Hey there,
Here's my setup:
Proxmox Server containing:
- pfSense KVM (Firewall + NAT) working fine as is no issue on that.
- Debian LXC (squid for caching)
I don't want to use squid within pfSense because pfSense has a limitaion where squid can't work with gateway groups (which are fundamental for my setup).
I created a network interface in pfSense called SQUID that has an IP address of 192.168.5.1/30 which runs on its own vlan VLAN3. The squid LXC in proxmox has a network adapter on VLAN3 with IP address 192.168.5.2/30 and gateway 192.168.5.1
I created a firewall rule on SQUID interface which allows SQUID_net to any through my specified gateway group.
I created a firewall rule on LAN interface which allows LAN_net to SQUID_net.
Everything is cool so far. squid has internet access. LAN has access to squid
Now in my squid LXC vm:
sudo apt update && sudo apt install squid3
I edited /etc/squid3/squid.conf
Changed #http_access deny all to http_access allow all
Changed http_port 3128 to http_port 3128 transparent
sudo service squid3 restart
In pfSense:
In NAT portforwarding I added this:
Interface: LAN
Source: LAN_net
Source port: any
Destination: any
Destiation port: 80
Redirect IP: 192.168.5.2 (squid)
Redirect port: 3128
Right now I expect that http requests from my LAN clients (192.168.3.0/24) should be redirected to squid (192.168.5.2) on squid's port (3128).
However, what I get when I try to access http websites on my LAN is an error message in chrome "ERR_EMPTY_RESPONSE".
It is confirmed that pfSense is doing what it's supposed to do in forwarding the ports. The only issue as I see it is a miss-configuration on squid's side.
Any help is highly appreciated.