SQUID on DUAL WAN only use DEFAULT
-
I have 2 WANs (using a Gateway Group) and used separately (for some requests I use the Group to go outside and for some other requests I need to use one WAN or the other).
The fact is when I configure the SQUID it uses ONLY the default gateway to go outside, I cannot use the firewall->rules to define the way the packages use to go outside. If I remove the package the rules work well.
Any idea of what I need to do or configure to make it work?
Thanks
-
Are you using pfsense 2.0?
-
Sorry, yes PFSense 2-RELEASE
-
I'm going to be headed down this road once I upgrade. Please let us know if you get it working.
-
translating from felipeortega post: http://forum.pfsense.org/index.php/topic,37776.0.html
After gateway balance/ failover configured at your pfsense box,
create this rule at floating:
Action: Pass
Interface: Select both Wans
Direction: Out
Source: any
Destination: any
Destination port range: 80 or squid port
Gateway: Select LoadBalance gateway you createdgo to Firewall>NAT->Outbound
Select Manual Outbound and save
create one outbound rule for each wan with
Protocol= any
Source= any
Destination= any
Translation = Interface addressat squid add this to:
Select lan and loopback to listen onat custom options:
tcp_outgoing_address 127.0.0.1 all;#(all in this case is your acl) -
Marcello, I read the FelipeOrtega post too, and I promises that I'll try it on Monday. But I'm thinking that my problem is different, is not related to LoadBalancing that work well, but to push the outgoing packages to different gateways using Squid.
On my mind (please someone correct me if I'm wrong), the things are:<my request="">->LAN (in) Rules->Squid->Floating (out) Rules->Outside
For that your rules seems to work, my doubt is, when the <my request="">arrives to the WAN Rules, it comes from my-lan-address or from 127.0.0.1 (Squid)?????
Again I'll make some tests on Monday and I'll let you (all) know.
Thanks,</my></my>
-
<my request="">->LAN (in) Rules->Squid->Floating (out) Rules->Outside
For that your rules seems to work, my doubt is, when the <my request="">arrives to the WAN Rules, it comes from my-lan-address or from 127.0.0.1 (Squid)?????</my></my>
I can answer you <your request="">will come from Squid. That's the way proxy work.</your>
-
Yes, you have to balance the web traffic from the localhost instead of the traffic for you lan clients.