EFW Support

Hey EFW Community!

I'm working on setting up a firewall with a single GREEN interface (192.168.0.1) and two RED interfaces which connect to two different ISP's. I'll call them ISP-A and ISP-B.

What I'm trying to do is have most of the staff use ISP-A for their connection. However, we have a select few that need a dedicated line. This is where ISP-B comes in. I've defined the MAC address of the selected computers to use ISP-B in the Network -> Routing -> Policy Routing area.

This works as expected. But, if I enable the Proxy service for content filtering, all traffic is forced through the "main" RED interface (ISP-A). If I disable Proxy, it again works as expected, the defined MAC addresses use ISP-B and everybody else goes through ISP-A.

My question is, how do I get the proxy to work with both RED interfaces? Its obvious that this is the problem, but I dont have much experience working with Squid or DansGuardian.

Any suggestions, links to resources etc. would be appreciated.

Anybody?

You would need to define proxy access policys for the different users, then use a custom squid configuration defining the tcp_outgoing_address for the created ACL that matches your access policy.

http://www.squid-cache.org/Doc/config/tcp_outgoing_address/

Thanks npeterson. I'll post back if I get this sorted.

What I ended up doing is splitting the services across the two ISPs instead of a workstation IP or MAC address.

For example, all users go through ISP-A for web-browsing, which is fed through the web proxy and content filter, and all high bandwidth traffic such as FTP are fed through ISP-B. Not only is this available in EFW without modification, but makes it quite easy to load balance traffic by simply defining routing policies.

Thanks again for your help.

Gavin

Gavin, can you give me a hint to do this.
I tried but it's not success. If I turn on http proxy, the routing policies don't work.