Squid with VIP

mgrosh

This thread has been alot of help.

I have a similar situation and this fixed most of my issues but broke one small thing.

My setup
2 pfSense 2.0.1 servers with CARP for failover
2 WAN connections setup with MultiWAN
Squid Installed

LAN
10.1.1.139 pfSense1
10.1.1.140 pfSense2
10.1.1.141 pfSense Virtual IP

WAN
xxx.xxx.251.139 pfSense1
xxx.xxx.251.140 pfSense2
xxx.xxx.251.141 pfSense Virtual IP

I removed "tcp_outgoing_address 127.0.0.1" from custom options.
added
LAN TCP * * 10.1.1.141 3128 127.0.0.1 3128
to Port Forward

and added
WAN 127.0.0.0/8 * * * xxx.xxx.251.141 * NO
to Outbound

everything is working except for when i open http://www.pfsense.org/ip.php shows my IP address as xxx.xxx.251.139 <–WRONG (should be the VIP)

when i add "tcp_outgoing_address 127.0.0.1" to custom options, http://www.pfsense.org/ip.php shows my IP address as xxx.xxx.251.141 <-- correct

however, with "tcp_outgoing_address 127.0.0.1" added to custom options i can not connect to local resources on the 10.0.0.0/8 LAN network.

any ideas?

mgrosh

I noticed marcelloc mention this on another thread

"Use squid tcp outgoing address directive to specify it.

There is a field on squid gui for custom options. Place it there."

Would this fix my problem and how would i implement this with my MultiWAN situation?

marcelloc

A load balance rule on floating tab should work for outgoing traffic.

mgrosh

@marcelloc:

A load balance rule on floating tab should work for outgoing traffic.

This is the floating rule i have

TCP * * * 80 (HTTP) MultiWAN_Comcast none

Even with this it still shows my IP address as xxx.xxx.251.139

marcelloc

Second try could be uncheck default gateway option on gateway config.

mgrosh

unchecking the default gateway had no affect.

I still have not tried

"Use squid tcp outgoing address directive to specify it.

There is a field on squid gui for custom options. Place it there."

I just need direction on how to implement this in a multiwan environment.

mgrosh

This is still a major issue for us.

routing works perfectly. However, when specifing the proxy it does not use the Virtual IP.

My setup
2 pfSense 2.0.1 servers with CARP for failover
2 WAN connections setup with MultiWAN
Squid Installed

LAN
10.1.1.139 pfSense1
10.1.1.140 pfSense2
10.1.1.141 pfSense Virtual IP

WAN
xxx.xxx.251.139 pfSense1
xxx.xxx.251.140 pfSense2
xxx.xxx.251.141 pfSense Virtual IP

I removed "tcp_outgoing_address 127.0.0.1" from custom options.
added
LAN TCP * * 10.1.1.141 3128 127.0.0.1 3128
to Port Forward

and added
WAN 127.0.0.0/8 * * * xxx.xxx.251.141 * NO
to Outbound

I also have a load balance rule on the floating tab that allows all.

everything is working except for when i open http://www.pfsense.org/ip.php shows my IP address as xxx.xxx.251.139 <–WRONG (should be the VIP)

when i add "tcp_outgoing_address 127.0.0.1" to custom options, http://www.pfsense.org/ip.php shows my IP address as xxx.xxx.251.141 <-- correct

however, with "tcp_outgoing_address 127.0.0.1" added to custom options i can not connect to local resources on the 10.0.0.0/8 LAN network.

Any suggestions?

"Use squid tcp outgoing address directive to specify it." has been mentioned as a solution but no details on how to implement it on a multiwan environment.

marcelloc

mgrosh,

Can you check via tcpdump what ip squid is using when trying to access 10.0.0.0/8 network?

att,
Marcello Coutinho

mgrosh

it is using 10.1.1.141 (my VIP)

and with "tcp_outgoing_address 127.0.0.1" added to custom options, i receive the following error page

ERROR

The requested URL could not be retrieved

–------------------------------------------------------------------------------

While trying to retrieve the URL: http://10.0.0.65/

The following error was encountered:
• Connection to Failed

The system returned:
(49) Can't assign requested address
The remote host or network may be down. Please try the request again.

Your cache administrator is it@patlive.com.

Generated Thu, 10 May 2012 19:16:36 GMT by pfSense1 (squid/2.7.STABLE9)

marcelloc

Just to be sure, does your network mask on server and pfsense are /8 or something else??

mgrosh

yes they are /8 for the 10.0.0.0 network.

mgrosh

I am still working to try to recitify this issue.

It it even possible to impliment the following solution in a Multi-Wan setup?

"Use squid tcp outgoing address directive to specify it."