PfSense Multiwan Fix for Squid and Lusca

Discussion in 'PFsense M0n0wall IPcop & others PC based routers' started by athenaxds, May 2, 2012.


  1. athenaxds

    athenaxds Member




    Do you ever wonder why your Tier 2 connection doesn't work properly when lusca/squid is turned ON.

    The solution is finally here.

    First of all I would like to thank some of my co PDSL mates for sharing pfsense to our community. Deeza for the pfsense and lusca tutorials and darkanyons for sharing the script for fixing youtube errors. Now it is time for me to give back my share.

    Let us start then

    First of all make sure your pfsense multiwan configuration is running fine without lusca that is by turning off and on each gateways.

    Let us now proceed to the solution that all of us have been waiting for.


    Services Proxy Server
    [​IMG]
    Add this to your lusca custom options then click save

    Firewall NAT
    [​IMG]
    Select Manual Outbound NAT Rule Generation(AON-Advance Outbound NAT)

    Add those rules for WAN and WAN2
    The ones with port 500 are the most important otherwise you won't be able to ping and connect to your online games.
    Don't forget to click save and apply

    Firewall Rules Floating
    [​IMG]

    I have 2 rules inbound and outbound this helps your applications communicate properly in and out both gateways.

    Quick - Apply on immediate match (check)
    Direction - out(2nd rule change to in)
    Protocol - TCP
    Destination Port Range - DNS to HTTPS
    Description - Add your description whether it is in or out

    Gateway - Change this according to your gateways group name.

    Don't forget to save ^_^

    If you did this properly you will be able to ping google.com or youtube.com and be able to browse in your Tier2 Connection
     
    dhapelo_32, Deeza and Darkanyons like this.
  2. josekym

    josekym Member




    Nice!

    By "Tier2 Connection", do you mean the WANs are in fail-over mode (i.e. WAN1 = Tier1; WAN2 = Tier2) as opposed to load-balance (i.e. WAN1=Tier1; WAN2=Tier1)?
     
  3. athenaxds

    athenaxds Member




    Yes pag nag fail yung tier 1 mo tapos your using tier 2 may ping pero hindi makapag browse.
     
  4. athenaxds

    athenaxds Member




    @josekym ano ba layout ng network do you also use pfsense for multiwan?
     
  5. josekym

    josekym Member




    Network layout? Typical small LAN lang.

    Yes, we use pfSense gateways to maximize our 4xWAN connections. We have 2 pfSense boxes doing multi-WAN LB and FO with transparent Squid on them. We do not use Lusca though, just Squid.
     
  6. Darkanyons

    Darkanyons Member




    Thanks for sharing.

    All my 3Wan connections are on tier 1. i just give them different weights to compensate with different bandwidths.
    [​IMG]

    Serving 51 clients, bandwidth is peaking almost 30mb/s on a 360sec view due to caching.
    [​IMG]
    I'm always excited to see these graphs. :)
     
  7. athenaxds

    athenaxds Member




    @darkanyons are you still using DI-LB604 for managing multiple wan connections?
     
  8. Darkanyons

    Darkanyons Member




    Nope. the D-link was decommissioned many months ago after i ascertain the stability of my build. this is the 3rd pf box version i made with bigger muscle. :)
     
  9. athenaxds

    athenaxds Member




    the graph is quite nice ^^,
     
  10. neo valdez

    neo valdez Member




    hmmm pag nilalagay ko ung 127.0.0.1/32 nawawala ang browsing ko kaya nilagay ko any
     
  11. athenaxds

    athenaxds Member




    image002.jpg
     
  12. neo valdez

    neo valdez Member




    thanks sir...ill try again;)
     
  13. athenaxds

    athenaxds Member




    @sir neo

    slow browsing issue na lang po naka load balancing pero pag fail over smooth na po siya.
     
  14. d'joedanger

    d'joedanger Member




    this thread must be stick

    thanks for sharing.. :)
     
  15. athenaxds

    athenaxds Member




    @joedy eto po yung updated NAT rules kulang po yung 4 na yan
     
  16. mdonline

    mdonline Member




    Has any one experience some problems regarding Multi Wan that has the same ISP (2 PLDT connection)

    :D
     



  17. Multi-Wan separate Browsing and Gaming both PLDT 4mbps ok naman po
     
  18. mdonline

    mdonline Member




    Can't allocate llinfo

    I saw somewhere in the pfsense forums that it's not possible to have 2 WAN connections on the same ISP that has the same gateway. Ang pinag tataka ko, when I first installed the dual LAN card, it was working siguro mga 6-8 hours na tumatakbo yung dual WAN tapos nung madaling araw nag error na. :D
     
  19. athenaxds

    athenaxds Member




    Just set your modem to router mode then change the IP of each modem replace the x in 192.168.x.1 with numbers from 1-99 (leave WAN and WAN2 to DHCP only)
     
  20. mdonline

    mdonline Member




    Thanks athena

    what i've tried before is putting a router between the modem and pfsense. but the problem was my OPT1 keeps on going down.

    Right now I have my P660 on router mode. I'll see if this setting works :D keep you posted :)
     
                                 

Share This Page