Load Balancing + Failover with Squid - Not working PLS HELP…....



  • Hi Everybody,

    I am using PFSense 2.0-RC3 (i386)
    built on Tue Jun 21 16:50:25 EDT 2011

    I have configured pfsense with load balancing and fail over. It is working perfectly in normal manner ( With out Squid). Then I have install squid package and configured as per the installation guide posted "heper" on « Reply #8 on: March 06, 2011, 07:46:23 am ». But I didn't get internet traffic into my PC. Herewith I have attached all my current configurations. Please go through these config and help me how to do the changes.

    Thanks

    ![Firewall Floating.PNG](/public/imported_attachments/1/Firewall Floating.PNG)
    ![Firewall Floating.PNG_thumb](/public/imported_attachments/1/Firewall Floating.PNG_thumb)
    ![Gateway Groups.PNG](/public/imported_attachments/1/Gateway Groups.PNG)
    ![Gateway Groups.PNG_thumb](/public/imported_attachments/1/Gateway Groups.PNG_thumb)
    ![LAN Rules.PNG](/public/imported_attachments/1/LAN Rules.PNG)
    ![LAN Rules.PNG_thumb](/public/imported_attachments/1/LAN Rules.PNG_thumb)
    ![NAT Rules.PNG](/public/imported_attachments/1/NAT Rules.PNG)
    ![NAT Rules.PNG_thumb](/public/imported_attachments/1/NAT Rules.PNG_thumb)
    ![Proxy Settings - 1.PNG](/public/imported_attachments/1/Proxy Settings - 1.PNG)
    ![Proxy Settings - 1.PNG_thumb](/public/imported_attachments/1/Proxy Settings - 1.PNG_thumb)
    ![Proxy Settings - 2.PNG](/public/imported_attachments/1/Proxy Settings - 2.PNG)
    ![Proxy Settings - 2.PNG_thumb](/public/imported_attachments/1/Proxy Settings - 2.PNG_thumb)
    ![Proxy Settings - 3.PNG](/public/imported_attachments/1/Proxy Settings - 3.PNG)
    ![Proxy Settings - 3.PNG_thumb](/public/imported_attachments/1/Proxy Settings - 3.PNG_thumb)



  • can you try this one? this is just my setup which works for me.

    1. In your floating rule,

    • WAN1 address    *    *    *    Wan1BalanceWan2    none

    2. Disable the 127.0.0.1 in your LAN rule

    3. In your NAT,
    WAN1   any * * * * * NO
    WAN2   any * * * * * NO

    4. In your proxy server, select LAN interface only. Try to remove your alternate DNS server.

    5. In the custom options,
    tcp_outgoing_address 127.0.0.1;redirect_program /usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf;redirector_bypass on;redirect_children 3



  • I have tried as per wht u have instructed me. But still not workingg ??? ??? ???

    Please help



  • 1. Update to the latest snapshot

    2. Create a gateway group (example: LoadBalance) with your WAN and Opt1 in same tier.

    3. In your LAN firewall rule, below the Anti-Lockout rule, make another rule like this:  * * * * * LoadBalance none
    Interface: LAN
    Protocol: Any
    Source: Any
    Destination: Any
    Gateway: LoadBalance

    4. In the floating rule, select the following:
    Interface: WAN AND Opt1 - you can control+click the interfaces to select more than one
    Direction: Out
    Protocol: Any
    Source: Any
    Destination: Any

            • LoadBalance none

    5. Under NAT>Outbound
    Select Manual Outbound NAT rule generation
    Protocol: Any
    Source: Any
    Destination: Any
    Translation: Interface Address

    Interface Source Source Port Destination Destination Port NAT Address NAT Port Static Port Description
    WAN   any * * * * * NO
    Opt1   any * * * * * NO

    6. In the Proxy Server:
    General:
    Custom Options: tcp_outgoing_address 127.0.0.1;redirect_program /usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf;redirector_bypass on;redirect_children 3

    Access Control:
    External Cache-Managers: <Your LAN IP Address>



  • Hi,

    My version is 2.0-RC3 (i386)
    built on Tue Jun 21 16:50:25 EDT 2011

    is there any latest update than this? I've clicked on the available update at dashboard. But it displayed "Unable to get updates". How can I get the latest snapshot? Please past the link on your answer.

    I did every thing as what you have said to me but unfortunately my internet is still not working. Is there any thing to do with my client pc setting (Ex: Default GW or DNS setting). I think i don't want to change any thing on the client side. Just entering the 192.168.0.110 as proxy ip and 3128 as a port.

    But I have notice I cannot clear my state table. When I click Clear the state at Diagnostics -> state -> Reset State. It seems PC is hung. but after the several minits I clicked refresh, then it goes. But my state tables are not cleared. is it a problem? how can i clear it?

    I've attached every thing here for kind reference.

    Please check and let me know the problem.

    Thank you very much

    Best Regards

    Nuwan

    ![GW Group.PNG](/public/imported_attachments/1/GW Group.PNG)
    ![GW Group.PNG_thumb](/public/imported_attachments/1/GW Group.PNG_thumb)


    ![LAN Rule.PNG](/public/imported_attachments/1/LAN Rule.PNG)
    ![LAN Rule.PNG_thumb](/public/imported_attachments/1/LAN Rule.PNG_thumb)








    ![Access Control.PNG](/public/imported_attachments/1/Access Control.PNG)
    ![Access Control.PNG_thumb](/public/imported_attachments/1/Access Control.PNG_thumb)
    ![Browser Settings.PNG](/public/imported_attachments/1/Browser Settings.PNG)
    ![Browser Settings.PNG_thumb](/public/imported_attachments/1/Browser Settings.PNG_thumb)





  • In your browsing settings, select no proxy…

    I don't know why your settings doesn't work, I am just a newbie also. I just want to share my setup which works and hopefully thinking that it will work with yours.
    Sorry if it didn't help.

    Maybe the more experienced members here can help.



  • Hi Everybody,

    Thanks to Heper and jikjik101 finally I could get internet through squid proxy server with Load Balancing and Fail over. I will explain to you each and every steps with my screen shots. ;) ;)

    1. You should update your Version up to the latest version

    2.0-RC3 (i386)
    built on Fri Aug 12 16:23:11 EDT 2011

    Then …...



    ![GW Group.PNG](/public/imported_attachments/1/GW Group.PNG)
    ![GW Group.PNG_thumb](/public/imported_attachments/1/GW Group.PNG_thumb)




    ![LAN Rule.PNG](/public/imported_attachments/1/LAN Rule.PNG)
    ![LAN Rule.PNG_thumb](/public/imported_attachments/1/LAN Rule.PNG_thumb)








    ![Browser Settings.PNG](/public/imported_attachments/1/Browser Settings.PNG)
    ![Browser Settings.PNG_thumb](/public/imported_attachments/1/Browser Settings.PNG_thumb)



  • Question, why you need to assign proxy for the browsers if it is already transparent?



  • I need to keep default GW of my PC as my Firewall IP. Coz I'm having to access DMZ.  if i applied "No Proxy" settings how can I access to internet?



  • @abcvidu:

    I need to keep default GW of my PC as my Firewall IP.

    Naturally
    @abcvidu:

    Coz I'm having to access DMZ.  if i applied "No Proxy" settings how can I access to internet?

    Usually transparent proxy works like it's named "transparently" aka no need to tell browsers it's existent



  • So if I checked "No Proxy" with PC Default GW= Firewall IP, is there any way to access internet?



  • @abcvidu:

    So if I checked "No Proxy" with PC Default GW= Firewall IP, is there any way to access internet?

    If you browse the web with port 80 (http) the squid automatically redirects this packets and so the traffic is going through squid. This is why you call it "transparent". You do not need any additional setting on your clients and the clients in general do not (need) to know that there is a TRANSPARENT proxy anywhere in the network.

    You only need to edit the proxy address in the browser if you squid in NOT usinge transparent mode.


Locked