Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squid and CARP

    Scheduled Pinned Locked Moved pfSense Packages
    3 Posts 2 Posters 2.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sgb
      last edited by

      Hi all,

      I have squid configured in transparent mode and it works well.  It is bound to the LAN interface and the default gateway for the internal LAN is the internal CARP VIP.  I have hit a problem though - anything passed to squid seems to bypass the outbound NAT rule that SNATs packets to the public VIP.

      In short, with squidout installed outbound http traffic comes from VIP, whereas with squid installed outbound http traffic comes from whatever the physical IP of the interface is.

      I assumed it was simply a matter of adding a NAT rule for traffic originating from 127.0.0.0/8 passing through the WAN interface for destination port 80 to SNAT to the VIP, but it has had no effect.

      The rules I have in place are as follows:

      
      WAN  	| X.X.0.0/21	| *	   |*	   |*	         |WANVIP	 |*	                |NO	|Rule for LAN to WAN VIP 
      WAN  	| 127.0.0.0/8	| tcp/* |*	   |tcp/80	 |WANVIP	 |*	                |NO	|Rule for Proxy to WAN VIP 
      WAN  	| 127.0.0.0/8	| *	   |*	   |*	         |*	        |1024:65535	|NO	|Auto created rule for localhost to WAN 
      WAN  	| 127.0.0.0/8	| *	   |*	   |*	         |*	         |1024:65535	|NO	|Auto created rule for localhost to WAN 
      
      

      I'd welcome any help with this.  I can only imagine there's something wrong with my assumption that squid traffic originates from localhost on the firewall.

      Regards,

      sgb

      1 Reply Last reply Reply Quote 0
      • marcellocM
        marcelloc
        last edited by

        Use squid tcp outgoing address directive to specify it.

        There is a field on squid gui for custom options. Place it there.

        Treinamentos de Elite: http://sys-squad.com

        Help a community developer! ;D

        1 Reply Last reply Reply Quote 0
        • S
          sgb
          last edited by

          Excellent, thank you.

          Simon

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.