Multiwan and squid no work properly



  • version is 2.1 64bit

    i have 2 wan and 1 lan

    wan1:192.168.1.2      (wangw 192.168.1.1)
    wan2:192.168.2.2      (opt1gw 192.168.2.1)

    there are 50 pc on network. and first 25 pc going from wan1  second 25 pc going from wan2
    without squid its working properly but when i activate squid. all 50 pc's going from default(wan1)
    what i must do ?
    regards.



  • use pfsense 2.0.3, pfsense 2.1 doesn't work squid engine.

    http://forum.pfsense.org/index.php/topic,60977.0.html



  • @hyrol:

    use pfsense 2.0.3, pfsense 2.1 doesn't work squid engine.

    http://forum.pfsense.org/index.php/topic,60977.0.html

    will try test thx



  • HI…
    I am also facing the same issue i have 3 wan connections and 1 Lan with multiple networks (Distributed network) 10.2.x.x/16 and 172.16.x.x/16 on lan side.
    Without squid proxy everything working fine and silk smooth
    I have installed

    2.1-RELEASE (amd64)
    built on Wed Sep 11 18:17:48 EDT 2013

    Squid Proxy 3.3.8 pkg 2.2 (Lower version does not support Share Point website so I must have to install this)
    Some of my clients use proxy through browser configuration, and some are transparent.
    (Required some modules to be copy in /usr/local/lib directory of pfsense http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/ got from here)

    When i select LAN+loopback squid does not work at all and stange error show on browser like INVALID ADDRESS

    Squid always go though the default wan not the load balancing
    I have tried all the tutorials with static nat, floating rule, etc but all in vain.

    Please guide me to solve this issue.

    Thanks



  • hyrol answered. use 2.0.2 or 2.0.3
    squid engine not work on 2.1



  • hi..

    i did it as in link but not working at all



  • why selecting loopback ?
    only select LAN.



  • I tried both wiht loopback and without loop back but still not working :(



  • @Basit:

    I tried both wiht loopback and without loop back but still not working :(

    You still using pfSense 2.1, it does not work because it floating rule does not work.



  • i fixed it.

    create an acl with src and add ip list any text file (every ip per line) then set acl to wan/2 or wan/1 which you want
    add this acl to first line. that other acl's work all default gateway.
    regards



  • @aykiri1:

    i fixed it.

    create an acl with src and add ip list any text file (every ip per line) then set acl to wan/2 or wan/1 which you want
    add this acl to first line. that other acl's work all default gateway.
    regards

    i used  pfsense 2.0.3 and share your config or screen shots for better understanding, i m still struck in it :(
    waiting…



  • my version 2.1 64 bit
    goto proxy server screen
    and see custom options.

    default is :

    tcp_outgoing_address 127.0.0.1;;redirect_program /usr/pbi/squidguard-amd64/bin/squidGuard -c /usr/pbi/squidguard-amd64/etc/squidGuard/squidGuard.conf;redirector_bypass off;url_rewrite_children 5

    then add this string as your config

    acl nameofacl src "/usr/local/etc/squid/ip.txt";tcp_outgoing_address X.X.X.X nameofacl;

    nameofacl is what you will write of name its not important you can use any
    X.X.X.X is your wan interface (not gateway)

    "/usr/local/etc/squid/ip.txt" is ip list which you want to ip's going to which interface.
    open any txt file. then write per line 1 ip

    example:
    192.168.1.40
    192.168.1.41
    192.168.1.42
    etc…

    no use /24 or /16 /8 for subnet

    no need any floating rule .. its working perfect with squid 2.1 and squidguard
    i think moderators change thread name to (fixed)



  • @aykiri1:

    then add this string as your config

    acl nameofacl src "/usr/local/etc/squid/ip.txt";tcp_outgoing_address X.X.X.X nameofacl;

    nameofacl is what you will write of name its not important you can use any
    X.X.X.X is your wan interface (not gateway)

    what happen when WAN PPPoE dynamic "tcp_outgoing_address X.X.X.X nameofacl"

    for me it's not roundrobin/loadbalacing



  • @aykiri1:

    my version 2.1 64 bit
    goto proxy server screen
    and see custom options.

    default is :

    tcp_outgoing_address 127.0.0.1;;redirect_program /usr/pbi/squidguard-amd64/bin/squidGuard -c /usr/pbi/squidguard-amd64/etc/squidGuard/squidGuard.conf;redirector_bypass off;url_rewrite_children 5

    then add this string as your config

    acl nameofacl src "/usr/local/etc/squid/ip.txt";tcp_outgoing_address X.X.X.X nameofacl;

    nameofacl is what you will write of name its not important you can use any
    X.X.X.X is your wan interface (not gateway)

    "/usr/local/etc/squid/ip.txt" is ip list which you want to ip's going to which interface.
    open any txt file. then write per line 1 ip

    example:
    192.168.1.40
    192.168.1.41
    192.168.1.42
    etc…

    no use /24 or /16 /8 for subnet

    no need any floating rule .. its working perfect with squid 2.1 and squidguard
    i think moderators change thread name to (fixed)

    A good contribution. But even if it works, it is not the same functionality we had before pfSense 2.1: Squid Outgoing connections balanced automatically between  WAN interfaces.

    This is an important topic. Maybe the hero members can contribute with a final post: Can we have Squid working with multi WAN on 2.1? What are the required steps?

    :)

    Thanks.



  • Still Waiting to work squid proxy with 2.1 :(
    the per ip list is fine but what to do if one wan connection goes down? it will still keep sending the request to failed wan :(
    this is major bug! kindly update it as soon as possible

    Thanks for all



  • Any news about fixing PfSense 2.1 to work with Multiwan+Squid, I'll need it and don't like to downgrade to 2.03.

    Thanks for your comments



  • Have 3 wans two wans uses load balance for proxy. third wan is for gaming and other traffic. Using pfsense 2.1 upgraded from 2.0.3. Using Lusca Proxy.



  • So far I was forced to downgrade to 2.0.3 to have squid working with multi-wan but I don't like the idea of losing the new 2.1 functionality.

    Hero members: come and save us !!! (as usually they do)

    :)




Log in to reply