Need to perform NAT to a server cluster...
-
Long story short, I have 3 application servers behind pfsense. All of them use port 443 and have the same data hosted on them. I just need to set it up so that traffic coming in over port 10443 is redirected to one of the three servers on port 443. I believe I get how to forward from external port 10443 to internal port 443, but I'm not sure how to set up rules to pick any of the three servers when a session starts. Maybe carp/vip?
-
@narrington
What's your intention here? Do you look for a failover or load balancing solution?You can forward one public port to a set of internal targets in round-robin fashion by putting all into an alias though, but consider that the NAT rule does not probe if a server is alive before. So if a server is down pfSense might still forward packets to it.
-
Round robin is perfectly fine for what I'm doing...
They're minio servers. Basically it's just a mass data storage service that replicates between the 3 servers. Doesn't matter which one I access, the data is the same. the point is if one dies, the other two still work.
I get that pfsense doesn't do heartbeat checks. for now that doesn't matter. if one does die, I'm going to have to deal with it anyway. -
@narrington haproxy could do this for you..
here is a google result that looks to be current version of pfsense and use of haproxy as load balancer
https://getlabsdone.com/how-to-configure-pfsense-load-balancer-using-haproxy/
