Feature #3320
closedHAVP does not honor FW Gateway rules
0%
Description
Hello,
I have pfSense 2.1 setup with 2 WANs, configured for failover with Gateway groups.
My computers are getting HTTP through Squid with HAVP as a parent proxy.
When the default Gateway goes down, the proxy server cannot give internet access anymore (getting HAVP error page).
I can still access internet by bypassing the proxy.
I switched the default Gateway (i know i can also let pfSense switch it automatically), which makes the proxy work again.
But there is a question that remains:
I setup a LAN FW rule to force all traffic from my IP through the second Gateway (the one that works), but as long as i use the proxy, it does not work.
Doesn't HAVP honor Gateway rules ? I mean if i use Squid + HAVP, does the whole traffic always go through the default Gateway, whatever Gateway rule i set ?
Sorry for the bug report if this is supposed to work that way.
Thanks.
Updated by Orsiris de Jong over 10 years ago
Well, it actually seems that putting a computer's IP in the bypass list of squid does finally honor FW rule to route through the right Gateway.
So this is more a squid than a HAVP related issue i think.
Updated by Chris Buechler over 10 years ago
- Status changed from New to Closed
that's how things are supposed to work, you need floating rule policy routing for anything initiated by the firewall itself.
Updated by Orsiris de Jong over 10 years ago
My bad...
Found a nice piece of documentation for those who like experience this:
http://securite-ti.com/pfSense_Web_Proxy_with_multi-WAN_links.pdf
Anyway, thanks :)