Load Balance and Squid does not work runnig in the same server
-
Heper, thanks for your guide!
What advanced option used in the "matching rule, to stop balance twice" floating rule?
I used TCP flags: out of: SYN.
It works! -
rubic:
it's possible to 'mark' packets when they hit one of your rules. Afterwards you can "search" for them packets using other rules, sort of ;)
so basically i use a floating rule to push all http traffic through de gateway-group; at the same time i 'mark' them.
i put another floating rule IN FRONT of my loadbalance-rule and added option 'quick' ; there i push packets out without going through gateway-group ; here i specify to 'match' the packets i 'marked' in my secondary rule.
see this
-
Hm… will think about... however, looking at pf packet flow diagram, I wonder if floating load-balance rule can fire twice
by the way, in my case your solution works even without binding squid to loopback ??? -
heper, you were right!
when default WAN is down, an outgoing packet hits the rule twice (both on WAN fnd OPT-WAN interface)
if you don't mind I would like to translate your how-to for russian pfSense community
thanks! -
It hits it twice but really it does not execute the policy routing the second time.
Only the nat rules are executed. -
@ermal:
Only the nat rules are executed.
There is one moment with NAT unclear to me. According to pf packet flow diagram (http://homepage.mac.com/quension/pf/flow.png) filtering happen after SNAT. That's why in the rule log we see: if:WAN src:WAN IP -> dst:remote host IP. But when packet rerouted by the policy routing rule reaches OPT-WAN outgoing chain (assuming WAN is down) it's source address appears magically restored to 127.0.0.1. Which block on the diagram do that?
-
my "how-to" can be translated in any language … it's only purpose was to return the info i got from ermal to the community ;)
-
rubic, its pfSense customized pf(4), by me. :)
This functionality can not be done with standard pf(4), at least the version that is used on FreeBSD, without too much tinkering.
-
@ermal:
rubic, its pfSense customized pf(4), by me. :)
This functionality can not be done with standard pf(4), at least the version that is used on FreeBSD, without too much tinkering.
Ok, now I see :) Thank you for your work!
translated: http://forum.pfsense.org/index.php/topic,34810.0.html -
Ok the guide works with FailOver, but for LoadBalance???? Thanks
-
Please, where I am testing the sense pf 2.0 is required to enter some sites that require https and when I configure squid with loadbalance the gateway connection changes every time, how can I fix this?
Please help.
-
Please help…Load balancing is ok...but squid is not functioning...please do some ups in the floating rule..
Thank you... -
well you could create a dedicated gateway group with failover (different tiers) and add a seperate rule for https traffic to use that gateway group …..
or you could enable 'sticky connections' in system .... but i don't know if that would solve all issues
-
Yes, BUT WITH THIS SOLUTION YOU CANT HAVP as parent for SQUID ;)
-
I Follow the same above procedure but no success,My browser just working working and working without showing any results.
my configurations are.My browser dosn't open any page after given settings ?????..Where I have take mistake. please guide me .
 -
@ far … your Nat ountbound should be set to "manual"
-
You need only loopback interface on squid selected.
Also on LAN the rule with a GatewayPool should not match the port 80/443 tcp which get handled by squid. -
Has anyone got failover working on 2.0RC3? I have been trying to get this working for several days now and and have not been successful.