Pfsense 2.1.x, Squid3 and MultiWAN no working status???

pukkita

Hi,

I noticed squid only uses default gateway on pfsense 2.1.x multi-wan setups.

This is mentioned in the wiki, pointing to the forum for solutions; I have searched high and low but haven't found any fix for this.

Is this scheduled to be fixed? there is no workaround?

ataru75

+1

Trisky

+2 :P

mohamed hafez

+3 :o

edosselio

+4 ;D

timthetortoise

For pure failover, here is a workaround that restarts squid on a WAN failover event. I actually had one ISP down this morning when I got in to the office, and none of my users had any idea anything was wrong. Apparently it works great.

georgio777

@pukkita:

Hi,

I noticed squid only uses default gateway on pfsense 2.1.x multi-wan setups.

This is mentioned in the wiki, pointing to the forum for solutions; I have searched high and low but haven't found any fix for this.

Is this scheduled to be fixed? there is no workaround?

Although it is not scheduled to be fixed, it has already been proposed in Redmine here: https://redmine.pfsense.org/issues/1411

We just need to wait until it is implemented.

Regarding the workarounds, the only workaround found so far is this one: https://forum.pfsense.org/index.php?topic=66822.msg374832#msg374832

However, you must have static WAN IPs for the gateways that you want to "load balance".

rubic

@georgio777:

Although it is not scheduled to be fixed, it has already been proposed in Redmine here: https://redmine.pfsense.org/issues/1411

Because of FreeBSD routing table realization there is no way to have pfSense 'gateway group abstraction' as default gateway. There may be only one default gateway IP in the end. So thing proposed is just another way to do 'default gateway switching'. No load balancing here.
There was few lines of pf.c patched code that made Sguid multi wan 'tcp_outgoing_address 127.0.0.1' working in 1.2.3. Something like:
if outgoing packet leaves the system on a wrong interface

1. undo nat
2. kill state
3. force re-routing (output on the right interface)
   Now only 'undo nat' remain. I think the devs had a good reason to do so.  May be because the states processing slightly changed. Nobody knows but ermal

Ekrem

2.1.3 working better much…

timthetortoise

Can anyone else confirm 2.1.3 is working properly for multi-WAN/failover?

georgio777

@timthetortoise:

Can anyone else confirm 2.1.3 is working properly for multi-WAN/failover?

I tried according to the Ekrem's topic here: https://forum.pfsense.org/index.php?topic=76467.0 (is in Turkish) without any success. As my concern still no solution at 2.1.3.

marian78

Hi,  im new to PFS. If there is prolem with multiwan LB,  can i use one PFSense box for multiwan load balance and next second PFSense box for other things (like squid, snort, …)?

georgio777

@marian78:

Hi,  im new to PFS. If there is prolem with multiwan LB,  can i use one PFSense box for multiwan load balance and next second PFSense box for other things (like squid, snort, …)?

There isn't any problem with MultiWAN Load Balancing, the only constraint mentioned in this thread is that services running in a pfSense box only route to the default gateway, being unable to load balance, however outside the box, such LAN devices, it is working fine.

Regarding using a second pfSense Box to run services while the first box load balancing, it is possible and a good solution.

marian78

ok, some time is gone, i read many posts, but i cant find, if it still not work. Can you direct me to solution, if there any (pfsense v2.1.5 i386 + squid3-dev + qlproxy + snort)? Thx

edosselio

This seems to work with the last 2.2 snapshot.  :) :)

ffp

hi guys
I have pfsense 2.1.5 + load balance with 2 wans fixed ip + squid (not working correct)

I tried everything I found on this forum, but no success!

Curiosity … the closest I got was disabling the firewall rules loadbalance and yet balanciamento in fail over worked.

Much need of a solution.
:-\  :(

daniel.cabral

Hey man! Can you explain better the procedure on pf 2.2? I'm exausted all possibilities with 2.1.3 and 2.1.5 and go back to 2.0.x is not an option atm.
Failover works, but LB not. Without squid, it works like a charm.

Beta versions on productions machines always are a risk to us, but if someone can say it's working… :P

azekiel

not working for me either, searching for a solution!

enphor

I'm a new pfsense home user and have been trying to figure out a way to have squid route outbound over an Openvpn client connection to an anonymized vpn service, while the rest of port 80/443 traffic is handled over the regular default route.

At first I was hopeful that I could use setfib to have squid use an alternate routing table, but pfsense wasn't compiled with the necessary options.

I'm on a 2.2 snapshot running Squid 2.x. I may try the v3 dev package and give the recommendation to use the tcp_outgoing_address directive next.

I suppose multiple routing tables and the option to use setfib on a per service basis for services running on pfsense would be a cool thing to do in the future. Would this and other situations where you have services running on pfsense and wish to have a custom route for each of them. I'm a noob, so there may be better ways….

whitexp

any solution ?