Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    With Load Balancer and Failover, then the DMZ is not accessible

    Scheduled Pinned Locked Moved Routing and Multi WAN
    2 Posts 1 Posters 274 Views 1 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D Offline
      darkcorner
      last edited by darkcorner

      I have a Proxmox server in DMZ accessible with port 8006.
      In pfsense I have configured two Alias:

      • PC_Tech with the IP of my PC
      • Tech_Ports with all ports used in the DMZ and on external servers.

      In LAN I have this rule: From PC_Tech to Any with Port = Tech_Ports

      By doing this, I can log into the server with
      https: // Proxmox-DMZ-IP: 8006

      I then created the Load Balancer and the two Failovers on the two WAN lines.
      In LAN I have created three rules:

      • From Any to Any with Port = Any, Gateway =Load Balancer
      • From Any to Any with Port = Any, Gateway =Load Failover1
      • From Any to Any with Port = Any ,Gateway =Load Failover2

      Everything works with the two lines active and by turning off one of the two lines, but now the server in DMZ is no longer reachable with the browser although it is still reachable with Ping.

      I move the Proxmox rule before the three rules that manage Load Balancer and FailOver and the server becomes reachable.
      I move the rule Proxmox between the Load Balancer rule and the first of the two for Failover and again the server is unreachable.

      It would make sense, therefore, to leave the three rules at the bottom of the list, but I would like to understand why the two rules conflict.

      1 Reply Last reply Reply Quote 0
      • D Offline
        darkcorner
        last edited by

        The only explanation I can give is that in those three rules I force the traffic to use one of the three gateway groups, while in the rule for accessing the DMZ I use the default gateway.
        But I still can't explain why.
        The default gateway is set to "Automatic" and without the Load Balancing and Failover configuration it would be set towards the router.
        Traffic to the DMZ should not go over the WAN.

        If someone more experienced than me can explain it to me I would be grateful.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.