Thank you. I had the same idea today, but did that mean that in combination with captive, wich adding a pass rules for each ip/mac pair (and so overwrite my http-->OPT1 rule), i think I will need 3 pfsense boxes. Or isn't it? Is there no way to hard code for leting squid using OPT1. Another idea, can I invert my wan and opt1 and add a filter rule for everything to use the opt1 interface (wich should not affect squid traffic) and let the shaper work with lan and opt1?
Best regards, Christian Gerlitz -----Ursprüngliche Nachricht----- Von: Scott Ullrich [mailto:[EMAIL PROTECTED] Gesendet: Freitag, 5. Mai 2006 22:24 An: [email protected] Betreff: Re: [pfSense Support] Squid and policy based dual wan On 5/5/06, Christian Gerlitz <[EMAIL PROTECTED]> wrote: > I am looking for a quick and dirty solution for the above. I give it > up to try to internaly forward the http traffic to another pfsense > box. So I set up one pfsense with one PPPoE adsl connection directly > connected to this box as WAN and one PPPoE connection over a > router-modem as OPT1. A rule for directing http traffic over the > gateway of OPT1 works fine and also the transparent mode or NAT Rule > for squid works fine. But not together. I know that this is not a bug, > because it was necessary to hardcode a rule for the squid traffic to > not get into a loop. So it is clear that my rule for sending port 80 > traffic from lanip to any will not work. My question is were to hack > (probably in filter.inc) to hardcode this rule (squid>>OPT1). Squid is not compatible with multi-wan. You'll want a second squid box processing traffic due to the userland multi-wan issue that I have spoken about countless times. I believe there is a faq entry on this at faq.pfsense.com. Scott --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
