Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Triple wan loadbalance and squid

    Routing and Multi WAN
    3
    18
    2649
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tripplex last edited by

      I have triple wan created a gateway group for load balancing using tier 1 for all but it seems squid won't work to maximize my throughput I have 3 20mbps down and its only getting one 20mbps out of the three it should be getting 60 mbps total down.

      So 3 wan and one lan. All 10/100mbps nics.
      Running pfsense 2.3.2.
      Packages installed squid and freeradius2.

      Can someone guide me as to where I am going wrong

      1 Reply Last reply Reply Quote 0
      • H
        heper last edited by

        can't be done

        1 Reply Last reply Reply Quote 0
        • T
          tripplex last edited by

          wow so what would i have to do to achieve this. Uninstall squid?
          I tried disabling squid and it didn't make a difference. So what am i doing wrong?

          1 Reply Last reply Reply Quote 0
          • Derelict
            Derelict LAYER 8 Netgate last edited by

            Run squid on another node behind pfSense. Traffic generated on the firewall itself (such as outbound connections from the squid proxy on the firewall) cannot be policy routed (such as Multi-WAN.)

            And, no, Multi-WAN cannot combine two or more connections into one "fatter pipe." It can distribute different connections over different WANs to achieve more capacity but no single connection will ever see increased capacity over the circuit chosen for it.

            1 Reply Last reply Reply Quote 0
            • T
              tripplex last edited by

              Thanks for that I thought that might work but I don't have the cash to build another box to host squid.

              So I am wondering if I disable squid if it will work because I tried disabling it and I still get the dame result.  So do I have to uninstall it? I really just want to disable it.

              1 Reply Last reply Reply Quote 0
              • T
                tripplex last edited by

                It seems squid is partially doing load balancing because when i do a tracert it chooses the wan connection to use depending on the website i enter or the congestion on the network at that time.

                1 Reply Last reply Reply Quote 0
                • Derelict
                  Derelict LAYER 8 Netgate last edited by

                  Traceroute doesn't go through squid.

                  1 Reply Last reply Reply Quote 0
                  • T
                    tripplex last edited by

                    So the best option is to disable squid or uninstall it to get load balancing working?

                    1 Reply Last reply Reply Quote 0
                    • Derelict
                      Derelict LAYER 8 Netgate last edited by

                      I already gave you what I feel is the single best option to solve your problem, which is a separate caching node behind the multi-WAN node. That will do exactly what you want.

                      Other than that, getting firewall-generated traffic to use multi-WAN is going to be difficult if it's possible at all. You might look here:

                      https://forum.pfsense.org/index.php?topic=66822.msg457770#msg457770

                      That acl random command might be promising. Never tried it.

                      1 Reply Last reply Reply Quote 0
                      • T
                        tripplex last edited by

                        Am just asking if disabling squid will make load balancing work.

                        I also have freeRadius2 and captive portal running will that affect load balancing just as squid?

                        Please answer my first question please because I disabled squid rebooted my machine and it seems load balancing still not working.

                        1 Reply Last reply Reply Quote 0
                        • Derelict
                          Derelict LAYER 8 Netgate last edited by

                          Yes. Turning off squid should make load balancing work as long as the hosts are connecting through an interface that has the proper gateway groups set on the pass rules.

                          No, captive portal should not affect your gateway groups. Neither will the auth method for the CP (as in freeradius).

                          1 Reply Last reply Reply Quote 0
                          • T
                            tripplex last edited by

                            Yes I set the rules in the firewall so I have 3 20mbps down so I should get 60mbps down in total running speed test. I am only getting 20mbps alone. What's the matter there?

                            1 Reply Last reply Reply Quote 0
                            • Derelict
                              Derelict LAYER 8 Netgate last edited by

                              No, you will not. Multi-WAN does not combine connections into one "fatter pipe." It distributes connections among the interfaces so, under load, they are all utilized.

                              1 Reply Last reply Reply Quote 0
                              • T
                                tripplex last edited by

                                Oh I understand now. Thanks very much. So do you know when squid will use gateway groups aka multi-wan?

                                1 Reply Last reply Reply Quote 0
                                • Derelict
                                  Derelict LAYER 8 Netgate last edited by

                                  You might look at the acl random I referred to earlier.

                                  1 Reply Last reply Reply Quote 0
                                  • T
                                    tripplex last edited by

                                    So that command where should I place it in squid? Be specific please been reading the post and its not clear where to paste it.

                                    1 Reply Last reply Reply Quote 0
                                    • Derelict
                                      Derelict LAYER 8 Netgate last edited by

                                      You will have to do that research yourself or post in the cache/proxy forum that specific question.

                                      1 Reply Last reply Reply Quote 0
                                      • T
                                        tripplex last edited by

                                        Ok thanks

                                        1 Reply Last reply Reply Quote 0
                                        • First post
                                          Last post

                                        Products

                                        • Platform Overview
                                        • TNSR
                                        • pfSense Plus
                                        • Appliances

                                        Services

                                        • Training
                                        • Professional Services

                                        Support

                                        • Subscription Plans
                                        • Contact Support
                                        • Product Lifecycle
                                        • Documentation

                                        News

                                        • Media Coverage
                                        • Press
                                        • Events

                                        Resources

                                        • Blog
                                        • FAQ
                                        • Find a Partner
                                        • Resource Library
                                        • Security Information

                                        Company

                                        • About Us
                                        • Careers
                                        • Partners
                                        • Contact Us
                                        • Legal
                                        Our Mission

                                        We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                                        Subscribe to our Newsletter

                                        Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                                        © 2021 Rubicon Communications, LLC | Privacy Policy