Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Policy routing and squid proxy

    Scheduled Pinned Locked Moved Firewalling
    2 Posts 1 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      fluca1978
      last edited by

      Hi, I'm running 1.2.3 (I'm going to upgrade, but before I need to solve this problem) and I'm experiencing a problem with policy routing and squid proxy. The machine has 2 WAN cards, and the squid is using the default one (i.e., WAN) to route http traffic. I want a set of hosts to be policy routed on the other card even for http traffic, so I placed a rule in the LAN tab, at the top of the list, that results as follows:

      pass in log quick on rl0 route-to (re2 188.219.X.X) inet from <ced>to any flags S/SA keep state label "USER_RULE: Policy routing re2"</ced> 
      

      that states that all the code that belongs to the CED alias must be routed thru the re2 interface, that is the second WAN in the firewall. While this works for all non-http traffic, still http traffic is routed thru the default WAN, as well as ICMP traffic (e.g., traceroute). Therefore in the proxy server configuration I placed the same ip addresses that appear in the CED alias into the Bypass proxy for these source IPs but nothing changed. The strange fact is that if I change the firewall rule from pass to block the traffic, even http, is blocked. Am I doing something wrong?
      Moreover, upgrading to 2, there will be any chance to policy routing even proxy traffic?

      1 Reply Last reply Reply Quote 0
      • F
        fluca1978
        last edited by

        I've tried disabling the squid proxy at all, and then the policy routing works, but when squid is enabled the default wan is the one which makes the squid to exit the network. ANy suggestion?

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.