On Tue, Feb 17, 2009 at 08:01, Federico Konig <chamiko...@gmail.com> wrote: > I agree with you but what i need is the cisco's "policy". I need only for a > few pcs to use the X gateway, others use the Y gateway and the rest use a > balance pool Z.
Due to the way proxying works, your request is simply not possible, not with pfSense, nor with any other non-DPI router. Even with DPI, success would be dubious due to the need to add some header (like X-Forwarded-For) to indicate the client source. The connections will always appear to be sourced from the proxy, and unless you hack DPI into pfSense, it will not be aware of what client originated what request through the proxy. If you insist on applying the same rules whether by proxy or by IP, you could kludge something together on your proxy (assuming it's a readily-configurable UNIX box running squid) with IP aliases and tcp_outgoing_address, but such a solution would be such a hack and utterly unmaintainable I'm unwilling to outline it. A more tenable solution would be to either not proxy the clients that need the dedicated gateway or to set up a dedicated proxy instance for those gateways. --------------------------------------------------------------------- To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
