Multi WAN v2 how to use with Local Services, DNS, NTP, SYSLOG, Squid etc?
-
It looks like you may not have fully read my last post.
-
It looks like you may not have fully read my last post.
i read but i don't quite understand ;D
It's important to understand that the floating rule is there to balance requests that go via squid.
The source IP of HTTP requests, when using the configuration I documented, will be 127.0.0.1
regardless of the LAN interface they originated from. Because of this you cannot build rules that handle
traffic from different LAN interfaces in different ways with squid intercepting the requests.As I said, i need three different gateway groups for my network, not just LoadBalance or FailOver but LoadBalance, FailOver1 and FailOver2.
I tried your HowTo and it works for one gateway group only. Have you tried adding only the floating rule and the tcp_outgoing_address on squid? I believe it will yield to same results as your HowTo.it didn't work for me. ???
I will change this to: even if there is no special setup, all you have to do is add a floating rule, assign it to a gateway group, add the tcp_outgoing_address on squid then squid will use that floating rule. this is for http traffic only.
-
As I said "You cannot build rules that handle traffic from different LAN interfaces in different ways with squid intercepting the requests."
-
how about from single LAN interface? still cannot?
-
Any traffic handled by squid is handled by squid wherever it comes from.
So you cannot build rules that handle different parts of the address range on the LAN
for the same reason as you cannot do it for different interfaces. -
that quite explain it. thanks and cheers ;)
i wish i have a simple setup as yours.
How about this sir?
@jikjik101:Have you tried adding only the floating rule and the tcp_outgoing_address 127.0.0.1 on squid? I believe it will yield to same results as your HowTo.
If on your LAN is allow all with multiwan gateway, i think the result is the same, right?
-
If on your LAN is allow all with multiwan gateway, i think the result is the same, right?
I'm sorry I don't understand what you mean??
-
I mean in your LAN rule, instead of having 7 rules, you can just add a single rule of allowing from any to any using the multiwan gateway.
Or do you specifically assign the dns, ping and etc to use your default gateway? -
I suggest you read the aricle.
-
i read your article and it is quite amusing to read and congratulations to that.
but no offense sir, i can't understand why you need the first 6 rules in your LAN?i am not here to argue, but i just want to learn from you. ;D
you are familiar with this stuff, and i am just starting to learn.
so i just want to know why you did this, why you didn't do that?
moving forward, thanks for your time and patience sir. ;)
i will ask no more. -
I really cant explain it better than I already have done in the article.
Unless you have any specific questions. -
congratulations on the documentation, Ill try it my self will see if it works :)
-
I read your article just because I was interested in and you faced some problems with NTP and RADIUS.
Perhaps this is something which could help you in your situation:
http://forum.pfsense.org/index.php/topic,60925.0.html -
I read your article just because I was interested in and you faced some problems with NTP and RADIUS.
Perhaps this is something which could help you in your situation:
http://forum.pfsense.org/index.php/topic,60925.0.html@Nachtfalke what was it about that thread that you thought would help?
Richard -
I read your article just because I was interested in and you faced some problems with NTP and RADIUS.
Perhaps this is something which could help you in your situation:
http://forum.pfsense.org/index.php/topic,60925.0.html@Nachtfalke what was it about that thread that you thought would help?
RichardYou wrote something about that RADIUS accoutning is only going through the default Gateway.
When you intercept RADIUS accounting port with NAT rules and then define an Outbound NAT rule which uses different Outgoing addresses - could this solve your issue ? -
No, they are different things really.
-
I've added a small update to my original article concering squid/squidguard.
http://www.communig8.com/articles/64-open-source/146-pfsense-multi-wan-update