[squid-users] Re: squid with muliwan
Is it for load balancing or FailOver? Load balancing, but taking failed connection into acccount, if possible. One LINUX-PC with 4 interfaces |--- ISP-1 LAN --squid--|ISP-2 |ISP-3 -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/squid-with-muliwan-tp4662760p4665115.html Sent from the Squid - Users mailing list archive at Nabble.com.
Re: [squid-users] Re: squid with muliwan
Il 26/10/2013 16:43, adamso ha scritto: Thanks for the replies, Marcello Romani i tried it. But le problème, when i broke eth0:1 on the pfsense gateway, i still have connexion. E.g : on my squid, yahoo mail go to eth0:1 par tcp_outgoing_ address. But when i broke eth0:1, i can go to yahoo mail. What do you mean when you write I broke eth0:1 ? -- Marcello Romani
Re: [squid-users] Re: squid with muliwan
On 27/10/2013 3:43 a.m., adamso wrote: Thanks for the replies, Marcello Romani i tried it. But le problème, when i broke eth0:1 on the pfsense gateway, i still have connexion. E.g : on my squid, yahoo mail go to eth0:1 par tcp_outgoing_ address. But when i broke eth0:1, i can go to yahoo mail. Can you explain that please? You cant break a piece of text. eth0:* are not interfaces they are just the labels used for display by the old obsolete ifconfig tool which is unable to cope with multiple-IPs belonging to one interface. Amos
[squid-users] Re: squid with muliwan
Thanks for the replies, Marcello Romani i tried it. But le problème, when i broke eth0:1 on the pfsense gateway, i still have connexion. E.g : on my squid, yahoo mail go to eth0:1 par tcp_outgoing_ address. But when i broke eth0:1, i can go to yahoo mail. -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/squid-with-muliwan-tp4662760p4662907.html Sent from the Squid - Users mailing list archive at Nabble.com.
[squid-users] Re: squid with muliwan
Thanks for the replies, I am using pfsense like router for the dual wan, the squid box have only one interface, it is in the DMZ in transparent mode. Waiting for the reply -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/squid-with-muliwan-tp4662760p4662768.html Sent from the Squid - Users mailing list archive at Nabble.com.
Re: [squid-users] Re: squid with muliwan
On 10/21/2013 11:37 AM, adamso wrote: Thanks for the replies, I am using pfsense like router for the dual wan, the squid box have only one interface, it is in the DMZ in transparent mode. Is it for load balancing or FailOver? Eliezer Waiting for the reply -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/squid-with-muliwan-tp4662760p4662768.html Sent from the Squid - Users mailing list archive at Nabble.com.
Re: [squid-users] Re: squid with muliwan
El 21/10/13 07:03, Eliezer Croitoru escribió: On 10/21/2013 11:37 AM, adamso wrote: Thanks for the replies, I am using pfsense like router for the dual wan, the squid box have only one interface, it is in the DMZ in transparent mode. Is it for load balancing or FailOver? pfsense supports both. using tcp_outgoing address could do the magic It should be a valid IP for the proxy. I recommend 127.0.0.1, 127.0.0.2, etc The the nat will do the rest.
Re: [squid-users] Re: squid with muliwan
Il 21/10/2013 10:37, adamso ha scritto: Thanks for the replies, I am using pfsense like router for the dual wan, the squid box have only one interface, it is in the DMZ in transparent mode. Waiting for the reply -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/squid-with-muliwan-tp4662760p4662768.html Sent from the Squid - Users mailing list archive at Nabble.com. I'm using pfsense too, and my squid box has just 1 ethernet interface. In linux you can assign two ip addresses to one physical interface with something like ifconfig eth0:1 ip addr up In pfsense you have to route the two ip addresses to the two different wan gateways. This can be done by adding firewall rules to the LAN interface. -- Marcello Romani
Re: [squid-users] Re: squid with muliwan
Hey, On 10/21/2013 01:15 PM, Alfredo Rezinovsky wrote: El 21/10/13 07:03, Eliezer Croitoru escribió: On 10/21/2013 11:37 AM, adamso wrote: Thanks for the replies, I am using pfsense like router for the dual wan, the squid box have only one interface, it is in the DMZ in transparent mode. Is it for load balancing or FailOver? pfsense supports both. using tcp_outgoing address could do the magic It should be a valid IP for the proxy. I recommend 127.0.0.1, 127.0.0.2, etc The the nat will do the rest. I am asking about the case in hands not what it supports.. There are couple ways to implement interception proxy and each and every one of them should be configured in another way. I am afraid I cannot respond in a second for that at the moment but later on I will start at describing it and the ways to solve it. Eliezer
[squid-users] Re: squid with muliwan
Hi, thanks all for the replies again, I am using pfsense for load balance. I want that the Lan1 users traffic go to the WAN1 and the Lan2 users traffic go the WAN2. Actually my squid server has only one interface eth0 which intercept pfsense NAT HTTP. Thanks -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/squid-with-muliwan-tp4662760p4662773.html Sent from the Squid - Users mailing list archive at Nabble.com.
Re: [squid-users] Re: squid with muliwan
And in a network sense of things: What is the ip of the clients? What interfaces names has for the clients the pfsense the squid etc. what is the subnet of each and everyone of them? Once I will have the bigger picture in hands I will be able to write more. As of pfsense it's based on FreeBSD with PF(from OpenBSD). Pfsense routing is based on IP level and I am aware of MARKING options that do exists in the PF mechanizm but I do not remeber and\or know how it works. there is the page in OpenBSD that gives some knowledge about it: http://www.openbsd.org/faq/pf/pools.html#outgoing Since FreeBSD uses the same mechanizm I suppose it's has similarity of functions which I think doesn't support Socket level marking. This article: http://www.packetmischief.ca/2011/09/20/virtualizing-the-openbsd-routing-table/ Actually gives some nice diagrams (which I still look for the software that made them). I do know that it is very simple to route traffic by the src adress and you dont need squid for that.. If you want for squio to intercept the traffic and also to do by src route policy you will need to use some thinking and planning on how it should be done using routing to the squid proxy and back etc.. if you want to see something about LB and Policy based routing in PfSense try this video: http://www.youtube.com/watch?v=HecHgI1HBKI and there is something I remeber that the FW rules and the routing should sould be edited sepratly. Eliezer On 10/21/2013 01:36 PM, adamso wrote: Hi, thanks all for the replies again, I am using pfsense for load balance. I want that the Lan1 users traffic go to the WAN1 and the Lan2 users traffic go the WAN2. Actually my squid server has only one interface eth0 which intercept pfsense NAT HTTP. Thanks -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/squid-with-muliwan-tp4662760p4662773.html Sent from the Squid - Users mailing list archive at Nabble.com.