New HOWTO: pfSense Squid Web Proxy with multi-WAN links (it works!)

mbedyn

@DimitriS
Did you tested this setup in case of loadbalancing? 
After my test it perfectly works in case of failover, but not when I set up loadbalancing between two gateways..
I tried to bind squid to loopback and LAN and only loopback, and works well only when gateways sets in failover.

Michael

Frozen_Fire

I agree with mbedyn, failover works but not loadbalancing.

dwood

Saw the same thing here.  Fail-over yes, load balancing no.

jikjik101

same here no loadbalance only failover. Also the redirect error page in squidguard doesn't point to the redirect page.

2.0-RC3 (i386)
built on Wed Jun 22 12:38:11 EDT 2011

installed packages: squid, squidguard, bandwidth and vnstati

squid in transparent mode, 2 ISP (dynamic and static WANS)
floating rule set as this:
@zzajdica:

jikjik101

I tried to follow the HOWTO but it seems I encountered problems:

2.0-RC3 (i386)
built on Fri Jul 1 00:16:18 EDT 2011

mohdhanafe

Good Job

zetar

Hello.
For three days I'm trying to do this.
I tried and tried, but I can not get it to work.
I can not open web pages it opens and then stops and does not go more 'forward.
I attach a screenshot
As you can see I can not even do program updates.
If anyone can help me, I would do a big favor.
Thanks to all.

zetar

Screenshot

zetar

screenshot

zetar

screenshot

heper

@zetar

what does not work ?

are you able to do basic loadbalancing without squid ?
if no -> read the sticky about loadbalancing / failover in 2.0 forum

if yes -> is your floating rule being hit when trying to access a page ? –> if yes then you could be having a dns issue, duplicate the floating rule you have for http but change to tcp/udp and destination to DNS (53)

zetar

Hello.
Thank you for reply.
I reinstalled from the beginning.
The load balancing has worked very well until the installation of the Squid.
After the Squid and the fact the rules as you said to no longer works.
Attached is a screenshot of the rules are created by me for other services.
Can interfere at times.
Another thing, what are the correct values ​​to put as the threshold latency and packet loss.
After the rule of floating, I found this rule, that fact alone, can 'interfere. Screenshots.
Another problem by loading a download of 6 7 megs no longer opens the page. I have to stop the download.
Thanks again.

zetar

If you notice the OPT1 and 'upload. the other three WAN server always does not happen.

kirlox_kitoy

Will these work for 3 ISP or 3 WAN links?

kirlox_kitoy

have you tried not to append the custom options which is the loopback maybe that will work.

andylai

@heper, I had setup squid load balancing following your instruction and it works (kind of). I fell unstable / slow performance while serving the web. Like I open a website the website may load halfway then it kept loading but nothing display. I need to refresh it then only it load the entire page. Or sometime it may never load the page at all but it never say "page cannot be display" etc, it just kept loading.

Also it cause my Online Games not able to connect to it server. The NAT outbound setting would it cause any trouble to go for manual? May it be the reason why my Online Games can't locate the server?

xocapik

Hi, i tried this and works but with low performance.

now i updated pfsense and i got this when accessing via transparet proxy

ERROR
The requested URL could not be retrieved

While trying to process the request:

GET / HTTP/1.1
Host: www.nasa.gov
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:6.0) Gecko/20100101 Firefox/6.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: es-es,es;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Cookie: __utma=259910805.353818488.1314617254.1314617254.1314617254.1; __utmb=259910805; __utmc=259910805; __utmz=259910805.1314617254.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); sessionpref=0; bn_u=6923701915773992990; fsr.s=%7B%22v%22%3A1%2C%22rid%22%3A%221314617258598_503062%22%2C%22pv%22%3A2%2C%22to%22%3A3.3%2C%22c%22%3A%22http%3A%2F%2Fwww.nasa.gov%2F%22%2C%22lc%22%3A%7B%22d3%22%3A%7B%22v%22%3A2%2C%22s%22%3Afalse%7D%7D%2C%22cd%22%3A3%2C%22sd%22%3A3%2C%22f%22%3A1314617266696%7D
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

The following error was encountered:

    Invalid Request 

Some aspect of the HTTP Request is invalid. Possible problems:

    Missing or unknown request method
    Missing URL
    Missing HTTP Identifier (HTTP/1.0)
    Request is too large
    Content-Length missing for POST or PUT requests
    Illegal character in hostname; underscores are not allowed 

Your cache administrator is admin@localhost.
Generated Mon, 29 Aug 2011 11:27:52 GMT by localhost (squid)  

If I specify the proxy in the client it works well.

paoloromano

hello masters,

i setup failover and loadbalancing, i believe its working but not when i install squid proxy. failover is no longer working once i unplugged either of the wan connection. i cannot browse the web although i can ping 8.8.8.8, when i uncheck "allow users on this interface" i can browse the net. is there a workaround on setting up load balancing, failover and squid? i need your advise masters, thanks in advance!

lcisetti

Hi.

Any news about this issue ?

My pfsense 2.0  RELEASE + Squid + Failover + squidguard + Transparent Proxy still not work.

Thanks in advance.

Luca

urbangear

After manually adding my subnet in the "Allowed subnets" box, my dual wan, squid and squidguard setup is now functioning using pfSense Version 2.0-Release (i386)

UPDATE: squidguard doesn't work but squid is OK