PfSense 2.1 Floating rules for Multi Wan doesn't work.

Ekrem

some problem…i cant fix it...much people wait fix that...in my country...

hyrol

maybe squid proxy not compatible for pfsense 2.1.

doktornotor

Not sure what's the "me too" stuff about. If you are creating the broken rule without "quick" checkbox, it will not ever apply, as noted by cmb.

craibo

Hi doktornotor, hyrol

I understand from the thread that the rule was working due to a "bug" prior to 2.1, however is there another way to get Squid to use a Multi WAN Loadbalancing gateway?
The rule may have been a bug but it was a great help!!

Kind Regards and thanks in advance

P.S hyrol thank you for your Squid with Load balancing solution it has worked brilliantly for me prior to upgrading.

doktornotor

Which part of "you must tick the quick checkbox" for the rule to have any effect is unclear?

craibo

That does not fix the problem of the load balancing. Does the same as if it wasn't checked…

miami71it

scusa non capisco provo a postarti le cose che ho fatto

alias : host(s) e poi sotto ho aggiunto www.speedtest.net
ruels : Pass - LAN - IMCP - any - 192.168.0.15 - speedtest.net - GTWOPT1

la regola l'ho messa anche in varie posizioni ma non va se vado su speedtest mi mostra l'ip della WAN e non della OPT1 e funziona se spendo la WAN mi va in failover e solo in quel caso va in OPT1

ma la mia domanda era oltre a fare la regola su ruels devo fare qualcosa su out/nat ecc ecc?

doktornotor

Uh, English please!

hyrol

I have been using another method "Use sticky connections", but not Load Balacing i want, it is just temporary use.


technical

i stuck that problem to 2.1

squid - (wpad configured) - loadbalance not working.

gautham1435

Hi..

I've done extensive tests on pfSense 2.1 with multiwan load balancing, squid and squidguard. I've followed the same configuration which was working on pfSense 2.0.3 (with floating rules, manual NAT, tcp_outgoing_traffic 127.0.0.1 custom option, etc.,).

But now in 2.1 load balancing is not working with squid, it only uses the default gateway.
Failover is working with squid.

Load balancing and failover mutiwan works perfectly fine without squid.

Is there any specific configuration required for making squid use the load balancing feature and in 2.1 version.

Please help!!

fisi91

I've got the same problem with squid and multiWAN since Upgrade to 2.1…
Only WAN(1) default WAN is used by squid, not WAN2 + WAN3 into Gateway-Group on Same
Tier1.

klazoid

I didn't have a two-WAN setup prior to 2.1.
Now I have two WAN and I tried to setup one using the pdf from Dimitri S.
Like others already mentioned, only the default gateway is used.
From the moment I define floating rules (the solution in 2.x), all hell brakes lose and connections time-out.
Without floating rules, default gateway is used.

WAN 1 = DHCP
WAN 2 = local ip of ISP router as gateway with FULL NAT to pfSense

Squid isn't transparant and listens to port 8080.

I'm now even in a situation where my https filter got broken :(
Blame me for not taking a snapshot prior to this change.

This guy is having the same problems: http://forum.pfsense.org/index.php/topic,67215.0.html

On top of this, I noticed that when running squid (2.7 and 3), the multi-wan environment seems to not work. Even after trying the well written guides on the forum. As an example, without squid, I can get speedtest results that reflect wan1 + wan2 + wan3. With squid enabled, I just get a speedtest result of wan1 (the default gateway). And if wan1 is switched off, internet access dies with it.

Is there someone with a working loadbalance setup on 2.1?

klazoid

I did a totally clean setup last Saturday when I left the office. When I came back on Monday, I saw +5GB traffic on the traffic summary of both interfaces. I opened the traffic graphs and saw traffic on both interfaces. Not sure why it suddenly worked. No floating rules, no custom options on squid, default allow –> gateway, sticky connections and switch gateway is on.

gautham1435

Hi klazoid,

I think some other service/application/browser must have used the bandwidth without proxy..

ruggero

i think i have a solution :
instead of squid use squid3_dev .

in custom options :
"
acl venticinque random 1/4
acl settantacinquediv2 random 0.5

tcp_outgoing_address 192.168.4.1 venticinque

tcp_outgoing_address 192.168.3.1  settantacinquediv2

tcp_outgoing_address 192.168.2.1

"

i have three wan with different speed so i try to balance the throughput with different weigth

gautham1435

Hi Ruggero,

Can you write this in clear steps..

Thanks in advance..

ruggero

first install squid3-dev  from available packages.

++++++in this way you can use configuration directive acl random .
from squid doc :
changes in 3.2 acl : random

New type random. Pseudo-randomly match requests based on a configured probability .

now you can do all the configuration you need for multiwan in Custom options - Custom setting of proxy server.

in my situation ( 3 wan ) :

"
acl venticinque random 1/4
acl settantacinquediv2 random 0.5

tcp_outgoing_address 192.168.4.254 venticinque

tcp_outgoing_address 192.168.3.254  settantacinquediv2

tcp_outgoing_address 192.168.2.254

"

192.168.4.254 = ipv4 address wan 1
192.168.3.254 = ipv4 address wan 2
192.168.2.254 = ipv4 address wan 3

random 1/4 = 25 % = wan1 25% of traffic
random 0.5 = (100-25)/2 = wan2 37,5 % of traffic
else = wan3 37,5 % of traffic

i do this because my 3 wan are not equal.

in case of 2 wan :

"
acl cinquanta random 0.5

tcp_outgoing_address 192.168.4.254 cinquanta

tcp_outgoing_address 192.168.2.254

"

you do not need extra rule on firewall ( floating rule ) .
Also it bypass gateway groups.

hyrol

Squid3 not stable, i try install i check in services, always stop services, how about when i have PPPoE Multi-WAN dynamic IP. Can u screen capture in Custom options.

ruggero

squid3 need lib update.
check  squid 3.3.4 package for pfsense with ssl filtering