The point of setting up this way is that pfSense does not offer that kind of Web content filtering which we need and squid provides. I know I can setup squid on pfSense box as well. But being not very expert in pfSense, I don't want to open too many fronts and start fighting on all at once.
- Asim On Thu, Sep 5, 2013 at 5:08 PM, Seth Mos <[email protected]> wrote: > On 5-9-2013 13:09, Asim Ahmed Khan wrote: > > Hi, > > > > Let me first briefly explain my setup. I have redundant internet link > > from two ISPs. Before pfsense, I was using two gateway boxes. One for > > each internet link. Each box is CentOs, with Shorewall + Squid. I have > > certain rules imposed on each box. Each box has two NIC, one for public > > IP from is, and one for LAN. > > > > Now to implement failover and few other things, i setup a pfsense box. > > Now network is like : > > > > Both Gateway boxes' public interface has been reconfigured on different > > subnet which is being shared by pfsense's local NIC. i.e. Both old > > gateways get internet from pfsense instead of ISPs. > > > > Now what I need to do (or at least know if possible), is to be able to > > see who from my LAN is consuming most bandwidth. pfsense provide > > "bandwidthd" for that. But the problem is, pfsense only see the two > > clients connecting to it and those are public interfaces of gateway > > boxes. So I can't get the real picture. Is there anyway, pfsense can see > > who actually is sending request to pfsense through public interface of > > gateway ? > > Maybe I'm mistaken here, but the shorewall devices are behind your > pfSense firewall and they perform NAT making only those 2 addresses > visible. > > If that is the case you need to set up static routes on pfSense and drop > the NAT on the gateway boxes. > > I'm not understanding too well why you don't put everything into one > box, or maybe add carp for failover. This seems very convoluted. > > Regards, > > Seth > > _______________________________________________ > List mailing list > [email protected] > http://lists.pfsense.org/mailman/listinfo/list > -- Regards, Asim Ahmed Khan *Senior Manager IT & Cloud Services,* Folio3 Pvt. Ltd Ph: 021-34323721 Cell : 03452109368
_______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
