Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squid-reverse - VIP issues, interface LISTEN selection

    Scheduled Pinned Locked Moved pfSense Packages
    5 Posts 2 Posters 2.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • gwhynottG
      gwhynott
      last edited by

      Hi,

      Not so much a problem but rather a request for change perhaps,  or a general FYI..

      I have 2 pfsense boxes set up for fail over using CARP.  CARP was set up prior to the installation of squid-reverse.  In order to have the proxy service fail over I had to add "http_port 10.101.111.3:3128" to the custom options (x.x.x.3 being the VIP between the boxes).  This was necessary as within the webGUI config area for squid,  the 'Proxy Interface' selection menu did not include the VIP interfaces (which is interesting as the heartbeat/sync interface is listed,  but I can't think of a reason you would want to have squid listen on your dedicated heartbeat interface).

      While not necessary or a biggie,  it would be nice to have any VIP interfaces configured listed on the menu along with the other interfaces in some future release.

      take care,
      -g

      1 Reply Last reply Reply Quote 0
      • marcellocM
        marcelloc
        last edited by

        You do not need custom options,

        Select squid to listen on loopback interface only and then create a rdr nat rule to forward from your vip address to 127.0.0.1.

        Treinamentos de Elite: http://sys-squad.com

        Help a community developer! ;D

        1 Reply Last reply Reply Quote 0
        • gwhynottG
          gwhynott
          last edited by

          @marcelloc:

          You do not need custom options,

          Select squid to listen on loopback interface only and then create a rdr nat rule to forward from your vip address to 127.0.0.1.

          doesn't that seem more complicated than just having it listen on the VIP?  Is there a reason why you would want to do it this way as opposed to binding to the VIP?    I'm not using NAT and would prefer not to,  but if there is a reason one would want to use a redirect and NAT to achieve this,  i'm all ears.

          thanks again Marcel,
          greg

          1 Reply Last reply Reply Quote 0
          • marcellocM
            marcelloc
            last edited by

            There is a xml framework to help package development. In this framework we have a "gui component" that shows available interfaces but not available ips.

            In my case, if I want to change from interfaces list to ips, I have to rewrite whole page in php and leave xml.

            Treinamentos de Elite: http://sys-squad.com

            Help a community developer! ;D

            1 Reply Last reply Reply Quote 0
            • gwhynottG
              gwhynott
              last edited by

              @marcelloc:

              In my case, if I want to change from interfaces list to ips, I have to rewrite whole page in php and leave xml.

              I understand,  forget that.  8)

              maybe just a help blurb about VIPs and how to configure..  but i'm sure there are many more important items on the radar.

              take care Marcello,
              -g

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.