Load Balance and Squid does not work runnig in the same server
-
I just put a patch that will include localhost(127.0.0/8) on the default nat rules so AON will not be needed anymore in the configuration.
Should be easier now by just creating a floating rule and selecting the gateway group on it. -
Ermal, I have the following situation, an internal server running IIS, the rule enabled the floating leaves no service be accessed externally, is there anything to be done differently in this rule, use of nat port http to redirect traffic
-
This is not related to this topic or i am not understanding anything on this.
So please explain. -
hi,
in floating rule, please give me the detail,
check Quick, and match any interface and ther direction in or out,
explain
thanks -
i did all thing in pics, but not work
-
I'm trying to understand the pics, but there is many things like the direction in floating rules.
This set of rules can be used to work the wan balancing with squid? its needed the AON or not with the latest release?
-
I'm also trying to understand how to do this before i go and install squid. Hopefully somebody could post the steps in detail as I'm really new at this.
-
We need good explain, we dont know some things in rules, we need more explain,
where is document for load balance and squid,
thanks -
will post details of floating rules tonight ….
also i don't check this forum on a daily bases , to get my attention regarding this post its easier to send a pm
-
Hello guys, i'm experiencing the same problem. I've tryed the solution you give. When i configure two links in different tiers, making failover, squid work perfectly going trough the gateway I specify. but, when I configure two gateways in the same tier, making balance, the squid can't find any site and when the user try to access any site on the internet, the browser still "searching forever" until get the "TIMEOUT" message. Did one of you experienced that too? what am I doing wrong?
Just for information:
I have two links: 1 PPPOE and 1 Static from 2 different ISPs in two different interfaces.
I have a Lan where are all the computers and a DMZ where are a Web Server that is a DNS server too.
The LAN's DNS server is the PfSense. -
thanks, we need Pic's with explain, step by step.
regards -
i'll try to write up a step-by-step howto in a couple of months …. the free time i have is precious and going to the pub is more fun then writing a howto ;)
basic steps are this:
-
get loadbalancing/failover working without squid (search the forum)
-
install squid
-
setup rules as shown in this post
-
configure squid as shown in this post
as promised below u'll find the float rule detail screenshot:
-
-
Heper, I am almost there…
I found out that my problem is with the DNS. So i see that you posted something about that. You have said that it's need to have a DNS server on the LAN side, so in my case that are a dns server on a DMZ, needing to pass trough the pfsense to access, it can't be done? -
Just loadbalance even DNS as well as you do for TCP traffic.
-
Thank you Heper!
I just put a patch that will include localhost(127.0.0/8) on the default nat rules so AON will not be needed anymore in the configuration.
Should be easier now by just creating a floating rule and selecting the gateway group on it.Ermal, may you please expound on this. What is the difference between this and heper's screenshots? Thanks!
-
You have to put an additional rule the same as in the previous screenshot but the protocol should be UDP and outgoing port 53.
That will help with dns. -
i will try to config it, now i dont need to add AON rule, or need
regards -
Still not work.
what is the wrong????!!!!! -
ermal,
I have configured the rule you said, balancing the DNS requests too. but it doesn't work. My DNS is in the DMZ so the connections to it can't be balanced because it don't pass trough the gateways to access. with that rule, who are out of the proxy have DNS problems too. so if I put a rule without balancing to the DMZ subnet in the floating rules before the balance rule, the normal connections work but the proxy connections still without name resolution. -
i'd suggest you try setting up a virtual machine with a basic dns server on your lan subnet (be it on windows or linux or bsd).
If that solves your problems then you can be certain it's a dns issueif you don't want to waste time setting up VM's then i suggest you add some rules to log all udp traffic on port 53
also packet captures can help figuring out where or what gets stuckOne of the things i've noticed is when you pull WAN1 interface offline, the frontpage of the pfsense gui will start to go really slow (ie. waiting for a time-out).
to work around this issue close the "system information" widget …. this checks for updates and fails because it doesn't find dnsermal,
I have configured the rule you said, balancing the DNS requests too. but it doesn't work. My DNS is in the DMZ so the connections to it can't be balanced because it don't pass trough the gateways to access. with that rule, who are out of the proxy have DNS problems too. so if I put a rule without balancing to the DMZ subnet in the floating rules before the balance rule, the normal connections work but the proxy connections still without name resolution.