SQUID on DUAL WAN only use DEFAULT

mack

I have 2 WANs (using a Gateway Group) and used separately (for some requests I use the Group to go outside and for some other requests I need to use one WAN or the other).

The fact is when I configure the SQUID it uses ONLY the default gateway to go outside, I cannot use the firewall->rules to define the way the packages use to go outside. If I remove the package the rules work well.

Any idea of what I need to do or configure to make it work?

Thanks

marcelloc

Are you using pfsense 2.0?

mack

Sorry, yes PFSense 2-RELEASE

mhab12

I'm going to be headed down this road once I upgrade.  Please let us know if you get it working.

marcelloc

translating from felipeortega post: http://forum.pfsense.org/index.php/topic,37776.0.html

After gateway balance/ failover configured at your pfsense box,

create this rule at floating:

Action: Pass
Interface: Select both Wans
Direction: Out
Source: any
Destination: any
Destination port range: 80 or squid port
Gateway: Select LoadBalance gateway you created

go to Firewall>NAT->Outbound
Select Manual Outbound and save
create one outbound rule for each wan with
Protocol= any
Source= any
Destination= any
Translation  = Interface address

at squid add this to:
Select lan and loopback to listen on

at custom options:
tcp_outgoing_address 127.0.0.1 all;#(all in this case is your acl)

mack

Marcello, I read the FelipeOrtega post too, and I promises that I'll try it on Monday. But I'm thinking that my problem is different, is not related to LoadBalancing that work well, but to push the outgoing packages to different gateways using Squid.
On my mind (please someone correct me if I'm wrong), the things are:

<my request="">->LAN (in) Rules->Squid->Floating (out) Rules->Outside

For that your rules seems to work, my doubt is, when the <my request="">arrives to the WAN Rules, it comes from my-lan-address or from 127.0.0.1 (Squid)?????

Again I'll make some tests on Monday and I'll let you (all) know.

Thanks,</my></my>

doccocaubai

@mack:

<my request="">->LAN (in) Rules->Squid->Floating (out) Rules->Outside

For that your rules seems to work, my doubt is, when the <my request="">arrives to the WAN Rules, it comes from my-lan-address or from 127.0.0.1 (Squid)?????</my></my>

I can answer you <your request="">will come from Squid. That's the way proxy work.</your>

ncolunga

Yes, you have to balance the web traffic from the localhost instead of the traffic for you lan clients.