New HOWTO: pfSense Squid Web Proxy with multi-WAN links (it works!)
-
Hi all,
I spend 2 days to deal with Squid Web Proxy with multi-WAN links.
And now, it works correctly! So, I decided to write a detailed howto, with explanations. With this document, you can understand multi-WAN and Squid configuration.
Version : pfSense 2.0-RC1 (built on Sat Feb 26 15:30:26 EST 2011)
(I posted this document from Haiti. I'm training people here, with OpenSource security solutions.)
http://securite-ti.com/pfSense_Web_Proxy_with_multi-WAN_links.pdf
Thanks all! Comments are welcome!
-
good job
-
Thank you very much, we need from all member to post doc's. as you.
Thanks -
Would be better if it were on our wiki :-)
-
-
I modified some details in the docs regarding floating rules.
I will write an article in the wiki soon.
Thanks for reading,
Dimitri.
-
Dear Dimitri.
I really appreciate your work…. coz i was also working on this scenario but i have to use two machine one for load balancing and other one for proxy+squid Filter+light squid. i would like to receive your next amended writeup on subjected topic on my following address. Again Great job Mr.Dimitri. i will try to implement as per your attached PDF doc.
Regards
itonmytips
itonmytips@hotmail.com -
Hello, I tried to follow your advice of how to set up Squid also, the result does not sail over the internet, done and redone many times, but no way to lock the navigation, where am I wrong in your opinion?.
Thanks. -
@zetar : I can help, but I need more informations about your configuration or technicals parameters? Did you have an error message on your Web browser while your surfing the Web through Squid?
-
Hello, I had no error message, only "page not found".
Installed on a test, because after the installation of Squid are no longer 'able to uninstall it, with the consequence of having to redo the server, I do not want to risk on a production machine.
Then let you know what happens, maybe with some screenshots.
Thanks. -
Hello,
only binding to loopback adapter for squid should do and no need for tcp_outgoing address.
This should allow to tighten the NAT/filter rules a bit more. -
good day pfmasters, i would like to ask if this work on multi-wan fail over?
ive tested squid with multi wan
wan for browsing
opt for others
when squid is on transparent mode, when wan is disconected and failback to opt interface, i cannot browse but when im on non transparent failover works perfect -
Please help me, I can't file access: http://securite-ti.com/pfSense_Web_Proxy_with_multi-WAN_links.pdf
-
Hello,
Thanks for this. Unfortunately it is not working for me.. Here is the issue.. the failover is working fine, i unplug the primary and a few seconds later I am pinging out to the internet. Browsing does not work and here is why:
Under System, Routing, I have 2 Gateways.. the Primary gateway has Default Gateway checked.. so when it goes down the default gateway goes away.. so Squid cannot route out to fetch these pages. So, is there a way for me to setup some weighted routes so squid (and the pfsense firewall) can route out in case the primary connection goes down?
-
@ermal: i've found that when binding squid to localhost only causes traffic from lan not to go through the proxy … should any other redirect rules be implement when running it your way ?
@zzajdica: the floating rules are there to push http traffic to the correct gateway ... check if your floating rules correspond with the ones in this how-to and let us know if that helped
-
Hi!
Thanks for the docs! I'm having some issues also.
1. Following the guides you made, it's working! really! but after few seconds the squid is starting to fail then all connection are totally blocked by squid.
- maybe it's on squid
2. In this mode, while the tier 1 is down. The pfsense itself doesn't have internet connection (im not sure how to say it)
- can't ping any host or even check for updates.
- **but as long as all workstations does have connection and forwarders are working i think i can live with this.I really appreciate what you made!!
I'm Hoping you can help us!!Thank yoU!!!
-
Hi!!
After following those guides, it does gives me interest to study pfsense deeply.
I'm running pfsense 2.0 RC2 (updated) squid + wan failover that for me is working. Just did it TODAY.
I did not set or use any rules (as in no rules are being used.)
I still need to monitor this over the weekend. I'd be happy to share it with you guys if this one works with my needs.
Like port forwarders and carp/pfsync.THank you for giving me encouragement!!
-
My floating rule is set. I also tried upgrading to the newest snapshot but it did not help. Please see attached for my settings. Thanks!
-
Edit the floating rule so that the interfaces and direction are also visible in the screenshots. That's the most important info there aside from what you've shown.
-