Squid with Lan1 > Wan1, Lan 2 > Wan2

coemgen29

@rbt:

It's working on 2.0.3, dual Wan (no failover, no load balancing).

Primary Lan goes through first Wan, other Lans use second Wan interface.
Squid (2.7.9 pkg v.4.3.3) and Squidguard (1.4_4 pkg v.1.9.5) packages installed.

How did you?
Just with squid custom options acl and tcp_outgoing_address?

Edit : I'm using Squid3 (3.1.20 pkg 2.0.6), i will try to downgrade

rbt

@coemgen29:

How did you?
Just with squid custom options acl and tcp_outgoing_address?

Yes, just as @rubic suggested.

@coemgen29:

Edit : I'm using Squid3 (3.1.20 pkg 2.0.6), i will try to downgrade

I'm running pfsense on virtual machine, so I'll make a snapshot and try to upgrade pfsense to 2.1 and after that squid to 3.x.

coemgen29

Downgraded to squid 2.7.9 pkg v.4.3.3,
it still not work  :( Squid always use default gateway

coemgen29

My Wan1 interface ip is : 10.0.0.100 (default gateway)
My Wan2 interface ip is : 192.168.1.100

Even if i just set "tcp_outgoing_address 192.168.1.100;", squid use default gateway only (10.0.0.100).

There is maybe a outgoing rule to add?

coemgen29

Nobody has an idea to make policy routing with Squid?  :-[

rubic

Just tested on 2.1.1-PRERELEASE/Squid 2.7.9. It's working.
Uncheck 'Disable X-Forward' and 'Disable VIA' on 'Proxy server: General settings', then open http://all-nettools.com/toolbox/proxy-test.php to make sure traffic not bypass squid for some reason.
The result must be: "Proxy server detected", "You came from…", "You came via..."

coemgen29

@rubic:

Just tested on 2.1.1-PRERELEASE/Squid 2.7.9. It's working.
Uncheck 'Disable X-Forward' and 'Disable VIA' on 'Proxy server: General settings', then open http://all-nettools.com/toolbox/proxy-test.php to make sure traffic not bypass squid for some reason.
The result must be: "Proxy server detected", "You came from…", "You came via..."

"Disable X-Forward" and "Disable VIA" are already unchecked (default). Obviously it's don't work.

Here is the results :

You came from 172.16.0.2(172.16.0.2)
You came via 1.1 xxxx:3128 (squid/2.7.STABLE9)
Remote address 82.x.x.x.x (WAN1 Public IP)
Remote host 82.x.x.x (WAN1 Public IP)

Remote addresses should be 109.x.x.x (WAN2 Public IP)

rubic

@coemgen29:

My Wan1 interface ip is : 10.0.0.100 (default gateway)
My Wan2 interface ip is : 192.168.1.100

The problem may be that you have the same ip subnet on different interfaces (WAN2, LAN1). Do you?

coemgen29

@rubic:

@coemgen29:

My Wan1 interface ip is : 10.0.0.100 (default gateway)
My Wan2 interface ip is : 192.168.1.100

The problem may be that you have the same ip subnet on different interfaces (WAN2, LAN1). Do you?

In fact, My LAN1 subnet is : 192.168.100.0/24, i put 192.168.1.0 in the scheme for example,
my apologies!

So i have :
WAN1 : 10.0.0.100
WAN2 : 192.168.1.100
LAN1 : 192.168.100.1/24
LAN2 : 172.16.0.1/16

Gateways :
GW1 : 10.0.0.200 (default)
GW2 : 192.168.1.200

Squid custom options :
acl LAN1 src 192.168.100.0/24;
acl LAN2 src 172.16.0.0/16;
tcp_outgoing_address 10.0.0.100 LAN1;
tcp_outgoing_address 192.168.1.100 LAN2;

"Disable X-Forward" and "Disable VIA" unchecked

If i do a tracert, everything is ok, LAN2 go out via WAN2.
If i check my public ip from LAN2 via website, it shows the WAN1 public IP instead of the WAN2.

rubic

Sorry, I ran out of ideas. It just must be working. If you will share your config backup (with all the sensitive data deleted), I'll try to help you.

coemgen29

Ok, i will go back to Factory defaults, note what i setup and then send my config file (if it does not work!)
Thanks for ur help anyway

coemgen29

Well, i made a factory reset and discovered my problem: i had a static route in 192.168.0.0/16 to a VPN Gateway. (so wan2 was in this static route! 192.168.1.100/24).

Deleted this static route and now, everything works like a charm  :)
Thanks for your help

Topic SOLVED

A Former User

how could i work around the problem, that my wan-ip changes every 24h?