Multi LAN + Squid + Squidguard + MultiWAN



  • Hi to all…
    I have this network configuration:

    LAN1 -------|-------------|
    LAN2 -------| PfSense + | -------- WAN1
    LAN3 -------|  Squid      |  --------WAN3
    ..              |                | -------- WAN2
    LANn ------ |__________|

    In this case my combination of PfSense + Squid + Squidguard work perfectly. But all connection are routed through the default wan (the standard behaviour of course). The system work perfectly if I set floating rules (without tcp_outgoing_address option) and failover gw group ora loadbalancing.
    But the systen not work if I want to send the traffic that come from LAN1 ONLY to WAN1, the LAN2 ONLY to WAN3 ect...
    Can you help me??

    Thx in advance!!!



  • What you mean by "system not work"?
    If you are trying to route http|https through one gateway, this is done with squid which will route through the default, failover or loadbalance gateway; you can use tcp_outgoing_address LAN1 WAN1 and so on; for other traffic that squid doesn't handle, it will use the gateway you setup in LAN rules.



  • @kelsen:

    What you mean by "system not work"?
    If you are trying to route http|https through one gateway, this is done with squid which will route through the default, failover or loadbalance gateway; you can use tcp_outgoing_address LAN1 WAN1 and so on; for other traffic that squid doesn't handle, it will use the gateway you setup in LAN rules.

    Thx for reply!
    My goal is to route the traffic that come from LAN1 only to WAN1 (or failvoer group) and the traffic that come from LAN only to WAN2.
    Both LAN1 and LAN2 use squid+squidguard for content filtering.
    Actually I can route ALL traffic that come from LAN1 and LAN2 only to WAN1, or WAN2 or failover group!!



  • Just create a rule on LAN and LAN2 Interface:

    LAN1
    source: lan subnet
    destination: any
    gateway: wan1GW

    LAN2
    source: lan2 subnet
    destination: any
    gateway: wan2GW



  • @kelsen:

    Just create a rule on LAN and LAN2 Interface:

    LAN1
    source: lan subnet
    destination: any
    gateway: wan1GW

    LAN2
    source: lan2 subnet
    destination: any
    gateway: wan2GW

    I have just tried, but this method not function because the http traffic is sent to Squid that send all traffic over default wan (wan1)



  • As I said, you can use tcp_outgoing_address LAN1 WAN1 and so on.



  • @kelsen:

    As I said, you can use tcp_outgoing_address LAN1 WAN1 and so on.

    Hi,
    thx for reply…
    but if I configure custom option of Squid with: tcp_outgoing_address 192.168.0.0/24 191.X.Z.T, I recive an error from squid.
    If i write
    alc int_net 192.168.0.0/24
    tcp_outgoing_address 191.X.Z.T int_net
    squid not return any error, but the traffic do not sent through 191.X.Z.T!!!



  • Someone can help me?  :'(

    Regards,



  • Post a screen shot of your squid configuration.
    You are using failover? if yes, post the lan rules and float too.



  • @kelsen:

    Post a screen shot of your squid configuration.
    You are using failover? if yes, post the lan rules and float too.

    This is my custom options on squid.
    I do not have failover!

    http://imageshack.us/photo/my-images/703/capturetim.jpg/?sa=0



  • This IP is your Gateway or Wan IP? it must be your Wan IP. Besides this, there is nothing else to do.



  • @kelsen:

    This IP is your Gateway or Wan IP? it must be your Wan IP. Besides this, there is nothing else to do.

    Thx for reply…
    This is the address of my WAN interface (not CARP address)



  • Yet it  still didn't work? have you saw your ip on www.meuip.com.br while using proxy?



  • @kelsen:

    Yet it  still didn't work? have you saw your ip on www.meuip.com.br while using proxy?

    Hi, the site report that my ip is the default gw and not 191.X.Z.T (proxy is detected)



  • Take a look at your DNS Settings. Are you suing the forwarder? Does the proxy have any DNS entries? If so try removing them.



  • @niebla:

    Take a look at your DNS Settings. Are you suing the forwarder? Does the proxy have any DNS entries? If so try removing them.

    Yes, I use DNS forwarder of PfSense, but none configurationa about DNS is dove on proxy server…