Auto create nat reflectioin rules for virtual servers?
-
Hello,
I am wanting to use pfsense to load balance our webfarm using the virtual server/pool feature, but internal users need to be able to access the servers as well. I notice that If i used a host group and just did a nat forward it creates reflect rules. It doesnt create them for virtual servers though. I can add them in by hacking the config files , but would rather have a official option available. This is the only thing keeping me from using the load balancer at the moment is the lack of reflection rules for it. Would this be possible to add?
Thanks alot!
-Jon
-
Would it be possible to set up another load balancer for inside that redirects to the same machines?
-
I could setup another pair of machines to load balance in front of the webservers, but seems like alot to invest to get reflected clients to work. hacking in the inetd entries/outbound rdr rule the same way the system adds them when forwarding to a alias works well, just dont like having to readd the modifications every time I upgrade.
-
I guess I wasn't clear. Let me try again:
Let assume 3 networks: WAN, LAN, and DMZ.
So, right now you can go to services -> load balancer -> virtual servers and you've got a pool of servers set to answer on a public IP address, right?
Why not go to the same place, click the "duplicate entry" button, and change the IP address on the new entry to one on your LAN instead?
That way you've got the same pool of servers listening on a WAN ip address and a LAN ip address.
-
I tried this, but wasnt able to get relayd to accept and forward connections through the same interface. When configured to listen on the lan interface, it wasnt able to forward connections out the same interface, even with permit rules added to the LAN interface allowing all traffic to the hosts on the same network.