Squid with Lan1 > Wan1, Lan 2 > Wan2



  • Hello, I'm using pfSense 2.1 :

    With firewall rules, i can get computers A, B, C access to internet only through WAN1, and D, E, F only through WAN2.
    But wen I ask Squid to bind interfaces LAN1 and LAN2, all traffic passes through only one WAN interface, which is WAN 1 (default).

    How can i do? Is this possible?
    Thanks for your help!  ;)



  • Try: Proxy server -> General settings -> Custom Options:

    acl LAN1 src 192.168.1.0/24;
    acl LAN2 src 172.16.0.0/16;
    tcp_outgoing_address 'wan1_address' LAN1;
    tcp_outgoing_address 'wan2_address' LAN2



  • it seems to work!
    Thank You!  :)



  • hmm after many test, i don't think it's works as i expected.
    I was misled by the squid cache when checking my wan ip on www.monip.org or http://whatismyipaddress.com.

    In fact, Squid only use default wan interface specified in System > Routing and don't take care of the custom options!



  • It's working on 2.0.3, dual Wan (no failover, no load balancing).

    Primary Lan goes through first Wan, other Lans use second Wan interface.
    Squid (2.7.9 pkg v.4.3.3) and Squidguard (1.4_4 pkg v.1.9.5) packages installed.



  • @rbt:

    It's working on 2.0.3, dual Wan (no failover, no load balancing).

    Primary Lan goes through first Wan, other Lans use second Wan interface.
    Squid (2.7.9 pkg v.4.3.3) and Squidguard (1.4_4 pkg v.1.9.5) packages installed.

    How did you?
    Just with squid custom options acl and tcp_outgoing_address?

    Edit : I'm using Squid3 (3.1.20 pkg 2.0.6), i will try to downgrade



  • @coemgen29:

    How did you?
    Just with squid custom options acl and tcp_outgoing_address?

    Yes, just as @rubic suggested.

    @coemgen29:

    Edit : I'm using Squid3 (3.1.20 pkg 2.0.6), i will try to downgrade

    I'm running pfsense on virtual machine, so I'll make a snapshot and try to upgrade pfsense to 2.1 and after that squid to 3.x.



  • Downgraded to squid 2.7.9 pkg v.4.3.3,
    it still not work  :( Squid always use default gateway



  • My Wan1 interface ip is : 10.0.0.100 (default gateway)
    My Wan2 interface ip is : 192.168.1.100

    Even if i just set "tcp_outgoing_address 192.168.1.100;", squid use default gateway only (10.0.0.100).

    There is maybe a outgoing rule to add?



  • Nobody has an idea to make policy routing with Squid?  :-[



  • Just tested on 2.1.1-PRERELEASE/Squid 2.7.9. It's working.
    Uncheck 'Disable X-Forward' and 'Disable VIA' on 'Proxy server: General settings', then open http://all-nettools.com/toolbox/proxy-test.php to make sure traffic not bypass squid for some reason.
    The result must be: "Proxy server detected", "You came from…", "You came via..."



  • @rubic:

    Just tested on 2.1.1-PRERELEASE/Squid 2.7.9. It's working.
    Uncheck 'Disable X-Forward' and 'Disable VIA' on 'Proxy server: General settings', then open http://all-nettools.com/toolbox/proxy-test.php to make sure traffic not bypass squid for some reason.
    The result must be: "Proxy server detected", "You came from…", "You came via..."

    "Disable X-Forward" and "Disable VIA" are already unchecked (default). Obviously it's don't work.

    Here is the results :

    You came from 172.16.0.2(172.16.0.2)
    You came via 1.1 xxxx:3128 (squid/2.7.STABLE9)
    Remote address 82.x.x.x.x (WAN1 Public IP)
    Remote host 82.x.x.x (WAN1 Public IP)

    Remote addresses should be 109.x.x.x (WAN2 Public IP)



  • @coemgen29:

    My Wan1 interface ip is : 10.0.0.100 (default gateway)
    My Wan2 interface ip is : 192.168.1.100

    The problem may be that you have the same ip subnet on different interfaces (WAN2, LAN1). Do you?



  • @rubic:

    @coemgen29:

    My Wan1 interface ip is : 10.0.0.100 (default gateway)
    My Wan2 interface ip is : 192.168.1.100

    The problem may be that you have the same ip subnet on different interfaces (WAN2, LAN1). Do you?

    In fact, My LAN1 subnet is : 192.168.100.0/24, i put 192.168.1.0 in the scheme for example,
    my apologies!

    So i have :
    WAN1 : 10.0.0.100
    WAN2 : 192.168.1.100
    LAN1 : 192.168.100.1/24
    LAN2 : 172.16.0.1/16

    Gateways :
    GW1 : 10.0.0.200 (default)
    GW2 : 192.168.1.200

    Squid custom options :
    acl LAN1 src 192.168.100.0/24;
    acl LAN2 src 172.16.0.0/16;
    tcp_outgoing_address 10.0.0.100 LAN1;
    tcp_outgoing_address 192.168.1.100 LAN2;

    "Disable X-Forward" and "Disable VIA" unchecked

    If i do a tracert, everything is ok, LAN2 go out via WAN2.
    If i check my public ip from LAN2 via website, it shows the WAN1 public IP instead of the WAN2.



  • Sorry, I ran out of ideas. It just must be working. If you will share your config backup (with all the sensitive data deleted), I'll try to help you.



  • Ok, i will go back to Factory defaults, note what i setup and then send my config file (if it does not work!)
    Thanks for ur help anyway



  • Well, i made a factory reset and discovered my problem: i had a static route in 192.168.0.0/16 to a VPN Gateway. (so wan2 was in this static route! 192.168.1.100/24).

    Deleted this static route and now, everything works like a charm  :)
    Thanks for your help

    Topic SOLVED



  • how could i work around the problem, that my wan-ip changes every 24h?


Log in to reply