New HOWTO: pfSense Squid Web Proxy with multi-WAN links (it works!)
-
Hi Dimitris,
Thanks for the post, I have been working with this one for almost a month now but i still can't get it right for the pfsense multi-wan with squid. But I have tried your configuration with-out squid, it works perfectly fine..
Can you explain in much more detail about your post and what is the use of each..
like for example
the use of floating rules. (Why have floating rules added?)
why change NAT outbound to Manual?
why add loopback?and others..
thanks!
-
Hello!
I did this configuration and it works!
But when I create a NAT rule to forward a port of WAN1 to a desktop on the LAN, it simply dont work!I attach screen of the NAT rule and a tcpdump of the port when I try to connect from the outside.
Can anyone help me?
 -
Hi,
Can someone guide me how to fix my issue with mutli wan switching with proxy. Though the floating rules are applied the switching is not working on web browser. Please find the details in my post at the below URL
http://forum.pfsense.org/index.php/topic,57606.0.html
Thanks
-
Hello guys.
Lately I was searching for answers on how to make squid/lusca run on load balance smoothly.
I have seen DmitriS post and I was convince that it was the solution that I have been searching for.
Anyways I would also like to share a simple way of managing ports in groups by using aliases
-
I'm having concerns with DimitriS's tutorial regarding the NAT Outbound part: is it safe (and not too cumbersome) to switch to a manual (Manual Outbound NAT rule generation / AON - Advanced Outbound NAT) setting ?
I'm actually using Automatic outbound NAT rule generation on my setup which is the following:
,–---{WAN0 interface}–[ ISP0's Modem ]
/ ,–{WAN1 interface}–[ ISP1's Modem ]
[ LAN switch ]–-{LAN interface}–-[ pfSense ]
\–{_WAN2_ interface}–[ ISP2's Modem ]–---{WAN3 interface}–[ ISP3's Modem ]I have a load balacing over each WAN0-3 with a Gateway group named GW_LoadBalancing that is used in the following Firewall rule:
| ID | Proto | Source | Port | Destination | Port | Gateway | Queue | Schedule |
| | * | LAN net | * | * | * | GW_LoadBalancing | none | |No servers are housed behind pfSense, appart the IPSec and PPTP VPNs (served by pfSense itself).
Edit: I've tried the "Manual Outbound NAT" setting with advised floating firewall rule and NAT rules: no luck (any proxied request always goes through the same WAN connection) :-/
-
Hello
I am very glad to use this manual: http://securite-ti.com/pfSense_Web_Proxy_with_multi-WAN_links.pdf
But I spent several hour trying to figure out this error at Squid Proxy response: "invalid request"So, I have just unchecked "loopback" option inside "Proxy Server" configurations and every thing works as indeed.
Thank you!
-
http://forum.pfsense.org/index.php/topic,59605.0.html
-
Hi !
I have 2.0.2 version dual wan with load balancing
Policy-based-route are working great
With squid thinks goes bad
I want Client_1 to pass out from Opt1
I have these confs, but they don't workLAN: 192.168.0.0/24
WAN1: 89.X.X.X
OPT1: 82.X.X.Xacl Client_1 src 192.168.0.2
tcp_outgoing_address 82.X.X.X Client_1
tcp_outgoing_address 127.0.0.1What i'm missing ?
Thank you !
-
put a subnet mask for Client_1.
example:
acl Client_1 src 192.168.0.2/24 -
Need some help on this.
I followed the instruction in the pdf file but have the following problem:If I blind squid to both LAN and loopback - None of the client can access the web (all get invalid URL error from squid)
If I blind squid to LAN only - None of the client can access the web when pfsense fail over to WAN2. At WAN1, all web access are fine.
If I only blind squid to loopback - All client are fine but they all bypassed squid.
I think I must be missing some squid configuration. Can someone please point me to the right direction?
Thanks
-
try in this step
http://forum.pfsense.org/index.php/topic,60977.0.html