next »

[MrsPotter]

Hi,

I've searched/read all threads about multi-wan within the forum/wiki/howto. Many posts concern 1.2.x. Also, it seems all of them are concerned with squid running in transparent mode. I've started a new thread on this old topic to try and:

a) summarize the current state of what works and what doesn't.
b) determine if multi-WAN will behave differently under squid (not transparent)?


It seems the general consensus is that:

1) 2.0 Multi-WAN + firewall + loadbalance + failover:
Works great  

2) 2.0 Multi-WAN + firewall + failover + squid (transparent):
Seems to work for most users, others experience problems after some time (down link not coming back up again etc), yet others can't get it to work altogether (probably due to weird scenarios or wrong settings).  

3) 2.0 Multi-WAN + firewall + failover + loadbalance + squid (transparent):
Found one post that claims it works, others experience problems after some time (yet it seems these cases weren't tested properly to ascertain that the setup worked in the first place), yet most users can't get it to work altogether. Problem seems to be squid always using the default WAN, thus balancing doesn't work for HTTP data. Or, squid not understanding balancing?  However, it seems very logical to me that floating rules should solve this?

4) 2.0 Multi-WAN + firewall + squid (not transparent) (loadbalance + failover):
Any comments? Anyone tried this? How would this behave differently than squid (transparent)?  

In my scenario I can't use squid transparently. I'd like to add load balancing to a working server, but can't get much down time on it, thus will have small window within which to deploy it. Thus, any pre-knowledge would be of great help.

Cheers,

MrsPotter







 

[mzaaa]

I have also this issue.anyone can help us.

[MrsPotter]

OK -obviously very few have tried this:
       2.0 Multi-WAN + firewall + squid (not transparent) (loadbalance + failover)

So, I'll have a test run in a week or so - will report back.

It'll be cool if we could put together a more comprehensive Multi-WAN howto, that discusses the finer details.

[pubmsu]

Hi MrsPotter,

Could you finally get it working on transparent mode? We're struggling exactly with this.

Thanks,
pub

[MrsPotter]

Hi,

Sorry, I have not yet had the chance to try it - it will most likely happen within the next 2 weeks. I was kind of hoping that someone would post their successes in the meanwhile.

I recently ran the 2.01 update - so hopefully it works in this later version.

The way I understand it: this should be possible using the floating rule function. And then point squid and whatever else to the floating rule (which represent the balanced gateway). People were complaining that squid doesn't want to except anything other than the default gateway. But, it seemed to me that this is due to a bug in the way gateways are defined. Since, one should be able to set the balanced gateway as the default. I remember having difficulty with two gateways etc. But, from the release doc this seems to be improved in 2.01 - so fingers crossed this might work.

Running squid in transparent mode result in quite a few head aches (for me at least). Video streaming is slow, some software times out (especially when searching for a licensing server) - so I'm using a non-transparent proxy configured via WPAD. Works just as well if not better. I was hoping that it is the transparent part that produces the balancing issues.

If I can't get the balancing to work - I'm going to (as a next resort) route mail through the one gateway, and other traffic through the other. Half of our traffic consists of email - so as a next best this makes sense.

I'll report back on my results.

Anyone else that got this working yet?

Cheers,

MrsPotter.

[pubmsu]

Thanks @MrsPotter, apparently there's an "easy" method here, to which I posted some questions, too:

http://forum.pfsense.org/index.php/topic,38882.msg233730.html#msg233730

BTW, we could make failover work with transparent proxy, but still didn't test loadbalancing thoroughly. Will report back.

[MrsPotter]

Hi,

I couldn't even get multi-WAN going. See http://forum.pfsense.org/index.php/topic,46160.msg241851.html#msg241851 for the problem I encountered.

Haven't been able to solve that yet.

Cheers,

[MrsPotter]

2.0 Multi-WAN + firewall + squid (not transparent) + squid filter (loadbalance + failover):

Ok - got this to work  

Must say that I'm pleasantly impressed by this software - so far so good, been running for about a week now.

I followed the information found in http://forum.pfsense.org/index.php/topic,38882.msg233730.html#msg233730

BTW: I'm using sticky connections to avoid issues with https banking site etc. And, this seems to do the trick as well.

[denvel]

Hi all, i had manage to configure internet load balancing + squid(not transparent) + squidguard using pfsense. But my problem is when i try to browse some websites it stocks or freezes then when i refresh my web browser it will load the webpages. I think there is a problem with the floating rules..because when i disabled the floating rules i can web browse normally. Anybody had experience this kind of problem about floating rules??

[jikjik101]

I am using 2.0.1-RELEASE (i386)  with 3 WANs+load balance+squid transparent.
The only problem I have is I can't use policy routing. To fix that, need to customize the tcp_outgoing_address.

[onkeldave83]

heh how you realized load balancing +failover +squid +squid filter +havp ?

what is the thing i missing?

floating rules? i dont have one!!!

my system preferences in words:

1) squid transparent
2) havp antivirus as parent for squid
3) in the new release i dont need port forward to squid port - with tranparency is preference complete and it works great!
4) loadbalancing group create and failover group create
5) in firewall rules under lan, i have create access rules to use loadbalancing and failover
-----------------------------------------------------------------------------------------------
6) without squid it works! it changes the gateway from 1&1 server in whatismyip.com
7) with squid it dont work! only over other ports i can use paralell the two gateways! f.e. jdownloader or other downloadtools with more connections to destination.

HOW CAN I REALIZED over port 80 / http that squid uses loadbalancing group gateways and not only the default gateway??

thanks for any help!!!!

[Kyushu]

Hi all, i had manage to configure internet load balancing + squid(not transparent) + squidguard using pfsense. But my problem is when i try to browse some websites it stocks or freezes then when i refresh my web browser it will load the webpages. I think there is a problem with the floating rules..because when i disabled the floating rules i can web browse normally. Anybody had experience this kind of problem about floating rules??

We also experience this. I think it would be advisable to run squid on a different machine rather than running it inside the pfsense machine. Though I am not sure about the settings since we are only new in using pfsense. Maybe there's another way to configure loadbalancing+failover+squid to make it work properly.