pfsense make squid use gateway group
Hi,
For the last couple of weeks/months i've been trying to get squid to loadbalance/failover using gateway-groups. (in vmware)
Currently i'm at the point that i'm able to get it working with VERY BAD PERFORMANCE.
I believe some minor tweaks are still needed but i'll publish what i have so far and hope someone will figure out how to get it right.
my wan ip: 192.168.5.2 (gw=192.168.5.1)
my opt1 ip: 10.168.20.2 (gw=10.168.20.1)
my lan ip: 10.10.20.1 (gw=gateway-group)
1. install latest snapshot & configure your interfaces (i'm using the 2011/01/20 snapshot)
2. in system-->routing add gateways for all interfaces
in the group tab add a loadbalancing group (tier 1 , all interfaces)
3. make sure to add the gateways to the WAN/OPT interface (interface menu)
4. Firewall rules:
details about the floating rule see this pdf: http://goput.it/fer.pdf
or bellow
note the state-type !!! <-- bad="" but="" causes="" doesn="" i="" it="" m="" performance="" pretty="" span="" sure="" t="" the="" this="" without="" work="">
also: don't forget the gateway-group
5. Nat rules:
6. Install squid (system-->packages-->squid)
7. Configure squid bellow
http://goput.it/hhe.pdf
note the 'tcp_outgoing_address' directive at the bottom.
I hope some people will find this useful and perhaps come up with a solution for the performance issue.
my complete config can be downloaded here: http://goput.it/hah.xml
Nenhum comentário:
Postar um comentário