Load Balance and Squid does not work runnig in the same server
-
didn't work for me as well..
-
@ermal:
I just put a patch that will include localhost(127.0.0/8) on the default nat rules so AON will not be needed anymore in the configuration.
Should be easier now by just creating a floating rule and selecting the gateway group on it.Is this patch now in the public RC1 builds? I have the build from Tue Mar 15 08:53:58 EDT 2011 and when I go into the NAT rules and AON I'm not seeing any default rules for 127.0.0/8.
-
Is there anyone trying to do this with multiple vlans also? I had it working per the various posts in this thread, but it broke my ability to get to http sites on other vlans. I think having squid using 127.0.0.1 is what breaks it.
-
and when i use although havp with parent to squid????????
in this case :
tcp_outgoing_address 127.0.0.1;never_direct allow all;cache_peer 127.0.0.1 parent 4444 0 name=havp no-query no-digest no-netdb-exchange default;redirect_program /usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf;redirector_bypass on;redirect_children 3
?????? what is with cache peer to loopback?
-
Still not work.
What is the solution? -
Heper, thanks for your guide!
What advanced option used in the "matching rule, to stop balance twice" floating rule?
I used TCP flags: out of: SYN.
It works! -
rubic:
it's possible to 'mark' packets when they hit one of your rules. Afterwards you can "search" for them packets using other rules, sort of ;)
so basically i use a floating rule to push all http traffic through de gateway-group; at the same time i 'mark' them.
i put another floating rule IN FRONT of my loadbalance-rule and added option 'quick' ; there i push packets out without going through gateway-group ; here i specify to 'match' the packets i 'marked' in my secondary rule.
see this
-
Hm… will think about... however, looking at pf packet flow diagram, I wonder if floating load-balance rule can fire twice
by the way, in my case your solution works even without binding squid to loopback ??? -
heper, you were right!
when default WAN is down, an outgoing packet hits the rule twice (both on WAN fnd OPT-WAN interface)
if you don't mind I would like to translate your how-to for russian pfSense community
thanks! -
It hits it twice but really it does not execute the policy routing the second time.
Only the nat rules are executed. -
@ermal:
Only the nat rules are executed.
There is one moment with NAT unclear to me. According to pf packet flow diagram (http://homepage.mac.com/quension/pf/flow.png) filtering happen after SNAT. That's why in the rule log we see: if:WAN src:WAN IP -> dst:remote host IP. But when packet rerouted by the policy routing rule reaches OPT-WAN outgoing chain (assuming WAN is down) it's source address appears magically restored to 127.0.0.1. Which block on the diagram do that?
-
my "how-to" can be translated in any language … it's only purpose was to return the info i got from ermal to the community ;)
-
rubic, its pfSense customized pf(4), by me. :)
This functionality can not be done with standard pf(4), at least the version that is used on FreeBSD, without too much tinkering.
-
@ermal:
rubic, its pfSense customized pf(4), by me. :)
This functionality can not be done with standard pf(4), at least the version that is used on FreeBSD, without too much tinkering.
Ok, now I see :) Thank you for your work!
translated: http://forum.pfsense.org/index.php/topic,34810.0.html -
Ok the guide works with FailOver, but for LoadBalance???? Thanks
-
Please, where I am testing the sense pf 2.0 is required to enter some sites that require https and when I configure squid with loadbalance the gateway connection changes every time, how can I fix this?
Please help.
-
Please help…Load balancing is ok...but squid is not functioning...please do some ups in the floating rule..
Thank you... -
well you could create a dedicated gateway group with failover (different tiers) and add a seperate rule for https traffic to use that gateway group …..
or you could enable 'sticky connections' in system .... but i don't know if that would solve all issues
-
Yes, BUT WITH THIS SOLUTION YOU CANT HAVP as parent for SQUID ;)
-
I Follow the same above procedure but no success,My browser just working working and working without showing any results.
my configurations are.My browser dosn't open any page after given settings ?????..Where I have take mistake. please guide me .
![2011-04-29, 11_55_27.jpg](/public/imported_attachments/1/2011-04-29, 11_55_27.jpg)
![2011-04-29, 11_55_27.jpg_thumb](/public/imported_attachments/1/2011-04-29, 11_55_27.jpg_thumb)
![2011-04-29, 11_55_32.jpg](/public/imported_attachments/1/2011-04-29, 11_55_32.jpg)
![2011-04-29, 11_55_32.jpg_thumb](/public/imported_attachments/1/2011-04-29, 11_55_32.jpg_thumb)
![2011-04-29, 11_55_42.jpg](/public/imported_attachments/1/2011-04-29, 11_55_42.jpg)
![2011-04-29, 11_55_42.jpg_thumb](/public/imported_attachments/1/2011-04-29, 11_55_42.jpg_thumb)
![2011-04-29, 11_55_47.jpg](/public/imported_attachments/1/2011-04-29, 11_55_47.jpg)
![2011-04-29, 11_55_47.jpg_thumb](/public/imported_attachments/1/2011-04-29, 11_55_47.jpg_thumb)
![2011-04-29, 11_56_02.jpg](/public/imported_attachments/1/2011-04-29, 11_56_02.jpg)
![2011-04-29, 11_56_02.jpg_thumb](/public/imported_attachments/1/2011-04-29, 11_56_02.jpg_thumb)
![2011-04-29, 11_56_10.jpg](/public/imported_attachments/1/2011-04-29, 11_56_10.jpg)
![2011-04-29, 11_56_10.jpg_thumb](/public/imported_attachments/1/2011-04-29, 11_56_10.jpg_thumb)
![2011-04-29, 11_56_33.jpg](/public/imported_attachments/1/2011-04-29, 11_56_33.jpg)
![2011-04-29, 11_56_33.jpg_thumb](/public/imported_attachments/1/2011-04-29, 11_56_33.jpg_thumb)
![2011-04-29, 11_57_39.jpg](/public/imported_attachments/1/2011-04-29, 11_57_39.jpg)
![2011-04-29, 11_57_39.jpg_thumb](/public/imported_attachments/1/2011-04-29, 11_57_39.jpg_thumb)
![2011-04-29, 11_57_49.jpg](/public/imported_attachments/1/2011-04-29, 11_57_49.jpg)
![2011-04-29, 11_57_49.jpg_thumb](/public/imported_attachments/1/2011-04-29, 11_57_49.jpg_thumb)