[pfSense Support] Where do I put squid ?
Ive got Pfsense running on one box going out to 5 DSL WAN Ports. I have now setup a squid box running separately. I would like to run it as a transparent proxy on my network. How do you suggest I set it up ? Do I put another NIC in the squid box, then setup a firewall rule to route all http traffic to the squid box / gateway and then load balance the squid boxs traffic out ? The Pfsense box IP = 10.0.0.3 Squid IP = 10.0.0.197 Regards, Mike Lever Tenacity Films (Pty) Ltd t/a Velocity Films (T) +2711-807-0100 (F) 086-681-7518 http://www.velocityfilms.com CONFIDENTIALITY CAUTION: If you have received this communication in error, please note that it is intended for the addressee only, is privileged and confidential and dissemination or copying prohibited. Please notify us immediately by e-mail and return the original message. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] setting time
battery appears to be fine. i didn't put a volt meter on it, but when the computer has been off, the cmos info stayed current. i'll take it down on monday, and if it is low on voltage, i'll report back > Date: Sun, 11 May 2008 16:29:39 +1200 > From: [EMAIL PROTECTED] > To: support@pfsense.com > Subject: Re: [pfSense Support] setting time > > Dean, have you checked the motherboard battery? (I think in theory this > should only be relevant on powering off, but I wouldn't be > sure in practice) > Kind regards > David Hingston > > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > _ With Windows Live for mobile, your contacts travel with you. http://www.windowslive.com/mobile/overview.html?ocid=TXT_TAGLM_WL_Refresh_mobile_052008 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Where do I put squid ?
i think it would be cool to route http traffic to the squid box, but put a rule just infront of it to allow your squid box to go out the firewall. for security i would not allow a second nic to go out the squid box onto the internet. i myself set up the browsers manually for the squid box. at another gig i had, we put a file on a server that gave the browser setting: included proxy settings as well as browser bypass for local browsing. it's been a while, so i'd have to do some digging through my old files. : i'm a bit brain dead today > From: [EMAIL PROTECTED] > To: support@pfsense.com > Date: Sun, 11 May 2008 10:25:14 +0200 > Subject: [pfSense Support] Where do I put squid ? > > I’ve got Pfsense running on one box going out to 5 DSL WAN Ports. I have now > setup a squid box running separately. I would like to run it as a > transparent proxy on my network. How do you suggest I set it up ? > > Do I put another NIC in the squid box, then setup a firewall rule to route > all http traffic to the squid box / gateway and then load balance the squid > box’s traffic out ? > > The Pfsense box IP = 10.0.0.3 > Squid IP = 10.0.0.197 > > Regards, > > > Mike Lever > > Tenacity Films (Pty) Ltd t/a > Velocity Films > > (T) +2711-807-0100 > (F) 086-681-7518 > > http://www.velocityfilms.com > > > CONFIDENTIALITY CAUTION: If you have received this communication in error, > please note that it is intended for the addressee only, is privileged and > confidential and dissemination or copying prohibited. Please notify us > immediately by e-mail and return the original message. Thank you. > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > _ With Windows Live for mobile, your contacts travel with you. http://www.windowslive.com/mobile/overview.html?ocid=TXT_TAGLM_WL_Refresh_mobile_052008 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Where do I put squid ?
Hi Dean , Thanks for the feedback, so are you suggesting I only use 1 NIC for the squid box ? as opposed to 2, 1 coming IN from the Pfsense / internal network and 1 going BACK to the Pfsense. Regards, Mike Lever Tenacity Films (Pty) Ltd t/a Velocity Films (T) +2711-807-0100 (F) 086-681-7518 http://www.velocityfilms.com CONFIDENTIALITY CAUTION: If you have received this communication in error, please note that it is intended for the addressee only, is privileged and confidential and dissemination or copying prohibited. Please notify us immediately by e-mail and return the original message. Thank you. -Original Message- From: Dean Larson [mailto:[EMAIL PROTECTED] Sent: 11 May 2008 01:28 PM To: support@pfsense.com Subject: RE: [pfSense Support] Where do I put squid ? i think it would be cool to route http traffic to the squid box, but put a rule just infront of it to allow your squid box to go out the firewall. for security i would not allow a second nic to go out the squid box onto the internet. i myself set up the browsers manually for the squid box. at another gig i had, we put a file on a server that gave the browser setting: included proxy settings as well as browser bypass for local browsing. it's been a while, so i'd have to do some digging through my old files. : i'm a bit brain dead today > From: [EMAIL PROTECTED] > To: support@pfsense.com > Date: Sun, 11 May 2008 10:25:14 +0200 > Subject: [pfSense Support] Where do I put squid ? > > I've got Pfsense running on one box going out to 5 DSL WAN Ports. I have now > setup a squid box running separately. I would like to run it as a > transparent proxy on my network. How do you suggest I set it up ? > > Do I put another NIC in the squid box, then setup a firewall rule to route > all http traffic to the squid box / gateway and then load balance the squid > box's traffic out ? > > The Pfsense box IP = 10.0.0.3 > Squid IP = 10.0.0.197 > > Regards, > > > Mike Lever > > Tenacity Films (Pty) Ltd t/a > Velocity Films > > (T) +2711-807-0100 > (F) 086-681-7518 > > http://www.velocityfilms.com > > > CONFIDENTIALITY CAUTION: If you have received this communication in error, > please note that it is intended for the addressee only, is privileged and > confidential and dissemination or copying prohibited. Please notify us > immediately by e-mail and return the original message. Thank you. > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > _ With Windows Live for mobile, your contacts travel with you. http://www.windowslive.com/mobile/overview.html?ocid=TXT_TAGLM_WL_Refresh_mo bile_052008 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] multiple WAN load-balancing (aggregating/combining the speed)
Hello! First of all, does pfSense support - pptp vpn interfaces as WAN - more than one(I need 8) pptp vpn interface as WAN ? It is known that http://doc.pfsense.org/index.php/What_about_using_multiple_WAN_connections%3F "Multiple WAN connections are supported under some circumstances. Only one WAN connection can be PPPoE, BigPond, or PPTP. The rest must be static IP or DHCP." Is there a workaround to connect all 8 pptp connections from pfSense simultaneously? -Original Message- From: Michael Smirnov <[EMAIL PROTECTED]> To: support@pfsense.com Date: Sat, 10 May 2008 19:39:47 +0400 Subject: [pfSense Support] multiple WAN load-balancing (aggregating/combining the speed) > > Hello! > Please help me with this multiple WAN load-balancing > (aggregating/combining the speed). > > Our second office is located in a place, > where ISPs only provide slow unlimited Internet > traffic with speed not more than 128 Kbps. > So, our office is now connected that way: > We have bought several unlimited internet logins, 128Kbps each (VPN - pptp). > and use a bundle of route rules. > > I tested the vpn connectivity to pptp server on main office, it worked. > Note that we didn't buy an external IP-addresses from our ISP (ISP does NAT > for us). > So, our ISP doesn't block GRE, > and even such a complex thing - "pptp through NAT over pptp" works, but the > speed is 128kbps. > > Since GRE is not port-based, and all our connections have the same IP-address > (ISP's NAT server), > I'll try a pfSense to send GRE packets to our main VPN server over the > Internet over all our ISP's connections in round-robins style, to combine > their speed. > It will probably combine ONLY outbound speed of our channels, but it is > better than nothing. > > Does this "outbound speed combining solution" > seem to work, and possible with pfSense? > Notice that: > - our ISP's pptp connections are with no encryption > - pptp connection to our main office > should be with MPPE 128bit (security...). > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] multiple WAN load-balancing (aggregating/combining the speed)
2008/5/11 Michael Smirnov <[EMAIL PROTECTED]>: > Hello! > First of all, does pfSense support > - pptp vpn interfaces as WAN Yes > - more than one(I need 8) pptp vpn interface as WAN > No. > Is there a workaround to connect all 8 pptp connections > from pfSense simultaneously? > Not a good one. 8 installs could do it, then put one install inside those 8 installs to balance between them. If you can use a cheap NAT device of some sort on 7 of them, connect the NAT devices to 7 pfSense interfaces, and use one on pfSense's WAN, then it'll work. Only way PPTP on multiple WANs will ever get implemented is if you can contribute code or someone else can in the future. None of the current developers have PPTP Internet connections. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] nat on command line
that's the thing, you don't... Each time you change anything in your rules or reboot the box, this configuration is lost. You could save the edited rules.debug file and use it whenever you loose this specific rule Sex, 2008-05-09 às 16:14 -0300, Diego A. Gomez escreveu: > 2008/5/9 David Meireles <[EMAIL PROTECTED]>: > > Diego, I had the same problem (have a pfSense acting as VPN client, and from > > the server I can ping the other side, from the lan I can't). > > Here's what you have to do: > > > > First, disable automatic outbound nat rules, or else this will only work for > > a few seconds > > Second, edit /tmp/rules.debug and add the line "nat on tun0 from > > YOUR-LAN-SUBNET/24 to any -> (tun0)" bellow "Outbound nat rules" > > Tird, save and run "/sbin/pfctl -f /tmp/rules.debug" > > > > More info at http://cvstrac.pfsense.com/tktview?tn=1466 > > Where I must to write this in order to avoid to lose these changes? > > Thanks! >
RE: [pfSense Support] Where do I put squid ?
Just setup the pfSense DHCP Server to use the squid box as gateway address. Dom, 2008-05-11 às 15:23 +0200, Mike Lever escreveu: > Hi Dean , > > Thanks for the feedback, so are you suggesting I only use 1 NIC for the > squid box ? as opposed to 2, 1 coming IN from the Pfsense / internal network > and 1 going BACK to the Pfsense. > > Regards, > > > Mike Lever > > Tenacity Films (Pty) Ltd t/a > Velocity Films > > (T) +2711-807-0100 > (F) 086-681-7518 > > http://www.velocityfilms.com > > > CONFIDENTIALITY CAUTION: If you have received this communication in error, > please note that it is intended for the addressee only, is privileged and > confidential and dissemination or copying prohibited. Please notify us > immediately by e-mail and return the original message. Thank you. > > > -Original Message- > From: Dean Larson [mailto:[EMAIL PROTECTED] > Sent: 11 May 2008 01:28 PM > To: support@pfsense.com > Subject: RE: [pfSense Support] Where do I put squid ? > > > i think it would be cool to route http traffic to the squid box, but put a > rule just infront of it to allow your squid box to go out the firewall. for > security i would not allow a second nic to go out the squid box onto the > internet. > > i myself set up the browsers manually for the squid box. at another gig i > had, we put a file on a server that gave the browser setting: included proxy > settings as well as browser bypass for local browsing. it's been a while, > so i'd have to do some digging through my old files. : i'm a bit brain dead > today > > > > > From: [EMAIL PROTECTED] > > To: support@pfsense.com > > Date: Sun, 11 May 2008 10:25:14 +0200 > > Subject: [pfSense Support] Where do I put squid ? > > > > I've got Pfsense running on one box going out to 5 DSL WAN Ports. I have > now > > setup a squid box running separately. I would like to run it as a > > transparent proxy on my network. How do you suggest I set it up ? > > > > Do I put another NIC in the squid box, then setup a firewall rule to route > > all http traffic to the squid box / gateway and then load balance the > squid > > box's traffic out ? > > > > The Pfsense box IP = 10.0.0.3 > > Squid IP = 10.0.0.197 > > > > Regards, > > > > > > Mike Lever > > > > Tenacity Films (Pty) Ltd t/a > > Velocity Films > > > > (T) +2711-807-0100 > > (F) 086-681-7518 > > > > http://www.velocityfilms.com > > > > > > CONFIDENTIALITY CAUTION: If you have received this communication in error, > > please note that it is intended for the addressee only, is privileged and > > confidential and dissemination or copying prohibited. Please notify us > > immediately by e-mail and return the original message. Thank you. > > > > > > > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > _ > With Windows Live for mobile, your contacts travel with you. > http://www.windowslive.com/mobile/overview.html?ocid=TXT_TAGLM_WL_Refresh_mo > bile_052008 > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] >
RE: [pfSense Support] Where do I put squid ?
Done that, but where I was battling was setting IP addresses on the pfsense interface (the squid is static) what do I set as the ip address and gateway ? Also how do I configure the firewall rules ? Any ideas there ? Mike Lever Tenacity Films (Pty) Ltd t/a Velocity Films (t) +2711-807-0100 (f) +2711-807-1208 -Original Message- From: "David Meireles" <[EMAIL PROTECTED]> To: support@pfsense.com Sent: 08-05-11 20:18 Subject: RE: [pfSense Support] Where do I put squid ? Just setup the pfSense DHCP Server to use the squid box as gateway address. Dom, 2008-05-11 s 15:23 +0200, Mike Lever escreveu: > Hi Dean , > > Thanks for the feedback, so are you suggesting I only use 1 NIC for the > squid box ? as opposed to 2, 1 coming IN from the Pfsense / internal network > and 1 going BACK to the Pfsense. > > Regards, > > > Mike Lever > > Tenacity Films (Pty) Ltd t/a > Velocity Films > > (T) +2711-807-0100 > (F) 086-681-7518 > > http://www.velocityfilms.com > > > CONFIDENTIALITY CAUTION: If you have received this communication in error, > please note that it is intended for the addressee only, is privileged and > confidential and dissemination or copying prohibited. Please notify us > immediately by e-mail and return the original message. Thank you. > > > -Original Message- > From: Dean Larson [mailto:[EMAIL PROTECTED] > Sent: 11 May 2008 01:28 PM > To: support@pfsense.com > Subject: RE: [pfSense Support] Where do I put squid ? > > > i think it would be cool to route http traffic to the squid box, but put a > rule just infront of it to allow your squid box to go out the firewall. for > security i would not allow a second nic to go out the squid box onto the > internet. > > i myself set up the browsers manually for the squid box. at another gig i > had, we put a file on a server that gave the browser setting: included proxy > settings as well as browser bypass for local browsing. it's been a while, > so i'd have to do some digging through my old files. : i'm a bit brain dead > today > > > > > From: [EMAIL PROTECTED] > > To: support@pfsense.com > > Date: Sun, 11 May 2008 10:25:14 +0200 > > Subject: [pfSense Support] Where do I put squid ? > > > > I've got Pfsense running on one box going out to 5 DSL WAN Ports. I have > now > > setup a squid box running separately. I would like to run it as a > > transparent proxy on my network. How do you suggest I set it up ? > > > > Do I put another NIC in the squid box, then setup a firewall rule to route > > all http traffic to the squid box / gateway and then load balance the > squid > > box's traffic out ? > > > > The Pfsense box IP = 10.0.0.3 > > Squid IP = 10.0.0.197 > > > > Regards, > > > > > > Mike Lever > > > > Tenacity Films (Pty) Ltd t/a > > Velocity Films > > > > (T) +2711-807-0100 > > (F) 086-681-7518 > > > > http://www.velocityfilms.com > > > > > > CONFIDENTIALITY CAUTION: If you have received this communication in error, > > please note that it is intended for the addressee only, is privileged and > > confidential and dissemination or copying prohibited. Please notify us > > immediately by e-mail and return the original message. Thank you. > > > > > > > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > _ > With Windows Live for mobile, your contacts travel with you. > http://www.windowslive.com/mobile/overview.html?ocid=TXT_TAGLM_WL_Refresh_mo > bile_052008 > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Where do I put squid ?
Ok, on the DHCP Server you have as gateway the squid server, and the squid server will have as gateway the pfsense IP (that way you won't need to have 2 interfaces on the squid server, since it's all in the same subnet). About the rules, use only the squid server to apply the squid rules, and the rest, leave it on the pfsense (port blocking and stuff). Dom, 2008-05-11 às 21:19 +0200, Mike Lever escreveu: > Done that, but where I was battling was setting IP addresses on the pfsense > interface (the squid is static) what do I set as the ip address and gateway ? > Also how do I configure the firewall rules ? > > Any ideas there ? > > Mike Lever > > Tenacity Films (Pty) Ltd > t/a Velocity Films > (t) +2711-807-0100 > (f) +2711-807-1208 > > > -Original Message- > From: "David Meireles" <[EMAIL PROTECTED]> > To: support@pfsense.com > Sent: 08-05-11 20:18 > Subject: RE: [pfSense Support] Where do I put squid ? > > Just setup the pfSense DHCP Server to use the squid box as gateway > address. > > Dom, 2008-05-11 s 15:23 +0200, Mike Lever escreveu: > > > Hi Dean , > > > > Thanks for the feedback, so are you suggesting I only use 1 NIC for the > > squid box ? as opposed to 2, 1 coming IN from the Pfsense / internal network > > and 1 going BACK to the Pfsense. > > > > Regards, > > > > > > Mike Lever > > > > Tenacity Films (Pty) Ltd t/a > > Velocity Films > > > > (T) +2711-807-0100 > > (F) 086-681-7518 > > > > http://www.velocityfilms.com > > > > > > CONFIDENTIALITY CAUTION: If you have received this communication in error, > > please note that it is intended for the addressee only, is privileged and > > confidential and dissemination or copying prohibited. Please notify us > > immediately by e-mail and return the original message. Thank you. > > > > > > -Original Message- > > From: Dean Larson [mailto:[EMAIL PROTECTED] > > Sent: 11 May 2008 01:28 PM > > To: support@pfsense.com > > Subject: RE: [pfSense Support] Where do I put squid ? > > > > > > i think it would be cool to route http traffic to the squid box, but put a > > rule just infront of it to allow your squid box to go out the firewall. for > > security i would not allow a second nic to go out the squid box onto the > > internet. > > > > i myself set up the browsers manually for the squid box. at another gig i > > had, we put a file on a server that gave the browser setting: included proxy > > settings as well as browser bypass for local browsing. it's been a while, > > so i'd have to do some digging through my old files. : i'm a bit brain dead > > today > > > > > > > > > From: [EMAIL PROTECTED] > > > To: support@pfsense.com > > > Date: Sun, 11 May 2008 10:25:14 +0200 > > > Subject: [pfSense Support] Where do I put squid ? > > > > > > I've got Pfsense running on one box going out to 5 DSL WAN Ports. I have > > now > > > setup a squid box running separately. I would like to run it as a > > > transparent proxy on my network. How do you suggest I set it up ? > > > > > > Do I put another NIC in the squid box, then setup a firewall rule to route > > > all http traffic to the squid box / gateway and then load balance the > > squid > > > box's traffic out ? > > > > > > The Pfsense box IP = 10.0.0.3 > > > Squid IP = 10.0.0.197 > > > > > > Regards, > > > > > > > > > Mike Lever > > > > > > Tenacity Films (Pty) Ltd t/a > > > Velocity Films > > > > > > (T) +2711-807-0100 > > > (F) 086-681-7518 > > > > > > http://www.velocityfilms.com > > > > > > > > > CONFIDENTIALITY CAUTION: If you have received this communication in error, > > > please note that it is intended for the addressee only, is privileged and > > > confidential and dissemination or copying prohibited. Please notify us > > > immediately by e-mail and return the original message. Thank you. > > > > > > > > > > > > > > > - > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > _ > > With Windows Live for mobile, your contacts travel with you. > > http://www.windowslive.com/mobile/overview.html?ocid=TXT_TAGLM_WL_Refresh_mo > > bile_052008 > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] >
RE: [pfSense Support] Where do I put squid ?
Thaks David ! Bear in mind that I am using it as a transparent proxy. Surely I must set some rules on the firewall to route all http traffic to the squid box and back to the pfsense box ? Mike Lever Tenacity Films (Pty) Ltd t/a Velocity Films (t) +2711-807-0100 (f) +2711-807-1208 -Original Message- From: "David Meireles" <[EMAIL PROTECTED]> To: support@pfsense.com Sent: 08-05-11 21:27 Subject: RE: [pfSense Support] Where do I put squid ? Ok, on the DHCP Server you have as gateway the squid server, and the squid server will have as gateway the pfsense IP (that way you won't need to have 2 interfaces on the squid server, since it's all in the same subnet). About the rules, use only the squid server to apply the squid rules, and the rest, leave it on the pfsense (port blocking and stuff). Dom, 2008-05-11 s 21:19 +0200, Mike Lever escreveu: > Done that, but where I was battling was setting IP addresses on the pfsense > interface (the squid is static) what do I set as the ip address and gateway ? > Also how do I configure the firewall rules ? > > Any ideas there ? > > Mike Lever > > Tenacity Films (Pty) Ltd > t/a Velocity Films > (t) +2711-807-0100 > (f) +2711-807-1208 > > > -Original Message- > From: "David Meireles" <[EMAIL PROTECTED]> > To: support@pfsense.com > Sent: 08-05-11 20:18 > Subject: RE: [pfSense Support] Where do I put squid ? > > Just setup the pfSense DHCP Server to use the squid box as gateway > address. > > Dom, 2008-05-11 s 15:23 +0200, Mike Lever escreveu: > > > Hi Dean , > > > > Thanks for the feedback, so are you suggesting I only use 1 NIC for the > > squid box ? as opposed to 2, 1 coming IN from the Pfsense / internal network > > and 1 going BACK to the Pfsense. > > > > Regards, > > > > > > Mike Lever > > > > Tenacity Films (Pty) Ltd t/a > > Velocity Films > > > > (T) +2711-807-0100 > > (F) 086-681-7518 > > > > http://www.velocityfilms.com > > > > > > CONFIDENTIALITY CAUTION: If you have received this communication in error, > > please note that it is intended for the addressee only, is privileged and > > confidential and dissemination or copying prohibited. Please notify us > > immediately by e-mail and return the original message. Thank you. > > > > > > -Original Message- > > From: Dean Larson [mailto:[EMAIL PROTECTED] > > Sent: 11 May 2008 01:28 PM > > To: support@pfsense.com > > Subject: RE: [pfSense Support] Where do I put squid ? > > > > > > i think it would be cool to route http traffic to the squid box, but put a > > rule just infront of it to allow your squid box to go out the firewall. for > > security i would not allow a second nic to go out the squid box onto the > > internet. > > > > i myself set up the browsers manually for the squid box. at another gig i > > had, we put a file on a server that gave the browser setting: included proxy > > settings as well as browser bypass for local browsing. it's been a while, > > so i'd have to do some digging through my old files. : i'm a bit brain dead > > today > > > > > > > > > From: [EMAIL PROTECTED] > > > To: support@pfsense.com > > > Date: Sun, 11 May 2008 10:25:14 +0200 > > > Subject: [pfSense Support] Where do I put squid ? > > > > > > I've got Pfsense running on one box going out to 5 DSL WAN Ports. I have > > now > > > setup a squid box running separately. I would like to run it as a > > > transparent proxy on my network. How do you suggest I set it up ? > > > > > > Do I put another NIC in the squid box, then setup a firewall rule to route > > > all http traffic to the squid box / gateway and then load balance the > > squid > > > box's traffic out ? > > > > > > The Pfsense box IP = 10.0.0.3 > > > Squid IP = 10.0.0.197 > > > > > > Regards, > > > > > > > > > Mike Lever > > > > > > Tenacity Films (Pty) Ltd t/a > > > Velocity Films > > > > > > (T) +2711-807-0100 > > > (F) 086-681-7518 > > > > > > http://www.velocityfilms.com > > > > > > > > > CONFIDENTIALITY CAUTION: If you have received this communication in error, > > > please note that it is intended for the addressee only, is privileged and > > > confidential and dissemination or copying prohibited. Please notify us > > > immediately by e-mail and return the original message. Thank you. > > > > > > > > > > > > > > > - > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > _ > > With Windows Live for mobile, your contacts travel with you. > > http://www.windowslive.com/mobile/overview.html?ocid=TXT_TAGLM_WL_Refresh_mo > > bile_052008 > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > ---
AW: [pfSense Support] Where do I put squid ?
Try this: Add a portforward at interface LAN, external adress any (not interface adress), protocol TCP, external port range 80, NAT IP proxy at OPTx, local port 80. Save, apply. Hope, it works, Martin -Ursprüngliche Nachricht- Von: Mike Lever [mailto:[EMAIL PROTECTED] Gesendet: Sonntag, 11. Mai 2008 21:57 An: support@pfsense.com Betreff: RE: [pfSense Support] Where do I put squid ? Thaks David ! Bear in mind that I am using it as a transparent proxy. Surely I must set some rules on the firewall to route all http traffic to the squid box and back to the pfsense box ? Mike Lever Tenacity Films (Pty) Ltd t/a Velocity Films (t) +2711-807-0100 (f) +2711-807-1208 -Original Message- From: "David Meireles" <[EMAIL PROTECTED]> To: support@pfsense.com Sent: 08-05-11 21:27 Subject: RE: [pfSense Support] Where do I put squid ? Ok, on the DHCP Server you have as gateway the squid server, and the squid server will have as gateway the pfsense IP (that way you won't need to have 2 interfaces on the squid server, since it's all in the same subnet). About the rules, use only the squid server to apply the squid rules, and the rest, leave it on the pfsense (port blocking and stuff). Dom, 2008-05-11 s 21:19 +0200, Mike Lever escreveu: > Done that, but where I was battling was setting IP addresses on the pfsense > interface (the squid is static) what do I set as the ip address and gateway ? > Also how do I configure the firewall rules ? > > Any ideas there ? > > Mike Lever > > Tenacity Films (Pty) Ltd > t/a Velocity Films > (t) +2711-807-0100 > (f) +2711-807-1208 > > > -Original Message- > From: "David Meireles" <[EMAIL PROTECTED]> > To: support@pfsense.com > Sent: 08-05-11 20:18 > Subject: RE: [pfSense Support] Where do I put squid ? > > Just setup the pfSense DHCP Server to use the squid box as gateway > address. > > Dom, 2008-05-11 s 15:23 +0200, Mike Lever escreveu: > > > Hi Dean , > > > > Thanks for the feedback, so are you suggesting I only use 1 NIC for the > > squid box ? as opposed to 2, 1 coming IN from the Pfsense / internal network > > and 1 going BACK to the Pfsense. > > > > Regards, > > > > > > Mike Lever > > > > Tenacity Films (Pty) Ltd t/a > > Velocity Films > > > > (T) +2711-807-0100 > > (F) 086-681-7518 > > > > http://www.velocityfilms.com > > > > > > CONFIDENTIALITY CAUTION: If you have received this communication in error, > > please note that it is intended for the addressee only, is privileged and > > confidential and dissemination or copying prohibited. Please notify us > > immediately by e-mail and return the original message. Thank you. > > > > > > -Original Message- > > From: Dean Larson [mailto:[EMAIL PROTECTED] > > Sent: 11 May 2008 01:28 PM > > To: support@pfsense.com > > Subject: RE: [pfSense Support] Where do I put squid ? > > > > > > i think it would be cool to route http traffic to the squid box, but put a > > rule just infront of it to allow your squid box to go out the firewall. for > > security i would not allow a second nic to go out the squid box onto the > > internet. > > > > i myself set up the browsers manually for the squid box. at another gig i > > had, we put a file on a server that gave the browser setting: included proxy > > settings as well as browser bypass for local browsing. it's been a while, > > so i'd have to do some digging through my old files. : i'm a bit brain dead > > today > > > > > > > > > From: [EMAIL PROTECTED] > > > To: support@pfsense.com > > > Date: Sun, 11 May 2008 10:25:14 +0200 > > > Subject: [pfSense Support] Where do I put squid ? > > > > > > I've got Pfsense running on one box going out to 5 DSL WAN Ports. I have > > now > > > setup a squid box running separately. I would like to run it as a > > > transparent proxy on my network. How do you suggest I set it up ? > > > > > > Do I put another NIC in the squid box, then setup a firewall rule to route > > > all http traffic to the squid box / gateway and then load balance the > > squid > > > box's traffic out ? > > > > > > The Pfsense box IP = 10.0.0.3 > > > Squid IP = 10.0.0.197 > > > > > > Regards, > > > > > > > > > Mike Lever > > > > > > Tenacity Films (Pty) Ltd t/a > > > Velocity Films > > > > > > (T) +2711-807-0100 > > > (F) 086-681-7518 > > > > > > http://www.velocityfilms.com > > > > > > > > > CONFIDENTIALITY CAUTION: If you have received this communication in error, > > > please note that it is intended for the addressee only, is privileged and > > > confidential and dissemination or copying prohibited. Please notify us > > > immediately by e-mail and return the original message. Thank you. > > > > > > > > > > > > > > > - > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > >
RE: [pfSense Support] Where do I put squid ?
Don't know which squid and sitro are you using, but in my scenario, using pfsense as gateway and IPCop as squid (before started using squid on pfSense), the IPCop host would automaticly send the trafic (in case of http, after entering the squid process) to it's gateway, that would be the pfsense host it's like: IPCop : 192.168.0.2 pfSense: 192.168.0.1 Client pc tries to connect to the outside world through http pc > IPCop > IPCop's internal squid process > pfsense > www in this case, it's proxy, not nat Client pc tries to connect to the outside world through VNC pc > IPCop > pfsense > www In this case, it's pure nat, no foltering Dom, 2008-05-11 às 21:57 +0200, Mike Lever escreveu: > Thaks David ! Bear in mind that I am using it as a transparent proxy. Surely > I must set some rules on the firewall to route all http traffic to the squid > box and back to the pfsense box ? > > Mike Lever > > Tenacity Films (Pty) Ltd > t/a Velocity Films > (t) +2711-807-0100 > (f) +2711-807-1208 > > > -Original Message- > From: "David Meireles" <[EMAIL PROTECTED]> > To: support@pfsense.com > Sent: 08-05-11 21:27 > Subject: RE: [pfSense Support] Where do I put squid ? > > Ok, on the DHCP Server you have as gateway the squid server, and the > squid server will have as gateway the pfsense IP (that way you won't > need to have 2 interfaces on the squid server, since it's all in the > same subnet). About the rules, use only the squid server to apply the > squid rules, and the rest, leave it on the pfsense (port blocking and > stuff). > > Dom, 2008-05-11 s 21:19 +0200, Mike Lever escreveu: > > > Done that, but where I was battling was setting IP addresses on the pfsense > > interface (the squid is static) what do I set as the ip address and gateway > > ? Also how do I configure the firewall rules ? > > > > Any ideas there ? > > > > Mike Lever > > > > Tenacity Films (Pty) Ltd > > t/a Velocity Films > > (t) +2711-807-0100 > > (f) +2711-807-1208 > > > > > > -Original Message- > > From: "David Meireles" <[EMAIL PROTECTED]> > > To: support@pfsense.com > > Sent: 08-05-11 20:18 > > Subject: RE: [pfSense Support] Where do I put squid ? > > > > Just setup the pfSense DHCP Server to use the squid box as gateway > > address. > > > > Dom, 2008-05-11 s 15:23 +0200, Mike Lever escreveu: > > > > > Hi Dean , > > > > > > Thanks for the feedback, so are you suggesting I only use 1 NIC for the > > > squid box ? as opposed to 2, 1 coming IN from the Pfsense / internal > > > network > > > and 1 going BACK to the Pfsense. > > > > > > Regards, > > > > > > > > > Mike Lever > > > > > > Tenacity Films (Pty) Ltd t/a > > > Velocity Films > > > > > > (T) +2711-807-0100 > > > (F) 086-681-7518 > > > > > > http://www.velocityfilms.com > > > > > > > > > CONFIDENTIALITY CAUTION: If you have received this communication in error, > > > please note that it is intended for the addressee only, is privileged and > > > confidential and dissemination or copying prohibited. Please notify us > > > immediately by e-mail and return the original message. Thank you. > > > > > > > > > -Original Message- > > > From: Dean Larson [mailto:[EMAIL PROTECTED] > > > Sent: 11 May 2008 01:28 PM > > > To: support@pfsense.com > > > Subject: RE: [pfSense Support] Where do I put squid ? > > > > > > > > > i think it would be cool to route http traffic to the squid box, but put a > > > rule just infront of it to allow your squid box to go out the firewall. > > > for > > > security i would not allow a second nic to go out the squid box onto the > > > internet. > > > > > > i myself set up the browsers manually for the squid box. at another gig i > > > had, we put a file on a server that gave the browser setting: included > > > proxy > > > settings as well as browser bypass for local browsing. it's been a while, > > > so i'd have to do some digging through my old files. : i'm a bit brain > > > dead > > > today > > > > > > > > > > > > > From: [EMAIL PROTECTED] > > > > To: support@pfsense.com > > > > Date: Sun, 11 May 2008 10:25:14 +0200 > > > > Subject: [pfSense Support] Where do I put squid ? > > > > > > > > I've got Pfsense running on one box going out to 5 DSL WAN Ports. I have > > > now > > > > setup a squid box running separately. I would like to run it as a > > > > transparent proxy on my network. How do you suggest I set it up ? > > > > > > > > Do I put another NIC in the squid box, then setup a firewall rule to > > > > route > > > > all http traffic to the squid box / gateway and then load balance the > > > squid > > > > box's traffic out ? > > > > > > > > The Pfsense box IP = 10.0.0.3 > > > > Squid IP = 10.0.0.197 > > > > > > > > Regards, > > > > > > > > > > > > Mike Lever > > > > > > > > Tenacity Films (Pty) Ltd t/a > > > > Velocity Films > > > > > > > > (T) +2711-807-0100 > > > > (F) 086-681-7518 > > > > > > > > http://www.velocityfilms.com > > > >
