Any way to get Squid to load balance gateways ?
-
We have two separate internet feeds at our site. I have gotten all of the rules setup and tested such that traffic load balances across the two available paths. But, when squid is enabled, it follows ONLY the firewall default gateway.
The same issue impacts the firewall itself when pfSense is trying to check for Software updates and package updates.
If I remove the system default gateway, client traffic still works (but pfSense itself cannot reach the internet) until I try to enable squid, then http fails because transparent squid is intercepting the traffic but cannot get out.
Is there any way to get this traffic to follow the firewall rules in the same manner as LAN clients instead of just the default gateway ? (I tried adding rules for the loopback network to no avail. )
Thanks !
-
There are some tutorias to get squid working on multiple links with pfsense. try a forum search for tcp_outgoing_address
-
If you are trying to do this with automatic outbound nat howto's on the forum, it can be frustrating getting it to work, but I managed to get it going out both WAN's last night.
First off make sure you dont have "Sticky connections" enabled, this was the prime reason why I noticed all my http traffic was only going out my primary wan, secondary wan was not utilised at all.
Also when I created the floating rule, I chose [action:pass | quick:ticked | interface:wan1:wan2 | direction:out | protocol:tcp | destination port range:HTTP | gateway:MultiWan]
In my firewall rule for the proxied interface, i.e LAN I created a default rule that passed all traffic to 'Gateway':MultiWan.
Maybe the above LAN rule does'nt need to be set as your multiwan and can be just default gateway, as the floating 'quick' rule catches it before hand, also make sure you reset states and restart squid.
If you have setup up squid correctly then it should work with the above notes/tips.
Hope this helps anyone who had a frustrating time trying to get this to work :0)
