Freebsd – Dual WAN failover issue with squid and bind on FreeBSD

failoverfreebsdsquid

When we route http or Https traffic over our backup T1 our squid proxy server stops being able to reach anything. This has worked in the past, however we recently replaced the T1.(mere hours ago)

Computers have firefox configured to use the proxy, it is not a transparent proxy. If we remove the proxy they can connect over the T1.

Network setup: Single Linksys Rv082 router with a primary WAN link to a cable line and a secondary link to a T1 connection. We also have a freebsd server (Server A) running DNS and a PC-BSD server (Server B) as our squid proxy server. Server A has the name servers from both WAN1 and WAN2 in it's resolve.conf file. Server B is now running bind only as a local name server for cacheing, it contacts Server A for name resolution.

We at first suspected DNS issues, however if computers do not use the proxy they can connect.

Any suggestions?

Best Answer

Okay, we finally gave up and rebooted the router, and that fixed it. :(

I would like to know what exactly the issue was though.

It seems that the DNS settings were not being ... well, set.

Related Solutions

Making citrix run with squid

If your Citrix server is directly on the Internet then you not be able connect to your Citrix server. As the company has blocked all direct connections. You have 2 options

1) Have the company setup a Socks Proxy, as this will allow you to resolve the external addresses.

You will need to add the following lines to your ICA file

ICASOCKSProtocolVersion=0
ICASOCKSProxyHost= "IP address of the proxy server"
ICASOCKSProxyPortNumber=1080

2) Setup a Citrix Web Interface at your site which will allow you to connect from any proxy server.

3) Allow routes/ports through the X Company firewall to your Citrix Servers

Squid proxy in cent os often disconnected with error : tunnelConnectTimeout(): tunnelState->servers is NULL

I would suspect the lack of connectivity you have is identified by this:

2013/07/01 13:25:38| tunnelConnectTimeout(): tunnelState->servers is NULL

This indicates basically that the connection to the upstream server timed out.

While the problem is happening, try to connect to a few websites on the squid server (use a browser like lynx if you can, but in a pinch you could use telnet to port 80) and see if it times out. If it doesn't, you might have found some kind of bug in squid, but if it does, the problem is upstream of your squid server. Keep an eye out for DNS issues as well.

Also look at increasing your fowarding timeout forward_timeout, particularly if your upstream connection is often slow.

Best Answer

Related Solutions

Making citrix run with squid

Squid proxy in cent os often disconnected with error : tunnelConnectTimeout(): tunnelState->servers is NULL

Related Topic