Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Need to perform NAT to a server cluster...

    Scheduled Pinned Locked Moved NAT
    4 Posts 3 Posters 615 Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N Offline
      narrington
      last edited by

      Long story short, I have 3 application servers behind pfsense. All of them use port 443 and have the same data hosted on them. I just need to set it up so that traffic coming in over port 10443 is redirected to one of the three servers on port 443. I believe I get how to forward from external port 10443 to internal port 443, but I'm not sure how to set up rules to pick any of the three servers when a session starts. Maybe carp/vip?

      V 1 Reply Last reply Reply Quote 0
      • V Offline
        viragomann @narrington
        last edited by

        @narrington
        What's your intention here? Do you look for a failover or load balancing solution?

        You can forward one public port to a set of internal targets in round-robin fashion by putting all into an alias though, but consider that the NAT rule does not probe if a server is alive before. So if a server is down pfSense might still forward packets to it.

        1 Reply Last reply Reply Quote 1
        • N Offline
          narrington
          last edited by narrington

          Round robin is perfectly fine for what I'm doing...

          They're minio servers. Basically it's just a mass data storage service that replicates between the 3 servers. Doesn't matter which one I access, the data is the same. the point is if one dies, the other two still work.
          I get that pfsense doesn't do heartbeat checks. for now that doesn't matter. if one does die, I'm going to have to deal with it anyway.

          johnpozJ 1 Reply Last reply Reply Quote 0
          • johnpozJ Online
            johnpoz LAYER 8 Global Moderator @narrington
            last edited by johnpoz

            @narrington haproxy could do this for you..

            here is a google result that looks to be current version of pfsense and use of haproxy as load balancer

            https://getlabsdone.com/how-to-configure-pfsense-load-balancer-using-haproxy/

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.