Re: [pfSense Support] Incorporating squid
As long as your setup already supports load balancing, it'll continue to do just that. You're simply redirecting traffic on TCP/80 to another location aka your squid box. Any traffic that is going to the 'Interwebs' from the squid box will also be load balanced (assuming proper configuration of your multi-WAN environment). Tim Nelson Systems/Network Engineer Rockbochs Inc. (218)727-4332 x105 - "Mike Lever" <[EMAIL PROTECTED]> wrote: > Hi Tim, > > Thank you very much for that feedback. One question. Once I have > setup > things as you suggested below, will requests from the squid box out to > the > internet cloud be load balanced ? > > I.e.: How do I ensure that the outgoing traffic that is not on the > proxy > server is load balanced ? > > Regards, > > > Mike Lever > > Tenacity Films (Pty) Ltd t/a > Velocity Films > > (T) +2711-807-0100 > (F) 086-681-7518 > > http://www.velocityfilms.com > > > CONFIDENTIALITY CAUTION: If you have received this communication in > error, > please note that it is intended for the addressee only, is privileged > and > confidential and dissemination or copying prohibited. Please notify > us > immediately by e-mail and return the original message. Thank you. > > -----Original Message- > From: Tim Nelson [mailto:[EMAIL PROTECTED] > Sent: 20 Aug 2008 11:07 PM > To: support@pfsense.com > Subject: Re: [pfSense Support] Incorporating squid > > I recently implemented a pfSense + Squid setup for a school. You'll > need to > make sure that the box you're running squid on is on a different > interface > than the subnet(s) you want filtered. The rules that redirect traffic > destined on port 80 apply globally to an interface so if your squid > box lies > on that same interface, it will not be able to 'get out' either. > > Go into NAT, then add a new 'Port Forward'. Use these values: > > Interface: the interface traffic will be coming in. If you want to > filter > your LAN clients, select LAN here > External Address: any > Protocol: TCP > External Port Range: 80 (HTTP should be in the drop down box) > NAT IP: The IP of your squid box > Local Port: The port you have squid running on > > Save your entries and then apply the changes. Any existing states will > not > be affected (I don't *think*) so you may have to clear your state > tables > before this becomes effective for all clients. > > Tim Nelson > Systems/Network Engineer > Rockbochs Inc. > (218)727-4332 x105 > > - "Mike Lever" <[EMAIL PROTECTED]> wrote: > > > Hi all, > > > > I have just had a squid box configured and am about to implement it > on > > on my network. > > > > I would like to ask you how you suggest I place it and route > traffic > > accordingly. Is anybody currently using squid boxes with pfsense. I > > can't use the onboard package as I have multiple WAN ports. > > > > Any help would greatly be appreciated ! > > > > Mike Lever > > > > Tenacity Films (Pty) Ltd > > t/a Velocity Films > > (t) +2711-807-0100 > > (f) +2711-807-1208 > > > > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Incorporating squid
Hi Tim, Thank you very much for that feedback. One question. Once I have setup things as you suggested below, will requests from the squid box out to the internet cloud be load balanced ? I.e.: How do I ensure that the outgoing traffic that is not on the proxy server is load balanced ? Regards, Mike Lever Tenacity Films (Pty) Ltd t/a Velocity Films (T) +2711-807-0100 (F) 086-681-7518 http://www.velocityfilms.com CONFIDENTIALITY CAUTION: If you have received this communication in error, please note that it is intended for the addressee only, is privileged and confidential and dissemination or copying prohibited. Please notify us immediately by e-mail and return the original message. Thank you. -Original Message- From: Tim Nelson [mailto:[EMAIL PROTECTED] Sent: 20 Aug 2008 11:07 PM To: support@pfsense.com Subject: Re: [pfSense Support] Incorporating squid I recently implemented a pfSense + Squid setup for a school. You'll need to make sure that the box you're running squid on is on a different interface than the subnet(s) you want filtered. The rules that redirect traffic destined on port 80 apply globally to an interface so if your squid box lies on that same interface, it will not be able to 'get out' either. Go into NAT, then add a new 'Port Forward'. Use these values: Interface: the interface traffic will be coming in. If you want to filter your LAN clients, select LAN here External Address: any Protocol: TCP External Port Range: 80 (HTTP should be in the drop down box) NAT IP: The IP of your squid box Local Port: The port you have squid running on Save your entries and then apply the changes. Any existing states will not be affected (I don't *think*) so you may have to clear your state tables before this becomes effective for all clients. Tim Nelson Systems/Network Engineer Rockbochs Inc. (218)727-4332 x105 - "Mike Lever" <[EMAIL PROTECTED]> wrote: > Hi all, > > I have just had a squid box configured and am about to implement it on > on my network. > > I would like to ask you how you suggest I place it and route traffic > accordingly. Is anybody currently using squid boxes with pfsense. I > can't use the onboard package as I have multiple WAN ports. > > Any help would greatly be appreciated ! > > Mike Lever > > Tenacity Films (Pty) Ltd > t/a Velocity Films > (t) +2711-807-0100 > (f) +2711-807-1208 > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Incorporating squid
I recently implemented a pfSense + Squid setup for a school. You'll need to make sure that the box you're running squid on is on a different interface than the subnet(s) you want filtered. The rules that redirect traffic destined on port 80 apply globally to an interface so if your squid box lies on that same interface, it will not be able to 'get out' either. Go into NAT, then add a new 'Port Forward'. Use these values: Interface: the interface traffic will be coming in. If you want to filter your LAN clients, select LAN here External Address: any Protocol: TCP External Port Range: 80 (HTTP should be in the drop down box) NAT IP: The IP of your squid box Local Port: The port you have squid running on Save your entries and then apply the changes. Any existing states will not be affected (I don't *think*) so you may have to clear your state tables before this becomes effective for all clients. Tim Nelson Systems/Network Engineer Rockbochs Inc. (218)727-4332 x105 - "Mike Lever" <[EMAIL PROTECTED]> wrote: > Hi all, > > I have just had a squid box configured and am about to implement it on > on my network. > > I would like to ask you how you suggest I place it and route traffic > accordingly. Is anybody currently using squid boxes with pfsense. I > can't use the onboard package as I have multiple WAN ports. > > Any help would greatly be appreciated ! > > Mike Lever > > Tenacity Films (Pty) Ltd > t/a Velocity Films > (t) +2711-807-0100 > (f) +2711-807-1208 > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Incorporating squid
Hi all, I have just had a squid box configured and am about to implement it on on my network. I would like to ask you how you suggest I place it and route traffic accordingly. Is anybody currently using squid boxes with pfsense. I can't use the onboard package as I have multiple WAN ports. Any help would greatly be appreciated ! Mike Lever Tenacity Films (Pty) Ltd t/a Velocity Films (t) +2711-807-0100 (f) +2711-807-1208 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]