Scribd
Upload
912 views6 pages

PfSense Web Proxy With Multi-WAN Links

This document provides step-by-step instructions for setting up a pfSense web proxy with multiple WAN links for failover and load balancing capabilities. The steps include: 1) Configuring the WAN interfaces and DNS servers for each WAN link. 2) Creating a gateway group in the routing configuration to prioritize or load balance across the WAN links. 3) Setting up a floating firewall rule to send HTTP traffic out either WAN interface using the gateway group.

Uploaded by

Enrique Torrez
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
912 views6 pages

PfSense Web Proxy With Multi-WAN Links

This document provides step-by-step instructions for setting up a pfSense web proxy with multiple WAN links for failover and load balancing capabilities. The steps include: 1) Configuring the WAN interfaces and DNS servers for each WAN link. 2) Creating a gateway group in the routing configuration to prioritize or load balance across the WAN links. 3) Setting up a floating firewall rule to send HTTP traffic out either WAN interface using the gateway group.

Uploaded by

Enrique Torrez
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

Set-up pfSense Web Proxy with multi-WAN links (this configuration works!

)
Author Date Version : Dimitri Souleliac, CISSP (dimitri.souleliac [at] gmail.com) : May, 2011 : 2.0-RC1 (built on Sat Feb 26 15:30:26 EST 2011)

NETWORK DIAGRAM

STEP-BY-STEP HOWTO
1) Configure correctly your WAN1 and WAN2 interfaces (static IP or DHCP) and Gateways. WAN1 example:

WAN2 example:

Test your gateway (ping the router).

2) Configure your DNS server in General Setup tab Example:

Some explanations: - Provider for WAN1 uses 2 DNS servers. I configure the correct gateway to reach theses DNS - Provider for WAN2 uses the gateway as DNS server (!). In this case, I didnt configure the gateway to reach the DNS.

2) Configure a Gateway group in Routing tab Check the existing gateway (you may have one as Default Gateway)

As a monitor IP, I use the DNS servers of the providers.

Click on Groups and add one: - Chooser Tier 1 and Tier 2 to prioritize a gateway (failover) - or, Choose the same priority (load-balancing) In my opinion, Packet Loss is a good trigger.

Result:

3) Set-up firewall rules Set-up a Floating rule with the following parameter:

Explanations: - The floating rules apply on multiple interfaces, - Choose your WAN1 and WAN2 interfaces, and direction out - Choose HTTP as destination port - Specify the gateway with MULTIWAN (the most important thing!)

Result:

You can also create another rule (optional) to use MULTIWAN with other flows. Example on the LAN interface:

3) Set-up manual Outbound NAT (AON option) In NAT tab, you have to check Manual Outbound NAT rule generation

Then, -

add 2 mappings with WAN1 and WAN2 interfaces: Protocol = any Source = any Destination = any Translation = Interface address

4) Configure correctly Squid Web Proxy (the tricky thing!) I assume that you have installed Squid package. In installed SquidGuard (filter) and LightSquid (reports). my case, I also

In Proxy server tab / General settings, add the loopback interface:

I also use a transparent proxy. I you choose to activate this option, you must change the port for pfSense Web GUI (HTTPS instead of HTTP) in Advanced tab. Then, you have to add a Custom Options on the bottom of the page: tcp_outgoing_address 127.0.0.1; Dont forget to end with a semicolon.

5) Test it! Open your favorite Web Browser (Firefox) and go to http://myip.dk. Unplug the Tier 1 router and reload the page.

Your IP address may change in case of failover.

Comments on this document are welcome. Thanks to all!

You might also like