[pfSense-discussion] Pfsense in bridge mode and squid
Sorry because of the topo is in wrong allign. :( Hi all. I have a problem with pfsense and squid and want to get help. My topology is : ---LAN-Internal addr-Bridge-External addr-Router-Internet (10.4.4.0/24)(10.4.4.110)| (10.4.4.11) (10.4.0.1) Optional inter (10.4.5.1) | squid box (10.4.5.5) There are 2 problem : 1. How to set up optional inter as DMZ so that LAN interface can access squid box, squid box can access Internet but can not access LAN. 2. How to redirect http traffic from LAN to squid box. I have just found in forum but I can not see anything about my problem (pfsense in bridge mode). So I 'm looking for your help. Thanks. - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense-discussion] Pfsense in bridge mode and squid
hi all. I have a problem with pfsense and squid and want to get help. My topology is : ---LAN-Internal addr-Bridge-External addr-Router-Internet (10.4.4.0/24) (10.4.4.110) | (10.4.4.11) (10.4.0.1) Optional inter (10.4.5.1) | squid box (10.4.5.5) There are 2 problem : 1. How to set up optional inter as DMZ so that LAN interface can access squid box, squid box can access Internet but can not access LAN. 2. How to redirect http traffic from LAN to squid box. I have just found in forum but I can not see anything about my problem (pfsense in bridge mode). So I 'm looking for your help. Thanks. - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense-discussion] VPN Tunnel Dual WAN failover
On Wed, Mar 4, 2009 at 4:30 AM, Mark Slatem wrote: > Pity this does not work by default, as this > would be a killer feature for us. Could always start a bounty for it. I suspect there's a number of people who would be interested in this type of functionality. -Dave - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense-discussion] VPN Tunnel Dual WAN failover
On Wed, Mar 4, 2009 at 7:30 AM, Mark Slatem wrote: > Thanks for all advice. > > I recall attempting to add a static route to the openvpn server endpoint ip, > but it still did not work for me. Then you aren't doing something right. - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense-discussion] VPN Tunnel Dual WAN failover
Thanks for all advice. I recall attempting to add a static route to the openvpn server endpoint ip, but it still did not work for me. I read somewhere on the forums that internal services do not use the failover pools/ routes and this is why it does not work. Some suggested some command line hackery could get it to work, but we have too many of these things deployed in the field to be able to go and hack each one of them. Pity this does not work by default, as this would be a killer feature for us. Chris, Will version 2 support this natively by any chance? On Wed, Mar 4, 2009 at 12:01 PM, Chris Buechler wrote: > On Tue, Mar 3, 2009 at 6:57 PM, Mark Slatem wrote: > > Hi all. > > > > I have about 50 Alix embedded firewalls running at branches. All the > > branches connect to a central pfsense at our data centre via an openvpn > > tunnel. This solution works absolutely beautifully and allows all the > > branches to be on one private network. The problem is some of the > branches > > are in locations where the ADSL links have intermittent connectivty > problems > > and can go down for extended periods. We have countered this by putting > down > > 3G routers at these branches and having a Dual Wan with load balancing > pools > > for failover. This works well and when one link goes down the traffic is > > routed via the other link. However this does not work for the openvpn > tunnel > > that refuses to establish down the secondary WAN link, I have tried and > > tried but can not get it to work. > > > > You have to add a static route to direct the traffic. Manual failover > works fine with appropriate routes. > > Automatic failover would require configuration of a routing protocol. > None of the existing supported ones are a good fit, though we'll > likely see OSPF support at some point in the not too distant future. > - Show quoted text - > > - > To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com > For additional commands, e-mail: discussion-h...@pfsense.com > > Commercial support available - https://portal.pfsense.org > >