pfSense Support Subscription

Author Topic: SQUID + Filter + HAVP + LoadBalancing + FailOver  (Read 3603 times)

0 Members and 1 Guest are viewing this topic.

Offline onkeldave83

  • Full Member
  • ***
  • Posts: 214
    • View Profile
SQUID + Filter + HAVP + LoadBalancing + FailOver
« on: April 19, 2012, 06:25:31 am »
hello at all,
i need the complete solution for havp as parent for squid proxy with proxyfilter and load balancing with failover!!!!
No solution worked on this forum^^
where are the specialst????


when i click all things together. my squid custom options bos says:

never_direct allow all;cache_peer 127.0.0.1 parent 4444 0 name=havp no-query no-digest no-netdb-exchange default;tcp_outgoing_address 127.0.0.1;;redirect_program /usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf;redirector_bypass on;redirect_children 3

this is shit! two times looback not work together!!!!!!

at what tim e it gives a working solution for this???
i dont want two servers for this szenario ;)


i use latest pfsense version!

HELP everyone to become professional!

Offline onkeldave83

  • Full Member
  • ***
  • Posts: 214
    • View Profile
Re: SQUID + Filter + HAVP + LoadBalancing + FailOver
« Reply #1 on: April 19, 2012, 07:49:44 am »
no one an idea? how to insert havp into the 100% working SQUID over loadbalancing with failover config???
please help to resolve problem

Offline onkeldave83

  • Full Member
  • ***
  • Posts: 214
    • View Profile
Re: SQUID + Filter + HAVP + LoadBalancing + FailOver
« Reply #2 on: April 19, 2012, 10:18:56 am »
YES I CAN!!!! I have it complete!

explain for all other:

i used shema 2 for havp:

Scheme: {inet}->[HAVP]->[Squid cache]->{clients}
Setup

Squid:

    Disable upstream proxy (also will auto-disabled by HAVP)

HAVP:

    Select Proxy mode field as Parent for Squid and Save
    Scan Squid cache with Antivirus: File scanner for removing cached viruses.
    If you are planning to use Transparent Proxy mode: Squid transparent on

(do not delete exists Squid Custom Options)


Scheme: {inet}->[Squid cache]->[HAVP]->{clients}
Setup

Squid:

    Transparent Proxy off/unchecked
    Disable X-Forward unchecked
    Disable VIA unchecked

HAVP:

    If you want transparent proxy, Select "Transparent" for HAVP Proxy Mode.
    HAVP Parent proxy field (lan ip:squid port) ex. 192.168.0.1:3128
    HAVP forwarded ip checked


with shema two of havp anti virus proxy you can realized
HAVP, Squid as Parent for Havp Proxy, Proxyfilter and Lightsquid (Proxy Reporter) with LoadBalancing and Failover Technique ;)

This is Godmode for every Admin^^

Offline onkeldave83

  • Full Member
  • ***
  • Posts: 214
    • View Profile
Re: SQUID + Filter + HAVP + LoadBalancing + FailOver
« Reply #3 on: April 19, 2012, 10:22:36 am »
1) i use havp transparent mode (you have to fill in squid as parent in config)
2) squid not transparent
3) i used the floating rule but only on wan1 with load-balancing and failover group but without port!!!!! when you used a port range (f.e. http) you cant download with fullspeed of loadbalancing (f.e. with jdownloader ;))
4) costum options in squid like: tcp_outgoing_address 127.0.0.1;!

x) the only disadvantage -> viruses are blocked but only when receive thorw client! you have to scan the cache of proxy sometimes ;)

when anyone have a question to realize this - ASK IN THIS THREAT

:)
« Last Edit: April 19, 2012, 10:30:52 am by onkeldave83 »

Offline hugo

  • Jr. Member
  • **
  • Posts: 33
    • View Profile
Re: SQUID + Filter + HAVP + LoadBalancing + FailOver
« Reply #4 on: April 24, 2012, 03:15:37 am »
Hello

Quote
1) i use havp transparent mode (you have to fill in squid as parent in config)
you set havp - proxy mode to "parent for squid" or to "transparent"
Quote

2) squid not transparent
you unchecked "transparent proxy" in Squid, right?

Quote

3) i used the floating rule but only on wan1 with load-balancing and failover group but without port!!!!! when you used a port range (f.e. http) you cant download with fullspeed of loadbalancing (f.e. with jdownloader ;))
what exactly you set,

Quote

4) costum options in squid like: tcp_outgoing_address 127.0.0.1;!

It's not working for me, when i try the eicar-test page

http://www.eicar.org/85-0-Download.html

the virus is not detected by HAVP. So the proxy seems to work but not ClamAV. If i use HAVP with the transparent mode the virus is detected but Load Balancing doesn't work.



Offline onkeldave83

  • Full Member
  • ***
  • Posts: 214
    • View Profile
Re: SQUID + Filter + HAVP + LoadBalancing + FailOver
« Reply #5 on: April 24, 2012, 06:19:26 am »
hello hugo,

1)
i set havp as transparent! shema two ;)
squid not transparent!
you set in havp config squid as parent (f.e. 192.168.1.2:3128)

2)
yes squid not transparent, but allow users check!

3)
i set:
- Apply the action immediately on match.
- ON WAN INTERFACE
- DIRECTION OUT
- PROTOCOL TCP
(you can definie a destination port to http, but there is the problem that you only can use both gateways with port 80 - i dont use this! i want on all ports two gateways for downloading much faster)
- Source Adress : Wan1 Adress
- Advanced: GATEWAY : Your Balancing or Failover group

4) sry not costum options, in squid3 is it: "Integrations Options"
costum options are under this point ;)

f.e. with squidguard
tcp_outgoing_address 127.0.0.1;redirect_program /usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf;redirector_bypass on;redirect_children 3


WORK!!!
good luck, answer if you complete this setttings to success
« Last Edit: April 24, 2012, 06:20:57 am by onkeldave83 »

Offline hugo

  • Jr. Member
  • **
  • Posts: 33
    • View Profile
Re: SQUID + Filter + HAVP + LoadBalancing + FailOver
« Reply #6 on: April 25, 2012, 02:18:41 am »
Hello onkeldave83

Quote
3)
i set:
- Apply the action immediately on match.
- ON WAN INTERFACE
- DIRECTION OUT
- PROTOCOL TCP
(you can definie a destination port to http, but there is the problem that you only can use both gateways with port 80 - i dont use this! i want on all ports two gateways for downloading much faster)
- Source Adress : Wan1 Adress
- Advanced: GATEWAY : Your Balancing or Failover group

this rule doesn't work for me. i don't know what`s problem. maybe i figured out later in a vm instance.




Offline onkeldave83

  • Full Member
  • ***
  • Posts: 214
    • View Profile
Re: SQUID + Filter + HAVP + LoadBalancing + FailOver
« Reply #7 on: April 25, 2012, 02:52:42 am »
good morning hugo,

you have set squid3 proxy on lan interface with Integrations Options ? (there is a little trick, you have to install first squid 2.7, delete squid 2.7 and install squid3 ;))
and have set havp as transparent with parent detials ?
add the floating rule on wan1 default on wan1 address and gateway options to loadbalancing ?
this have to work when we have the same versions ;)

eicar test worked, porn phrases are blocked in google search from squidguard and all things i want are chached :)

Offline hugo

  • Jr. Member
  • **
  • Posts: 33
    • View Profile
Re: SQUID + Filter + HAVP + LoadBalancing + FailOver
« Reply #8 on: April 25, 2012, 03:43:13 am »
when i install squid3, i cant get it running

Quote
php: /pkg_edit.php: The command '/usr/local/sbin/squid' returned exit code '1', the output was '2012/04/25 10:35:34| Warning: empty ACL: acl throttle_exts urlpath_regex -i "/var/squid/acl/throttle_exts.acl" 2012/04/25 10:35:34| ERROR: Error Directory /usr/local/etc/squid/errors/German: (2) No such file or directory FATAL: Error Directory /usr/local/etc/squid/errors/German: (2) No such file or directory Squid Cache (Version 3.1.19): Terminated abnormally. CPU Usage: 0.068 seconds = 0.017 user + 0.051 sys Maximum Resident Size: 5036 KB Page faults with physical i/o: 0'

wow it will need some time to fix it. it's there a way to reset all squid configs?

Offline onkeldave83

  • Full Member
  • ***
  • Posts: 214
    • View Profile
Re: SQUID + Filter + HAVP + LoadBalancing + FailOver
« Reply #9 on: April 26, 2012, 02:52:51 am »
good morning hugo,
yes this is a problem!

delete both packages - squid 2 and squid3 in packagae manager in pfsense

first you install squid2
second you uninstall squid2
last you install squid3

this was my solution to get squid3 working ;)

or you can make factory defaults, but this is like format c: - its only for noobs ;)

Offline hugo

  • Jr. Member
  • **
  • Posts: 33
    • View Profile
Re: SQUID + Filter + HAVP + LoadBalancing + FailOver
« Reply #10 on: April 26, 2012, 03:20:24 am »
Morning onkeldave83,

i fixed by creating the missing dir

Quote
/usr/local/etc/squid/errors/German

and now its work. After a reboot, i found the havp service stopped and new chown errors in the system log.

Quote
php: : The command 'chown -R -v havp /usr/local/etc/freshclam.conf' returned exit code '1', output: havp: Invalid argument'

see also attachment

i can fixed by deleting and reinstalling of a the havp package, but it would be better to do a reboot without this action. so, i'm looking first for a solution and then i try it again. Stay tuned!



Offline onkeldave83

  • Full Member
  • ***
  • Posts: 214
    • View Profile
Re: SQUID + Filter + HAVP + LoadBalancing + FailOver
« Reply #11 on: April 26, 2012, 03:57:55 am »
nice work, i hold my breath ;)

Offline hugo

  • Jr. Member
  • **
  • Posts: 33
    • View Profile
Re: SQUID + Filter + HAVP + LoadBalancing + FailOver
« Reply #12 on: April 27, 2012, 03:19:19 am »
Hey onkeldav83,

i fixed by following this thread

http://forum.pfsense.org/index.php/topic,31869.msg201968.html

now it's working, but it's in the 'transparent mode' its very slow on my vm.  i'll use it like "squid as parent" for some special case such as terminalserver

thx for help