Same public IP adresse with Multi Wan & load balancing + Squid

goodspeed_11

Thks for replying

I have a proxy server install on Pfsense, but I think it's turned off. I will check this.
But I will use squid for cache usage ..

---

Anyone for my second problem ?
What am I missing?
As I said, if I give the port source I'm enable to establish the connection..
In that case how make the difference between two hosts with the same port range ?

goodspeed_11

@phil.davis:

So what do I have to do for that it works ?
Even if I have only this firewall rule :
Proto : any / Source : LAN net / Port : any / Dest. : any / Port : any / Gateway : LoadBalancing

I always have the public IP of my "default" gateway ..?

What you describe should work. So post screen shots of the Gateway Group settings, LAN rules.

Are you running a proxy server (like Squid)? That will grab the client traffic and then effectively bypass the policy-routing rules.

YEAH MAN ! It's work Thanks !!!!
I effectively disable squid and it's work fine …
I will see on internet how to make them work together.

goodspeed_11

@goodspeed_11:

---

An another think :
I must configure external access with this configuration : INTERNET > Modem > Pfsense > Host (RDP for exemple).

• When I set :
  Modem : In : any - 9898 | out Pfsence_WAN_IP 9899
  Pfsense : In : any - 9899 | out Host_IP 3389
  Doesn't work !
• When I set :
  Modem : In : any - 9898 | out Pfsence_WAN_IP 3389
  Pfsense : In : any - ANY | out Host_IP 3389
  It's work !

Why I can't set a source port ?
Example, if I have 2 hosts on my LAN interface which work on the same port, how can I do to that :
When I come on the port 1098 > I want go on THIS host with port 3389
and
When I come on the port 1099 > I want go on THIS SECOND host with port 3389

Thanks

If anyone can help me on this problem ?
Thanks

doktornotor

Help with what? You told us right above that it works fine now without Squid just minute ago…

goodspeed_11

***First problem : Same public IP with multi WAN

I was a bug with squid.
So I disable it and it works fine, but I must use Squid … So I make some search and I found that :

• System / advanced / Miscellaneous / Enable : default gateway switching
• on the proxy server (Squid3 (squid 2.X not work for me ... no internet access with transparent mode)) :
  Tabs : General  / Custom settings, I added :
  acl loadbalance random 0.5;
  tcp_outgoing_address WAN1 load balance;
  tcp_outgoing_address WAN2;

After that Squid3 (transparent mode) + Load balancing works great BUT, because there is a but  :P , I can't contact the GUI of my modem ..
(Without squid3, I can contact the GUI).

If anyone can help ??  :)

***Second problem : I can set a source port for a NAT rules

I juste see a new release of pfsense this morning : 2.2.1
Among corrections, there are :
Bug #4238: Firewall rule: source port display issue

So, I will see if this work now (after my meeting) ^^

doktornotor

@goodspeed_11:

So I disable it and it works fine, but I must use Squid

Yeah, you must use Squid to make your life miserable. Good luck. (Perhaps edit the subject of this thread to include Squid in it.)

goodspeed_11

What do you know about that uh ?!
Nothing, so shut your mouth – We will use squid for the cache, thanks for your contribution  ;)

Good luck for just have a life  ::)

doktornotor

@goodspeed_11:

What do you know about that uh ?!

Looking at this forum, I know enough about it to conclude that installing pointless "caching" proxies that will get some 3-5% hitrate if you are really lucky and break things left and right on the way makes absolutely no sense unless you are on a slooooooooow WAN.

goodspeed_11

@doktornotor:

@goodspeed_11:

What do you know about that uh ?!

Looking at this forum, I know enough about it to conclude that installing pointless "caching" proxies that will get some 3-5% hitrate if you are really lucky and break things left and right on the way makes absolutely no sense unless you are on a slooooooooow WAN.

As I said before, I work for a little company. So we have maybe 30 computers. When there are some Windows Update, the bandwidth is saturated …
It's not ESSENTIAL, but IT'S can be PROFITABLE ...

Here is a screenshot of the problem
WAN1 : 192.168.0.91 -> Gateway 192.168.0.254 <-- This is where I have the GUI that I want to go
WAN2 : 192.168.1.91 -> Gateway 192.168.1.254


doktornotor

@goodspeed_11:

before, I work for a little company. So we have maybe 30 computers. When there are some Windows Update, the bandwidth is saturated …

You should run WSUS server on your LAN. Not Squid. Managing hotfixes manually on 30 computers? WTF. (Beyond that, last time I checked here, proxying Windows Update did not even work for the people who were trying it, just search the forum.)

goodspeed_11

I don't know between

2 modems > load balancer Duolinks SW24 | Pfsense | LAN
or
2 modems > 1 Pfsense for load balancing | 2nd Pfsense for Squid + others | LAN

Little bit tired by that  :(