PfSense 2.1 Floating rules for Multi Wan doesn't work.

basitkhan

I downloaded the lib modules for squid 3.3.8 from the following link

http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/

please let me know that the acl random method solve the issue? and if the one Wan goes down what will happen then?
it will send all the traffic to valid interface or it will still keep sending the packets to failed wan also?

need clarification on this.

Thanks

Reiner030

Hi,

@Basit:

I downloaded the lib modules for squid 3.3.8 from the following link

http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/

please let me know that the acl random method solve the issue? and if the one Wan goes down what will happen then?
it will send all the traffic to valid interface or it will still keep sending the packets to failed wan also?

need clarification on this.

Thanks

Its for us not an urgent task to use loadbalanced proxy and I had problems to getting SQuidGuard+SQuid3-dev both run.
So I downgraded to stable SQuid and we use the fibre line as normal (with youtube bound to this wan ip).
If the gateway failover then only non-youtube video content can be loaded.

I used the i386 one on an Soekris appliance http://e-sac.siteseguro.ws/pfsense/8/All/ldd/ added like here described:
http://forum.pfsense.org/index.php/topic,62256.msg373587.html#msg373587

… ah just updated.... updates fetched... I must see If I had time for testing it out next weeks when less work is to do.

Bests

hyrol

Finally, after a long time trying pfSense Squid Package + Multi Wan and I have managed to find its way in a deadlock.
pfSense 2.1 Squid Package + Multi Wan, no longer using the Floating Rules, but using the Interface Groups.
Good Luck Everyone.

![Interface Groups.jpg](/public/imported_attachments/1/Interface Groups.jpg)
![Interface Groups.jpg_thumb](/public/imported_attachments/1/Interface Groups.jpg_thumb)
![Proxy Server.jpg](/public/imported_attachments/1/Proxy Server.jpg)
![Proxy Server.jpg_thumb](/public/imported_attachments/1/Proxy Server.jpg_thumb)
![Internet Rules.jpg](/public/imported_attachments/1/Internet Rules.jpg)
![Internet Rules.jpg_thumb](/public/imported_attachments/1/Internet Rules.jpg_thumb)
![Floating Rules.jpg](/public/imported_attachments/1/Floating Rules.jpg)
![Floating Rules.jpg_thumb](/public/imported_attachments/1/Floating Rules.jpg_thumb)

niebla

Thanks, and congratulations!

What version of squid and squidguard are you using?

Please send a screenshot of your system->routing screen showing your default route.

hyrol

Still configure the same as pfSense 2.0.3 Squid Package Multi Wan, only changes to the Floating Rules to Interface Group.

![Lan Rules.jpg_thumb](/public/imported_attachments/1/Lan Rules.jpg_thumb)
![Lan Rules.jpg](/public/imported_attachments/1/Lan Rules.jpg)
Groups.jpg_thumb

Gateways.jpg_thumb

SaFi

@hyrol
Thank you ..
I wondering what's squid version you talking about 2.7 or 3.8 or it doesn't matter?
secondly where you use interface named "internet" I saw it has no rules, will you be more detailed

regards
SaFi

hyrol

Under the Menu=> Interface, you can see Interface Group.

Interface.jpg_thumb

niebla

Created the interface group. Squid uses the default gateway only with 2.1.

hyrol

@SaFi:

@hyrol
Thank you ..
I wondering what's squid version you talking about 2.7 or 3.8 or it doesn't matter?
secondly where you use interface named "internet" I saw it has no rules, will you be more detailed

regards
SaFi

Im try for squid 2.7, you can try for squid 3.8 you can tell me later for the result.
If you expert configure for inbound/outbound for WANs under Interface Group.. Actually that use for WANs rules not for LANs rules.

niebla

The problem is squid is using the default route and does not care about interface groups. What am I missing?

hyrol

Actually this is not Load-Balance Round Robin, this is Load-Balance Bandwith Agreggation and you can see all the WANs its working.
It is worth it from nothing.

Load-Balance.jpg_thumb

niebla

How does Squid know to use the interface group instead of the default gateway?

hyrol

I do not know how Squid works, most importantly it works. ;)

niebla

Squid works with multi-wan on 2.0.3 by using floating rules. Users have reported that it is not working with 2.1 with multi-wan even when using floating rules.

Many users are looking for a way to use multi-wan and squid using 2.1.

When this is solved many of us who have squid and multi wan will be able to use 2.1, and be grateful to the person who provides the solution.

basitkhan

@hyrol:

Finally, after a long time trying pfSense Squid Package + Multi Wan and I have managed to find its way in a deadlock.
pfSense 2.1 Squid Package + Multi Wan, no longer using the Floating Rules, but using the Interface Groups.
Good Luck Everyone.

I have followed the same steps but all in vain,
squid still uses only default gateway :( does not work with Interface Group

still waiting to fix it…

hyrol

If you check whatmyip you can see only default WAN, but you can see all the WANs work together.

Note: This Load-Balance Bandwith Agreggation not Load-Balance Round Robin.

niebla

My tests show that squid is only using the default gateway. I understand and have the interface group. It can be used by rules but is not being used by squid, which has a large majority of our traffic.

hyrol

pfSense 2.1.1 soon be out, hoping the problem will be solved.

afrugone

I'm not sure if 2.1.1 wil fix something abaout this, JIMP answer that they don't now the problem, https://forum.pfsense.org/index.php/topic,71546.msg391065.html#msg391065, perhaps any you that have a better understanding than me about this problem can add bug ticket.

SaFi

I don't think it's an issue or bug in pfsense 2.1 multi-wans and proxy (squid), but it's seems that there is a mess-configuration in squid to does not use multi-wan and still sticking using default gateway.

http://wiki.squid-cache.org/SquidFaq/NetworkOptimizations