On 2010/01/16 22:00, mashenko shenua wrote:
> Can you try it??. Some people tell me I can't use Squid with
> round-robin.. I see this for pfsense :
>
> http://forum.pfsense.org/index.php?topic=7591.msg42943
>
> tcp_outgoing_address 10.10.1.1 slow;tcp_outgoing_address 10.10.1.1
That diff is for pfsense to allow it to add 'pass out...route-to'
rules, you can add these entries anyway with pf.conf. Seems there's
a mistake in their sample squid.conf entries though, I think they
meant to have different tcp_outgoing_addresses for the 'slow' and
normal networks.
They are telling squid to use different source address for different
connections, and then using route-to to push those out of the correct
interface for the outgoing address they use.
The other way is to leave squid alone and just handle it with pf.
The main area people might have problems is getting things natted
correctly so the right source addresses are used on outgoing packets.
It's probably simplest to use 'probability' something like this
pass out quick proto tcp to 209.85.227.105 port 80 \
route-to (vlan4 192.168.46.49) nat-to (vlan4:0) probability 50%
(and of course the other 50% will be handled by other rules matching
this packet to go via the default route).
Thinking about it some more, perhaps this isn't possible with old
PF where nat was handled separately from filter rules; you might need
-current to do this...
