Load Balancing Tranparent Proxy Server using pfSense



  • http://img263.imageshack.us/i/pfsense.png/
    Hi,

    i need a help regarding my project. I need to implement 2 transparent or 2 proxy server in one network and im planning to use pfSense to load balancing the traffic between the 2 proxy server before going to the network. It is possible??..btw the i use squid as the transparent proxy and install it on ubuntu server. can anyone guide me…refer the attach image as reference

    TQVM



  • @gendit:

    http://img263.imageshack.us/i/pfsense.png/
    Hi,

    i need a help regarding my project. I need to implement 2 transparent or 2 proxy server in one network and im planning to use pfSense to load balancing the traffic between the 2 proxy server before going to the network. It is possible??..btw the i use squid as the transparent proxy and install it on ubuntu server. can anyone guide me…refer the attach image as reference

    TQVM

    can anyone help me?..or have any suggestions other then the method above??

    regards gendit



  • Hopefully I'm understanding you correctly but it sounds like you want to do outgoing load balancing so the two proxy servers would share the internet connection of the load balancer (correct me if I'm wrong).

    For each of the proxy servers you would set their gateway to be the internal IP of the load balancer.  In fact you could even setup pfSense to act as a transparent proxy using the squid package if you wanted to.

    Here is a couple of links that might be useful.  The multi wan guide hasn't been updated for pfsense 2.0 yet though.

    Dual wan router guide
    Transparent squid proxy setup

    You could use 3 separate computers, or double up one of the proxies on the pfsense load balancer.  I'm assuming you need multiple proxy servers to distribute the load.

    Let me know if I should elaborate on anything.



  • @skear:

    Hopefully I'm understanding you correctly but it sounds like you want to do outgoing load balancing so the two proxy servers would share the internet connection of the load balancer (correct me if I'm wrong).

    For each of the proxy servers you would set their gateway to be the internal IP of the load balancer.  In fact you could even setup pfSense to act as a transparent proxy using the squid package if you wanted to.

    Here is a couple of links that might be useful.  The multi wan guide hasn't been updated for pfsense 2.0 yet though.

    Dual wan router guide
    Transparent squid proxy setup

    You could use 3 separate computers, or double up one of the proxies on the pfsense load balancer.  I'm assuming you need multiple proxy servers to distribute the load.

    Let me know if I should elaborate on anything.

    Hi thanks for the REPLY.

    actually the network diagram should be like this

    http://img130.imageshack.us/i/loadbalance.png/

    i want to use the pfSense as a load-balance that is used to separate traffic between the two transparent proxy take a load-balance concept. my idea is to separate the traffic for 10 client will go to the proxy 1 and another 10 will go to the proxy 2. it this possible?(since i new to pfsense)..or can we set, 1st IP will go to Proxy 1 and second IP will go to proxy 2 and so on like round robin concept…i planning to used squid and proxy software install it on ubuntu and connect it to pfsense...so pfsense will go the job.


  • Netgate Administrator

    Interesting project.
    Just to confirm you are hoping to cache incoming web traffic to clients on your network? Not internal web servers?

    I haven't got anything to draw a diagram handy so I hope this isn't too confusing.

    You will want to setup pfsense with 2 WAN connections with load balancing and have each WAN connected through a proxy server.

    I don't know if you could use one physical interface with two virtual interfaces to do this, maybe.

    There is probably no need to set the proxys as transparent as pfsense will handle all the redirection anyway.

    Why are you doing this?

    Steve



  • @stephenw10:

    Interesting project.
    Just to confirm you are hoping to cache incoming web traffic to clients on your network? Not internal web servers?

    I haven't got anything to draw a diagram handy so I hope this isn't too confusing.

    You will want to setup pfsense with 2 WAN connections with load balancing and have each WAN connected through a proxy server.

    I don't know if you could use one physical interface with two virtual interfaces to do this, maybe.

    There is probably no need to set the proxys as transparent as pfsense will handle all the redirection anyway.

    Why are you doing this?

    Steves

    hi thanks for the reply,
    yah, just cache incoming web traffic.so the connection will be like this 1 modem -> firewall > proxy > LAN. I just want to create a transparent proxy that can share load between them, so that each transparent will have the same cache and same traffic load without need to configure at client side to used the proxy. For this project will only implement about 20 client only.
    My idea is :
    1. To redirect traffic to each proxy using pfsense.example we have 20 client,10 client will go to proxy 1 and other 10 client to proxy 2.just filter using ip like 192.168.1.1-10 (proxy1) and 192.168.1.11 - 20 (Proxy 2)
    2. second is, not filter it using IP address but, 1st client will automatically go to proxy 1 and second client to proxy 2

    I doesn't have much experience using pfsense so based on that idea, i think that the idea 1 is just simply setting the rules at the pfsense but in idea 2, how can i made the client automatically go to each of the proxy based on who first?..anyone can help me?whether it is possible or not

    i'm doing this for my final year project at my university.to implement two transparent proxy server that can share load between them and from that analyze the performance of the network


  • Netgate Administrator

    Well to start off I should point out that you would not normally need to do anything this complex for a 20 client network. However you are doing this specifically to study.

    You should be able to do either scheme 1 or 2 using pfSense.

    To do round robin load balancing as in scheme 2 you would nomally have two WAN interfaces so you would have to have your proxies 'outside' the pfSense box. The load balancing functionality is part of pfSense.
    Something like:

    proxy1
                                      /         
    Internet - modem/router-            pfSense-clinets
                                      \          /
                                        proxy2

    Steve



  • k thanks for the info..if that is the case for scheme 2, i think i will proceed to scheme 1..other thing that i want to ask based on your expertise is regarding redundancy for transparent proxy server..see this http://img844.imageshack.us/i/redundancy.png/.. the concept is the same as earlier, but this time, only one proxy is active and the other will be standby…the firewall pfsense will be placed in front of the proxy...so it is possible to do redundancy using pfsense?...if proxy 1 down, all traffic will automatically go to proxy 2...Pfsense will give all the DHCP for the client..correct me if im wrong..

    TQVM
    :)


  • Netgate Administrator

    It may be possible to use the load balancing facilities to route to interfaces other than WAN, that would almost certainly require some command line editing and it's certainly outside my expertise!
    Setting up an external proxy is easy enough. It may be easier to use a pair of servers setup in high availability such that they appear to be one device. Again this is beyond my experience though.

    Steve



  • Its ok..Tqvrm.. ;D


Log in to reply