Same public IP adresse with Multi Wan & load balancing + Squid
-
Hi,
To begin thks for your reply :)
At the moment I think forget the failover protocole, and firstly work only on the load balancing. (I will disable failover).
For load balancing I have already put both WAN one the tier 1.So what do I have to do for that it works ?
Even if I have only this firewall rule :
Proto : any / Source : LAN net / Port : any / Dest. : any / Port : any / Gateway : LoadBalancingI always have the public IP of my "default" gateway ..?
An another think :
I must configure external access with this configuration : INTERNET > Modem > Pfsense > Host (RDP for exemple).- When I set :
Modem : In : any - 9898 | out Pfsence_WAN_IP 9899
Pfsense : In : any - 9899 | out Host_IP 3389
Doesn't work ! - When I set :
Modem : In : any - 9898 | out Pfsence_WAN_IP 3389
Pfsense : In : any - ANY | out Host_IP 3389
It's work !
Why I can't set a source port ?
Example, if I have 2 hosts on my LAN interface which work on the same port, how can I do to that :
When I come on the port 1098 > I want go on THIS host with port 3389
and
When I come on the port 1099 > I want go on THIS SECOND host with port 3389Thanks
- When I set :
-
So what do I have to do for that it works ?
Even if I have only this firewall rule :
Proto : any / Source : LAN net / Port : any / Dest. : any / Port : any / Gateway : LoadBalancingI always have the public IP of my "default" gateway ..?
What you describe should work. So post screen shots of the Gateway Group settings, LAN rules.
Are you running a proxy server (like Squid)? That will grab the client traffic and then effectively bypass the policy-routing rules.
-
Thks for replying
I have a proxy server install on Pfsense, but I think it's turned off. I will check this.
But I will use squid for cache usage ..
Anyone for my second problem ?
What am I missing?
As I said, if I give the port source I'm enable to establish the connection..
In that case how make the difference between two hosts with the same port range ? -
So what do I have to do for that it works ?
Even if I have only this firewall rule :
Proto : any / Source : LAN net / Port : any / Dest. : any / Port : any / Gateway : LoadBalancingI always have the public IP of my "default" gateway ..?
What you describe should work. So post screen shots of the Gateway Group settings, LAN rules.
Are you running a proxy server (like Squid)? That will grab the client traffic and then effectively bypass the policy-routing rules.
YEAH MAN ! It's work Thanks !!!!
I effectively disable squid and it's work fine …
I will see on internet how to make them work together. -
An another think :
I must configure external access with this configuration : INTERNET > Modem > Pfsense > Host (RDP for exemple).- When I set :
Modem : In : any - 9898 | out Pfsence_WAN_IP 9899
Pfsense : In : any - 9899 | out Host_IP 3389
Doesn't work ! - When I set :
Modem : In : any - 9898 | out Pfsence_WAN_IP 3389
Pfsense : In : any - ANY | out Host_IP 3389
It's work !
Why I can't set a source port ?
Example, if I have 2 hosts on my LAN interface which work on the same port, how can I do to that :
When I come on the port 1098 > I want go on THIS host with port 3389
and
When I come on the port 1099 > I want go on THIS SECOND host with port 3389Thanks
If anyone can help me on this problem ?
Thanks - When I set :
-
Help with what? You told us right above that it works fine now without Squid just minute ago…
-
***First problem : Same public IP with multi WAN
I was a bug with squid.
So I disable it and it works fine, but I must use Squid … So I make some search and I found that :- System / advanced / Miscellaneous / Enable : default gateway switching
- on the proxy server (Squid3 (squid 2.X not work for me ... no internet access with transparent mode)) :
Tabs : General / Custom settings, I added :
acl loadbalance random 0.5;
tcp_outgoing_address WAN1 load balance;
tcp_outgoing_address WAN2;
After that Squid3 (transparent mode) + Load balancing works great BUT, because there is a but :P , I can't contact the GUI of my modem ..
(Without squid3, I can contact the GUI).If anyone can help ?? :)
***Second problem : I can set a source port for a NAT rules
I juste see a new release of pfsense this morning : 2.2.1
Among corrections, there are :
Bug #4238: Firewall rule: source port display issueSo, I will see if this work now (after my meeting) ^^
-
So I disable it and it works fine, but I must use Squid
Yeah, you must use Squid to make your life miserable. Good luck. (Perhaps edit the subject of this thread to include Squid in it.)
-
What do you know about that uh ?!
Nothing, so shut your mouth – We will use squid for the cache, thanks for your contribution ;)Good luck for just have a life ::)
-
What do you know about that uh ?!
Looking at this forum, I know enough about it to conclude that installing pointless "caching" proxies that will get some 3-5% hitrate if you are really lucky and break things left and right on the way makes absolutely no sense unless you are on a slooooooooow WAN.
-
What do you know about that uh ?!
Looking at this forum, I know enough about it to conclude that installing pointless "caching" proxies that will get some 3-5% hitrate if you are really lucky and break things left and right on the way makes absolutely no sense unless you are on a slooooooooow WAN.
As I said before, I work for a little company. So we have maybe 30 computers. When there are some Windows Update, the bandwidth is saturated …
It's not ESSENTIAL, but IT'S can be PROFITABLE ...Here is a screenshot of the problem
WAN1 : 192.168.0.91 -> Gateway 192.168.0.254 <-- This is where I have the GUI that I want to go
WAN2 : 192.168.1.91 -> Gateway 192.168.1.254
 -
before, I work for a little company. So we have maybe 30 computers. When there are some Windows Update, the bandwidth is saturated …
You should run WSUS server on your LAN. Not Squid. Managing hotfixes manually on 30 computers? WTF. (Beyond that, last time I checked here, proxying Windows Update did not even work for the people who were trying it, just search the forum.)
-
I don't know between
2 modems > load balancer Duolinks SW24 | Pfsense | LAN
or
2 modems > 1 Pfsense for load balancing | 2nd Pfsense for Squid + others | LANLittle bit tired by that :(