Hello anyone could this scenario be possible in NAT outbound translation
-
If that is done by pfsense1 why not?
But do you want to open up what you want to achieve? -
If that is done by pfsense1 why not?
But do you want to open up what you want to achieve?Yeah I want that Pfsense firewall 1 will be able to see the addresses on the LAN side because from that data, I will be able to segregate Such LAN ips to ISP1 and some to ISP2 & ISP3.
-
If firewall #2 is not natting you can see original ip-addresses in pfsense#1 and so on you can decide isp's
-
If firewall #2 is not natting you can see original ip-addresses in pfsense#1 and so on you can decide isp's
And if firewall #2 is not using squid so that pfsense#1 can see the clients ip addresses and not only the proxy ip address.
-
If firewall #2 is not natting you can see original ip-addresses in pfsense#1 and so on you can decide isp's
And if firewall #2 is not using squid so that pfsense#1 can see the clients ip addresses and not only the proxy ip address.
Thanks for completing sentences ;)
-
Suppose if it has squid, will that be a big problem? is there a workaround,if there is squid residing in firewall # 2
-
Yes, it would be a problem because all client which are using the proxy alway have the same IP than the proxy. so it wouldn't be possible for pfsense#1 to decide which client initiated the connection - it is always the proxy.
-
Yes, it would be a problem because all client which are using the proxy alway have the same IP than the proxy. so it wouldn't be possible for pfsense#1 to decide which client initiated the connection - it is always the proxy.
Is there no work around with this? even outbound NAT and 1:1? or if you have any ideas.
-
just bypassing squid for source ip addresses.
This is what I know abou this. I do not know any way to see the real client ips after they passed a proxy.
Perhaps it would be possible to explain us more in detail what you want to realize with pfsense#1 and pfsense#2 and why there should be two pfsense boxes or why squid should run on box #2 and not on box#1
-
just bypassing squid for source ip addresses.
This is what I know abou this. I do not know any way to see the real client ips after they passed a proxy.
Perhaps it would be possible to explain us more in detail what you want to realize with pfsense#1 and pfsense#2 and why there should be two pfsense boxes or why squid should run on box #2 and not on box#1
The reason for having 2 pfsense boxes and segregating its because
a.) I am using 1.2.3 snapshot.
b.) When I try to load balance a Multi -Wan and Running together with squid package on the same box this gives me an Issue on the load balancer side.
Thats the reason why I segregate the boxes so that each boxes will be running its specific function as load balancer and as a squid proxy. -
Then take a look at this thread/tutorial:
-
Will this work for 3 ISP's as to be load balanced, in his example he has only 2 ISP links.
-
LoadBalancing in general is working with more than two links. If i remember correct a user in this forum is LoadBalancing up to 8 lines.
Because I am not using LoadBalancing and squid on one machine I do not know if it will work with more than two lines but I think it would be possible.