New HOWTO: pfSense Squid Web Proxy with multi-WAN links (it works!)
-
Hi all,
I spend 2 days to deal with Squid Web Proxy with multi-WAN links.
And now, it works correctly! So, I decided to write a detailed howto, with explanations. With this document, you can understand multi-WAN and Squid configuration.
Version : pfSense 2.0-RC1 (built on Sat Feb 26 15:30:26 EST 2011)
(I posted this document from Haiti. I'm training people here, with OpenSource security solutions.)
http://securite-ti.com/pfSense_Web_Proxy_with_multi-WAN_links.pdf
Thanks all! Comments are welcome!
-
good job
-
Thank you very much, we need from all member to post doc's. as you.
Thanks -
Would be better if it were on our wiki :-)
-
-
I modified some details in the docs regarding floating rules.
I will write an article in the wiki soon.
Thanks for reading,
Dimitri.
-
Dear Dimitri.
I really appreciate your workā¦. coz i was also working on this scenario but i have to use two machine one for load balancing and other one for proxy+squid Filter+light squid. i would like to receive your next amended writeup on subjected topic on my following address.Ā Again Great job Mr.Dimitri. i will try to implement as per your attached PDF doc.
Regards
itonmytips
itonmytips@hotmail.com -
Hello, I tried to follow your advice of how to set up Squid also, the result does not sail over the internet, done and redone many times, but no way to lock the navigation, where am I wrong in your opinion?.
Thanks. -
@zetar : I can help, but I need more informations about your configuration or technicals parameters? Did you have an error message on your Web browser while your surfing the Web through Squid?
-
Hello, I had no error message, only "page not found".
Installed on a test, because after the installation of Squid are no longer 'able to uninstall it, with the consequence of having to redo the server, I do not want to risk on a production machine.
Then let you know what happens, maybe with some screenshots.
Thanks. -
Hello,
only binding to loopback adapter for squid should do and no need for tcp_outgoing address.
This should allow to tighten the NAT/filter rules a bit more. -
good day pfmasters, i would like to ask if this work on multi-wan fail over?
ive tested squid with multi wan
wan for browsing
opt for others
when squid is on transparent mode, when wan is disconected and failback to opt interface, i cannot browse but when im on non transparent failover works perfect -
Please help me,Ā I can't file access: http://securite-ti.com/pfSense_Web_Proxy_with_multi-WAN_links.pdf
-
Hello,
Thanks for this.Ā Unfortunately it is not working for me.. Here is the issue.. the failover is working fine, i unplug the primary and a few seconds later I am pinging out to the internet.Ā Browsing does not work and here is why:
Under System, Routing, I have 2 Gateways.. the Primary gateway has Default Gateway checked.. so when it goes down the default gateway goes away.. so Squid cannot route out to fetch these pages.Ā So, is there a way for me to setup some weighted routes so squid (and the pfsense firewall) can route out in case the primary connection goes down?
-
@ermal: i've found that when binding squid to localhost only causes traffic from lan not to go through the proxy ā¦ should any other redirect rules be implement when running it your way ?
@zzajdica: the floating rules are there to push http traffic to the correct gateway ... check if your floating rules correspond with the ones in this how-to and let us know if that helped
-
Hi!
Thanks for the docs! I'm having some issues also.
1. Following the guides you made, it's working! really! but after few seconds the squid is starting to fail then all connection are totally blocked by squid.
Ā Ā - maybe it's on squid
2. In this mode, while the tier 1 is down. The pfsense itself doesn't have internet connection (im not sure how to say it)
Ā Ā - can't ping any host or even check for updates.
Ā Ā - **but as long as all workstations does have connection and forwarders are working i think i can live with this.I really appreciate what you made!!
I'm Hoping you can help us!!Thank yoU!!!
-
Hi!!
After following those guides, it does gives me interest to study pfsense deeply.
I'm running pfsense 2.0 RC2 (updated) squid + wan failover that for me is working. Just did it TODAY.
I did not set or use any rules (as in no rules are being used.)
I still need to monitor this over the weekend. I'd be happy to share it with you guys if this one works with my needs.
Like port forwarders and carp/pfsync.THank you for giving me encouragement!!
-
My floating rule is set.Ā I also tried upgrading to the newest snapshot but it did not help.Ā Please see attached for my settings.Ā Thanks!
-
Edit the floating rule so that the interfaces and direction are also visible in the screenshots. That's the most important info there aside from what you've shown.
-
-
Check "quick" on that rule.
-
Tried that didn't work
-
duplicate the floating rule you made for http traffic, then modify it for dns (proto tcp/udp / port dns=53)
-
All ways not work.
we need standard way work with all , not for one.
very bad. -
Thanks Heper but that also did not work.Ā I'm going to be deploying this later on with a different network (Right now I am just testing) with DNS servers on the LAN so maybe I'll have better luck in that environment.Ā I'll post back as soon as this happens.
Many thanks.
-
Hi you guys, any one have the document ? i cant get it from the url posted.
thanks in advanced.
Regards
-
Hi you guys, any one have the document ? i cant get it from the url posted.
thanks in advanced.
Regards
Solved, the link was down till now.
Thanks
-
Still couldn't get it to work.. failover works great if I don't have Squid running.
-
We need LoadBalancing and FailOVER! squid guys working faster please!
-
@DimitriS
Did you tested this setup in case of loadbalancing?Ā
After my test it perfectly works in case of failover, but not when I set up loadbalancing between two gateways..
I tried to bind squid to loopback and LAN and only loopback, and works well only when gateways sets in failover.Michael
-
I agree with mbedyn, failover works but not loadbalancing.
-
Saw the same thing here.Ā Fail-over yes, load balancing no.
-
same here no loadbalance only failover. Also the redirect error page in squidguard doesn't point to the redirect page.
2.0-RC3 (i386)
built on Wed Jun 22 12:38:11 EDT 2011installed packages: squid, squidguard, bandwidth and vnstati
squid in transparent mode, 2 ISP (dynamic and static WANS)
floating rule set as this:
@zzajdica: -
I tried to follow the HOWTO but it seems I encountered problems:
2.0-RC3 (i386)
built on Fri Jul 1 00:16:18 EDT 2011
-
Good Job
-
Hello.
For three days I'm trying to do this.
I tried and tried, but I can not get it to work.
I can not open web pages it opens and then stops and does not go more 'forward.
I attach a screenshot
As you can see I can not even do program updates.
If anyone can help me, I would do a big favor.
Thanks to all.
-
Screenshot
-
screenshot
-
screenshot
-
what does not work ?
are you able to do basic loadbalancing without squid ?
if no -> read the sticky about loadbalancing / failover in 2.0 forumif yes -> is your floating rule being hit when trying to access a page ? ā> if yes then you could be having a dns issue, duplicate the floating rule you have for http but change to tcp/udp and destination to DNS (53)
