Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Multi-WAN with squid3 proxy server

    Scheduled Pinned Locked Moved Cache/Proxy
    14 Posts 4 Posters 3.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      kevindd992002
      last edited by

      I understand that squid3 listens at port 3128 but how does it work in the background when incorporated in pfsense?

      So a computer in the LAN connects to the proxy server at port 3128. Then the squid3 proxy service receives the request and does the packet follow the policy-based routong rules of pfsense to know which WAN interface it will go out to?

      I have two WANs that are load balanced in a gateway group. And then I have a rule for that gateway group that routes outbound traffic with any destination address port. So if a request from a computer in the LAN is initiated, which really comes first the pfsense policy-based routing rules or squid3?

      I'm looking for network diagrams in the Internet that explains this but I can't find anything.

      1 Reply Last reply Reply Quote 0
      • K
        kevindd992002
        last edited by

        Are there new methods for pfsense 2.2.5 to make this work? I'm trying to implement the techniques mentioned in some of the old guides here but they don't seem to work. Specifically, what I did was to put "tcp_outgoing_address 127.0.0.1" in the custom options of the squid settings and then created a floating rule that would use my multi-wan gateway group but squid seems to still use the default gateway.

        Please help. Thanks.

        1 Reply Last reply Reply Quote 0
        • K
          kevindd992002
          last edited by

          Anyone please?

          1 Reply Last reply Reply Quote 0
          • T
            trinidadrancheria
            last edited by

            We are doing load-balancing but I'm not at work right now.
            I will look tomorrow and tell you how we're doing it.
            As far as I remember with regard to the rules the sequence is nat then floating thenĀ  Interface group then interface.

            https://doc.pfsense.org/index.php/Firewall_Rule_Processing_Order

            I will get back to you in the morning.

            Our set up maybe a little more complicated or not. We have multiple wan and also multiple Pfsense boxes.

            1 Reply Last reply Reply Quote 0
            • K
              kevindd992002
              last edited by

              Sure, thanks. I'll wait for your reply.

              1 Reply Last reply Reply Quote 0
              • K
                kevindd992002
                last edited by

                Do we have anything on this?

                1 Reply Last reply Reply Quote 0
                • K
                  kevindd992002
                  last edited by

                  BUMP!

                  1 Reply Last reply Reply Quote 0
                  • KOMK
                    KOM
                    last edited by

                    From what I know, squid will always use the default gateway in a multi-WAN config no matter what you do.

                    1 Reply Last reply Reply Quote 0
                    • K
                      kevindd992002
                      last edited by

                      @KOM:

                      From what I know, squid will always use the default gateway in a multi-WAN config no matter what you do.

                      By default, yes. But there were "fixes" for this on the past versions of pfsense. These don't work on the latest version though and I don't really understand how they work (which is why I decided to make my own thread).

                      If you think of it though, localhost services should have a way to use the multiwan gateway. Pfsense itself, when downloading a firmware update, only uses the default gateway by default.

                      1 Reply Last reply Reply Quote 0
                      • K
                        kevindd992002
                        last edited by

                        Anybody please?

                        1 Reply Last reply Reply Quote 0
                        • K
                          kevindd992002
                          last edited by

                          Please help? Anyone? Is this not a valid question?

                          1 Reply Last reply Reply Quote 0
                          • KOMK
                            KOM
                            last edited by

                            If nobody has responded then it usually means that nobody knows.

                            1 Reply Last reply Reply Quote 0
                            • R
                              reinaldo.gomes
                              last edited by

                              Have you ever tried the floating rules? There you can target the firewall itself as the source. I haven't tried this yet, but soon I'll have to.

                              1 Reply Last reply Reply Quote 0
                              • K
                                kevindd992002
                                last edited by

                                @reinaldo.gomes:

                                Have you ever tried the floating rules? There you can target the firewall itself as the source. I haven't tried this yet, but soon I'll have to.

                                Yes I did. If you've read post # 2 of this thread, the details of the rule I've made are there.

                                1 Reply Last reply Reply Quote 0
                                • First post
                                  Last post
                                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.