Squid with multi wan doesnt work as intended
-
in squid i typed this
tcp_outgoing_address 127.0.0.1;on floating tab i created a rule
pass
quick disabled
interface wan1 and wan2
direction out
protocol tcp
source and destination any
source port any
destination port 80
gateway wan2and i logged packet also and it seems it still goes out of wan1 instead of wan2
-
here r some screenshots
![CropperCapture[1].jpg](/public/_imported_attachments_/1/CropperCapture%5B1%5D.jpg)
![CropperCapture[3].jpg](/public/_imported_attachments_/1/CropperCapture%5B3%5D.jpg)
-
Does the rule get any hits, do you see log entries for it? Otherwise there might be interference with pfSense internal rules, I guess.
-
yes the floating rule gets hits but interface is always shown as wan1 inspite of me routing out of wan2 using the rule so probably it has some bug i guess unless there is something else to be configured.
i use whatsmyip etc to check the ip and all say traffic is coming from wan1 instead of wan2
-
Tried to replicate it, but I am getting the same results you get. Seems there's something more involved. When I use Quick for the rule, the traffic hits the ruleset twice and it dows not work at all. But I cannot debug this further now, sorry. I'm not at home and might lock myself out playing with the ruleset too much ;)
I remember there was something about negate rules, but I am not sure if that applies to this problem.Edit: The "Squid-way" to solve this would simply be
tcp_outgoing_address <wan2 ip="" address="">;</wan2>Don't know how complicated it would be to make the outgoing address an option in the Squid package, though.
-
-
Tried to replicate it, but I am getting the same results you get. Seems there's something more involved. When I use Quick for the rule, the traffic hits the ruleset twice and it dows not work at all. But I cannot debug this further now, sorry. I'm not at home and might lock myself out playing with the ruleset too much ;)
I remember there was something about negate rules, but I am not sure if that applies to this problem.Edit: The "Squid-way" to solve this would simply be
tcp_outgoing_address <wan2 ip="" address="">;</wan2>Don't know how complicated it would be to make the outgoing address an option in the Squid package, though.
provided the wan ip never changed
-
Like I said, an option in the package would be needed for that.
-
Like I said, an option in the package would be needed for that.
just put it(tcp_outgoing_address <wan2 ip="" address="">;) on custom_options.
You will need to update it every time you get a new wan address if you do not have a static wan.</wan2>
-
thats the whole thing, i dont have a static ip so why not use some coding to feed in ip when it changes to it, mayb a drop down similar to gateway which can be selected and it changes with ip change
