Load Balance and Squid does not work runnig in the same server
-
There is a known limitation when using outgoing load balance and squid in the same server, o squid always get out in the default route and dont respect the lan rules, but I read this would be solved in the 2.0 version, anyone knows something about this. I have tried many alternatives and I almost gave up to find the solution.
-
with a lot of help and patches of the pfsense team i've managed to get it working on a snapshot of last month's beta (it probably works with the most recent RC1 but i can't confirm this)
i will get back to you this weekend or early next week if you are interested.
basically you need to let squid bind to localhost then use floating rules to push it out the loadbalancing group
you do need a seperate DNS server on the LAN side that squid can use to resolve because you'll have issues otherwise if WAN1 goes offline
-
heper You sure about that?
-
pretty sure …. it was all virtualized, but it eventually balanced and more importantly did failover with 2 WAN's. (i did need 4 VM's in total to test this)
heper You sure about that?
-
How are you trying to configure it?
Please show screenshots and i will help you. -
i'll let you know this weekend how i've managed in full detail
in any case I selected LAN+loopback for proxy interfaces.
then at the bottom you have a field called 'custom options'
there i entered this: tcp_outgoing_address 127.0.0.1squid traffic will allways try to go out WAN1
with floating rules you can catch it before it leaves the interface and redirect it to force it out using the loadbalance-gateway-group. -
You are missing something nobody told you :)
All this needs AON activated and the source in the generated rules set to any so those rules translate properly for traffic redirected from the loadbalance pool.
-
also note my comment that i put a dns server on the lan-side ….
i couldn't get it to work with the default dnsmasq provided by pfsense when my WAN1 went offline, this could be because i'm not capable of configuring it properly ;)
so if you are able to accomodate a dns inside the lan then you can fill in the 'Use alternate DNS-servers for the proxy-server' field in the squid configuration page.
-
i took some screenshots
they pretty much explain themselfs …i currently don't have the time to write a full how-to but if you still have questions don't hesistate to ask em ;)
see below:
dashboard:
NAT:
Rules:
Squid settings:
-
thanks it worked 8) 8) 8)
the detail that was picked up in nat rules to the 127.0.0.1, but everything right now and running! -
I just put a patch that will include localhost(127.0.0/8) on the default nat rules so AON will not be needed anymore in the configuration.
Should be easier now by just creating a floating rule and selecting the gateway group on it. -
Ermal, I have the following situation, an internal server running IIS, the rule enabled the floating leaves no service be accessed externally, is there anything to be done differently in this rule, use of nat port http to redirect traffic
-
This is not related to this topic or i am not understanding anything on this.
So please explain. -
hi,
in floating rule, please give me the detail,
check Quick, and match any interface and ther direction in or out,
explain
thanks -
i did all thing in pics, but not work
-
I'm trying to understand the pics, but there is many things like the direction in floating rules.
This set of rules can be used to work the wan balancing with squid? its needed the AON or not with the latest release?
-
I'm also trying to understand how to do this before i go and install squid. Hopefully somebody could post the steps in detail as I'm really new at this.
-
We need good explain, we dont know some things in rules, we need more explain,
where is document for load balance and squid,
thanks -
will post details of floating rules tonight ….
also i don't check this forum on a daily bases , to get my attention regarding this post its easier to send a pm
-
Hello guys, i'm experiencing the same problem. I've tryed the solution you give. When i configure two links in different tiers, making failover, squid work perfectly going trough the gateway I specify. but, when I configure two gateways in the same tier, making balance, the squid can't find any site and when the user try to access any site on the internet, the browser still "searching forever" until get the "TIMEOUT" message. Did one of you experienced that too? what am I doing wrong?
Just for information:
I have two links: 1 PPPOE and 1 Static from 2 different ISPs in two different interfaces.
I have a Lan where are all the computers and a DMZ where are a Web Server that is a DNS server too.
The LAN's DNS server is the PfSense.