Same public IP adresse with Multi Wan & load balancing + Squid
-
LoadBalancing : tier1 WAN1 + tier2 WAN2
For Load Balancing you have to put both WAN on the same tier (use tier 1).
Also, when you want to use failover, the names of your failover gateway groups look swapped to me - tier 1 is the highest priority, so "tier1 WAN1 + tier2 WAN2" I would call WAN1-failover-to-WAN2.
And then of course you need to make rules that do something useful - having a Load Balancing rule that matches all traffic means that those other rules for failover never match any traffic. If you want some traffic to load balance and some to failover in different ways you need to make your ruleset match the needed traffic for each requirement and send to the appropriate gateway group.
-
Hi,
To begin thks for your reply :)
At the moment I think forget the failover protocole, and firstly work only on the load balancing. (I will disable failover).
For load balancing I have already put both WAN one the tier 1.So what do I have to do for that it works ?
Even if I have only this firewall rule :
Proto : any / Source : LAN net / Port : any / Dest. : any / Port : any / Gateway : LoadBalancingI always have the public IP of my "default" gateway ..?
An another think :
I must configure external access with this configuration : INTERNET > Modem > Pfsense > Host (RDP for exemple).- When I set :
Modem : In : any - 9898 | out Pfsence_WAN_IP 9899
Pfsense : In : any - 9899 | out Host_IP 3389
Doesn't work ! - When I set :
Modem : In : any - 9898 | out Pfsence_WAN_IP 3389
Pfsense : In : any - ANY | out Host_IP 3389
It's work !
Why I can't set a source port ?
Example, if I have 2 hosts on my LAN interface which work on the same port, how can I do to that :
When I come on the port 1098 > I want go on THIS host with port 3389
and
When I come on the port 1099 > I want go on THIS SECOND host with port 3389Thanks
- When I set :
-
So what do I have to do for that it works ?
Even if I have only this firewall rule :
Proto : any / Source : LAN net / Port : any / Dest. : any / Port : any / Gateway : LoadBalancingI always have the public IP of my "default" gateway ..?
What you describe should work. So post screen shots of the Gateway Group settings, LAN rules.
Are you running a proxy server (like Squid)? That will grab the client traffic and then effectively bypass the policy-routing rules.
-
Thks for replying
I have a proxy server install on Pfsense, but I think it's turned off. I will check this.
But I will use squid for cache usage ..
Anyone for my second problem ?
What am I missing?
As I said, if I give the port source I'm enable to establish the connection..
In that case how make the difference between two hosts with the same port range ? -
So what do I have to do for that it works ?
Even if I have only this firewall rule :
Proto : any / Source : LAN net / Port : any / Dest. : any / Port : any / Gateway : LoadBalancingI always have the public IP of my "default" gateway ..?
What you describe should work. So post screen shots of the Gateway Group settings, LAN rules.
Are you running a proxy server (like Squid)? That will grab the client traffic and then effectively bypass the policy-routing rules.
YEAH MAN ! It's work Thanks !!!!
I effectively disable squid and it's work fine …
I will see on internet how to make them work together. -
An another think :
I must configure external access with this configuration : INTERNET > Modem > Pfsense > Host (RDP for exemple).- When I set :
Modem : In : any - 9898 | out Pfsence_WAN_IP 9899
Pfsense : In : any - 9899 | out Host_IP 3389
Doesn't work ! - When I set :
Modem : In : any - 9898 | out Pfsence_WAN_IP 3389
Pfsense : In : any - ANY | out Host_IP 3389
It's work !
Why I can't set a source port ?
Example, if I have 2 hosts on my LAN interface which work on the same port, how can I do to that :
When I come on the port 1098 > I want go on THIS host with port 3389
and
When I come on the port 1099 > I want go on THIS SECOND host with port 3389Thanks
If anyone can help me on this problem ?
Thanks - When I set :
-
Help with what? You told us right above that it works fine now without Squid just minute ago…
-
***First problem : Same public IP with multi WAN
I was a bug with squid.
So I disable it and it works fine, but I must use Squid … So I make some search and I found that :- System / advanced / Miscellaneous / Enable : default gateway switching
- on the proxy server (Squid3 (squid 2.X not work for me ... no internet access with transparent mode)) :
Tabs : General / Custom settings, I added :
acl loadbalance random 0.5;
tcp_outgoing_address WAN1 load balance;
tcp_outgoing_address WAN2;
After that Squid3 (transparent mode) + Load balancing works great BUT, because there is a but :P , I can't contact the GUI of my modem ..
(Without squid3, I can contact the GUI).If anyone can help ?? :)
***Second problem : I can set a source port for a NAT rules
I juste see a new release of pfsense this morning : 2.2.1
Among corrections, there are :
Bug #4238: Firewall rule: source port display issueSo, I will see if this work now (after my meeting) ^^
-
So I disable it and it works fine, but I must use Squid
Yeah, you must use Squid to make your life miserable. Good luck. (Perhaps edit the subject of this thread to include Squid in it.)
-
What do you know about that uh ?!
Nothing, so shut your mouth – We will use squid for the cache, thanks for your contribution ;)Good luck for just have a life ::)
-
What do you know about that uh ?!
Looking at this forum, I know enough about it to conclude that installing pointless "caching" proxies that will get some 3-5% hitrate if you are really lucky and break things left and right on the way makes absolutely no sense unless you are on a slooooooooow WAN.
-
What do you know about that uh ?!
Looking at this forum, I know enough about it to conclude that installing pointless "caching" proxies that will get some 3-5% hitrate if you are really lucky and break things left and right on the way makes absolutely no sense unless you are on a slooooooooow WAN.
As I said before, I work for a little company. So we have maybe 30 computers. When there are some Windows Update, the bandwidth is saturated …
It's not ESSENTIAL, but IT'S can be PROFITABLE ...Here is a screenshot of the problem
WAN1 : 192.168.0.91 -> Gateway 192.168.0.254 <-- This is where I have the GUI that I want to go
WAN2 : 192.168.1.91 -> Gateway 192.168.1.254
 -
before, I work for a little company. So we have maybe 30 computers. When there are some Windows Update, the bandwidth is saturated …
You should run WSUS server on your LAN. Not Squid. Managing hotfixes manually on 30 computers? WTF. (Beyond that, last time I checked here, proxying Windows Update did not even work for the people who were trying it, just search the forum.)
-
I don't know between
2 modems > load balancer Duolinks SW24 | Pfsense | LAN
or
2 modems > 1 Pfsense for load balancing | 2nd Pfsense for Squid + others | LANLittle bit tired by that :(