Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SQUID on DUAL WAN only use DEFAULT

    Scheduled Pinned Locked Moved pfSense Packages
    8 Posts 5 Posters 8.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mack
      last edited by

      I have 2 WANs (using a Gateway Group) and used separately (for some requests I use the Group to go outside and for some other requests I need to use one WAN or the other).

      The fact is when I configure the SQUID it uses ONLY the default gateway to go outside, I cannot use the firewall->rules to define the way the packages use to go outside. If I remove the package the rules work well.

      Any idea of what I need to do or configure to make it work?

      Thanks

      1 Reply Last reply Reply Quote 0
      • marcellocM
        marcelloc
        last edited by

        Are you using pfsense 2.0?

        Treinamentos de Elite: http://sys-squad.com

        Help a community developer! ;D

        1 Reply Last reply Reply Quote 0
        • M
          mack
          last edited by

          Sorry, yes PFSense 2-RELEASE

          1 Reply Last reply Reply Quote 0
          • M
            mhab12
            last edited by

            I'm going to be headed down this road once I upgrade.  Please let us know if you get it working.

            1 Reply Last reply Reply Quote 0
            • marcellocM
              marcelloc
              last edited by

              translating from felipeortega post: http://forum.pfsense.org/index.php/topic,37776.0.html

              After gateway balance/ failover configured at your pfsense box,

              create this rule at floating:

              Action: Pass
              Interface: Select both Wans
              Direction: Out
              Source: any
              Destination: any
              Destination port range: 80 or squid port
              Gateway: Select LoadBalance gateway you created

              go to Firewall>NAT->Outbound
              Select Manual Outbound and save
              create one outbound rule for each wan with
              Protocol= any
              Source= any
              Destination= any
              Translation  = Interface address

              at squid add this to:
              Select lan and loopback to listen on

              at custom options:
              tcp_outgoing_address 127.0.0.1 all;#(all in this case is your acl)

              Treinamentos de Elite: http://sys-squad.com

              Help a community developer! ;D

              1 Reply Last reply Reply Quote 0
              • M
                mack
                last edited by

                Marcello, I read the FelipeOrtega post too, and I promises that I'll try it on Monday. But I'm thinking that my problem is different, is not related to LoadBalancing that work well, but to push the outgoing packages to different gateways using Squid.
                On my mind (please someone correct me if I'm wrong), the things are:

                <my request="">->LAN (in) Rules->Squid->Floating (out) Rules->Outside

                For that your rules seems to work, my doubt is, when the <my request="">arrives to the WAN Rules, it comes from my-lan-address or from 127.0.0.1 (Squid)?????

                Again I'll make some tests on Monday and I'll let you (all) know.

                Thanks,</my></my>

                1 Reply Last reply Reply Quote 0
                • D
                  doccocaubai
                  last edited by

                  @mack:

                  <my request="">->LAN (in) Rules->Squid->Floating (out) Rules->Outside

                  For that your rules seems to work, my doubt is, when the <my request="">arrives to the WAN Rules, it comes from my-lan-address or from 127.0.0.1 (Squid)?????</my></my>

                  I can answer you <your request="">will come from Squid. That's the way proxy work.</your>

                  Le Trung Thanh
                  Network Engineer
                  Mobile: +84982251818

                  1 Reply Last reply Reply Quote 0
                  • N
                    ncolunga
                    last edited by

                    Yes, you have to balance the web traffic from the localhost instead of the traffic for you lan clients.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.