How to configure dual WAN with squid proxy

  • Hi!
    Does anyone know how to handle this kind of situation?

    I'll try to explain my problem. As you can see in picture, i have proxy server that is connected to pfsense. There are also 2 more nics which connects two isp providers. One ISP is given me Cisco router, and this router is my default gateway when traffic is going on that direction. On the other side i have adsl modem and it's configured in bridge mode, so pfsense firewall is getting an ip address directly from ISP. My clients are using proxy settings in their browsers (ip address of proxy server and port 8080). All clients when going to internet are targeting squid proxy and then proxy is getting web pages for them.

    I would like to configure pfsense as load balanser for port 80. Also failover is important to work.

    I've tried to configure pfsense with help of this tutorial ( But, that doesn't work.
    My logic tells me that rule (balansing rule) for that "proxy" zone should goes like this:
    that proxy host -> any destination port 80 gateway: load_balanse.

    On LAN side, i passed all traffic that targets port 8080 (squid) to "proxy zone".
    LAN -> "proxy zone" destination port 8080 gateway default pass.

    And when i test my connection to internet, web surfing is not working, but when pinging some web sites, it works. I guess, problem is with my dns servers, but they are configured as in tutorial.. One from one ISP, and the other from other ISP. It seems that problem relies on DNS, but don't know how to solve it.
    I forget to mention that i have internal dns server on that same mashine where is proxy, and it's configured as it should be, dns ip's of both ISP providers are there.

    Is it problem in bridge modem, and getting ip directly through PPPOE? Something else? Maybe concept of having proxy is wrong when try to have load balanser…

    Any ideas?


  • Hi guy, its concept is not this wrong. but to run your scenario you need to know two things.

    First :

    pfsense uses dnsforwarder,  So the real server is the DNS servers in your configuration of pfsense,
    leaving only the default route.
    so to solve this problem you must use a static route to one of the dns, leaving the OPT1, or using the dns in loadbalacing that he will do it for you

    using proxy  the traffic leaving only in the default route(pfsense box , freebsd+pf, I know it happens with linux + iproute2 also).
    There are many ways to resolve this, using the policy tcp_outgoing_address the squid, but none officially in pfsense
    I have many problems with it and I am developing a solution for me, I hope you serve others, in brief

  • sorry my poor english

Log in to reply