > Thaks David ! Bear in mind that I am using it as a transparent proxy. Surely > I must set some rules on the firewall to route all http traffic to the squid > box and back to the pfsense box ? > > Mike Lever > > Tenacity Films (Pty) Ltd > t/a Velocity Films > (t) +2711-807-0100 > (f) +2711-807-1208 > > > -----Original Message----- > From: "David Meireles" <[EMAIL PROTECTED]> > To: [email protected] > Sent: 08-05-11 21:27 > Subject: RE: [pfSense Support] Where do I put squid ? > > Ok, on the DHCP Server you have as gateway the squid server, and the > squid server will have as gateway the pfsense IP (that way you won't > need to have 2 interfaces on the squid server, since it's all in the > same subnet). About the rules, use only the squid server to apply the > squid rules, and the rest, leave it on the pfsense (port blocking and > stuff). > > Dom, 2008-05-11 s 21:19 +0200, Mike Lever escreveu: > > > Done that, but where I was battling was setting IP addresses on the pfsense > > interface (the squid is static) what do I set as the ip address and gateway > > ? Also how do I configure the firewall rules ? > > > > Any ideas there ? > > > > Mike Lever > > > > Tenacity Films (Pty) Ltd > > t/a Velocity Films > > (t) +2711-807-0100 > > (f) +2711-807-1208 > > > > > > -----Original Message----- > > From: "David Meireles" <[EMAIL PROTECTED]> > > To: [email protected] > > Sent: 08-05-11 20:18 > > Subject: RE: [pfSense Support] Where do I put squid ? > > > > Just setup the pfSense DHCP Server to use the squid box as gateway > > address. > > > > Dom, 2008-05-11 s 15:23 +0200, Mike Lever escreveu: > > > > > Hi Dean , > > > > > > Thanks for the feedback, so are you suggesting I only use 1 NIC for the > > > squid box ? as opposed to 2, 1 coming IN from the Pfsense / internal > > > network > > > and 1 going BACK to the Pfsense. > > > > > > Regards, > > > > > > > > > Mike Lever > > > > > > Tenacity Films (Pty) Ltd t/a > > > Velocity Films > > > > > > (T) +2711-807-0100 > > > (F) 086-681-7518 > > > > > > http://www.velocityfilms.com > > > > > > > > > CONFIDENTIALITY CAUTION: If you have received this communication in error, > > > please note that it is intended for the addressee only, is privileged and > > > confidential and dissemination or copying prohibited. Please notify us > > > immediately by e-mail and return the original message. Thank you. > > > > > > > > > -----Original Message----- > > > From: Dean Larson [mailto:[EMAIL PROTECTED] > > > Sent: 11 May 2008 01:28 PM > > > To: [email protected] > > > Subject: RE: [pfSense Support] Where do I put squid ? > > > > > > > > > i think it would be cool to route http traffic to the squid box, but put a > > > rule just infront of it to allow your squid box to go out the firewall. > > > for > > > security i would not allow a second nic to go out the squid box onto the > > > internet. > > > > > > i myself set up the browsers manually for the squid box. at another gig i > > > had, we put a file on a server that gave the browser setting: included > > > proxy > > > settings as well as browser bypass for local browsing. it's been a while, > > > so i'd have to do some digging through my old files. : i'm a bit brain > > > dead > > > today > > > > > > > > > ---------------------------------------- > > > > From: [EMAIL PROTECTED] > > > > To: [email protected] > > > > Date: Sun, 11 May 2008 10:25:14 +0200 > > > > Subject: [pfSense Support] Where do I put squid ? > > > > > > > > I've got Pfsense running on one box going out to 5 DSL WAN Ports. I have > > > now > > > > setup a squid box running separately. I would like to run it as a > > > > transparent proxy on my network. How do you suggest I set it up ? > > > > > > > > Do I put another NIC in the squid box, then setup a firewall rule to > > > > route > > > > all http traffic to the squid box / gateway and then load balance the > > > squid > > > > box's traffic out ? > > > > > > > > The Pfsense box IP = 10.0.0.3 > > > > Squid IP = 10.0.0.197 > > > > > > > > Regards, > > > > > > > > > > > > Mike Lever > > > > > > > > Tenacity Films (Pty) Ltd t/a > > > > Velocity Films > > > > > > > > (T) +2711-807-0100 > > > > (F) 086-681-7518 > > > > > > > > http://www.velocityfilms.com > > > > > > > > > > > > CONFIDENTIALITY CAUTION: If you have received this communication in > > > > error, > > > > please note that it is intended for the addressee only, is privileged > > > > and > > > > confidential and dissemination or copying prohibited. Please notify us > > > > immediately by e-mail and return the original message. Thank you. > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > _________________________________________________________________ > > > With Windows Live for mobile, your contacts travel with you. > > > http://www.windowslive.com/mobile/overview.html?ocid=TXT_TAGLM_WL_Refresh_mo > > > bile_052008 > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] >
