Filter two RED interfaces through Proxy

[Guest]

[Gavin]

Hey EFW Community!

I'm working on setting up a firewall with a single GREEN interface (192.168.0.1) and two RED interfaces which connect to two different ISP's. I'll call them ISP-A and ISP-B.

What I'm trying to do is have most of the staff use ISP-A for their connection. However, we have a select few that need a dedicated line. This is where ISP-B comes in. I've defined the MAC address of the selected computers to use ISP-B in the Network -> Routing -> Policy Routing area.

This works as expected. But, if I enable the Proxy service for content filtering, all traffic is forced through the "main" RED interface (ISP-A). If I disable Proxy, it again works as expected, the defined MAC addresses use ISP-B and everybody else goes through ISP-A.

My question is, how do I get the proxy to work with both RED interfaces? Its obvious that this is the problem, but I dont have much experience working with Squid or DansGuardian.

Any suggestions, links to resources etc. would be appreciated.

[Gavin]

Anybody?

[npeterson]

You would need to define proxy access policys for the different users, then use a custom squid configuration defining the tcp_outgoing_address for the created ACL that matches your access policy.

http://www.squid-cache.org/Doc/config/tcp_outgoing_address/

[Gavin]

Thanks npeterson. I'll post back if I get this sorted.

[Gavin]

What I ended up doing is splitting the services across the two ISPs instead of a workstation IP or MAC address.

For example, all users go through ISP-A for web-browsing, which is fed through the web proxy and content filter, and all high bandwidth traffic such as FTP are fed through ISP-B. Not only is this available in EFW without modification, but makes it quite easy to load balance traffic by simply defining routing policies.

Thanks again for your help.

Gavin

[yuthakarn]

Gavin, can you give me a hint to do this.
I tried but it's not success. If I turn on http proxy, the routing policies don't work.