Manual Outbound NAT for CARP IPs and Squid

  • I tried to follow this guide on pfsense 2.1 release: to get my Squid proxy to not drop connections during a CARP failover.  The biggest difference in my config is that I don't have a second ISP yet.  I also found this thread which is pretty much what I am experiencing (still only one ISP though):,57999.msg310203.html#msg310203.

    I have all the default NAT rules including the loopback rule and I added the web rule in the first link.  However every time I enable manual outbound NAT I can no longer get out to the internet.  I'm guessing there is something basic I am missing.  Is there anyone that can fill me in?

  • Sill no luck… Anyone have any ideas?

  • Rebel Alliance Developer Netgate

    What you're after won't work. The connections go through squid, not NAT, so no amount of NAT will help that.

    The proxy process on the two nodes are separate. AFAIK squid doesn't have any kind of a multi-node sync for the connection/cache, only settings.

    Unless somehow the squid proxy processes could share data about ongoing connections in a clustered fashion, that isn't going to work no matter what you have set in pfSense.