Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Route all traffic via different gateway for transparent caching squid proxy

    NAT
    1
    1
    1.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Sjoerdos
      last edited by

      First of all, if this is in the wrong forum, please let me know, I figured this was the right section as I have a routing question.

      Background
      I have a semi-shitty internet connection I am sharing with roommates. I want to run a squid cache to increase the perceived internet speed by reducing the load on the link. Also, I want to setup a traffic shaper to fairly distribute the precious bandwidth we have. However, these two do not work together nicely. The traffic shaper limits the bandwidth of the squid cache, because this traffic is going through the same interface in pfSense. I searched online and talked on this forum, and it appears it is just not possible.

      The proposed solution online is to use a separate machine as the squid cache. I would like to set this up.

      Proposed network setup
                                  _________            _____________________
                                  |                  |        |                                          |
      INTERNET –------ PFSENSE  --------      SWITCH                      |
                                  |_________ |        |_____________|
                                                                      |                      |
                                                                      |                      |
                                                                |          |
                                                                |            |        |            |
                                                                |CLIENT|        | SQUID|
                                                                |       |        |      |

      The pfSense box will act as router with NAT, DHCP server, DNS resolver, traffic shaper and firewall. Squid will be on the same subnet as the clients. The plan is use the DHCP server to set the default gateway to the squid box. The squid box will pass on ALL traffic to the pfSense box, EXCEPT for http traffic (just port 80), it will send that to the squid cache (on the same box). The squid cache will be in a transparent mode.

      So a general request from the client will go to the squid box, if it is port 80 it will go to the transparent proxy, if it is not, it will go to the pfSense router.

      My questions
      Is this a viable solution? If not, why not? Note that the pfSense box and the squid box will not be physical machines, they will be VMs on a single piece of hardware. I was thinking of using a headless Ubuntu for the squid box. I have no idea to set something like this up. Can someone help me with the iptables and such?

      If you have a better idea, please let me know! Again, the pfSense and the squid are VMs. I have the possibility to add more VMs if needed or to add more virtual interfaces if needed. For example, with some extra virtual interfaces, the squid proxy could be placed inline. I am willing to do this if it is easier/better.

      Thanks a million times if you can help me get this to work  8). I saw that many more on this forum were struggling to get the squid cache and the traffic shaper to work together. I guess lots of users will be interested if we are able to fix this by just adding another VM/container on a home server.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.