Load balancing web server issue 2.0.1-RELEASE (amd64)

marcelloc

After you setup a load balance you need to configure What ip is going to listen. Select wan ip for it, remove nat wan web server port and create a rule on wan to Allow http traffic.

You may need to change pfsense gui port to do not conflict with balance port.

creatureofthedark

hey marcelloc,

Thank you for your response I have followed your advice and set-up so that the virtual server is on the same IP as my WAN interface… I have then removed all NAT rules and on the WAN interface... still did not work... I then changed the webui to https to take it of port 80 and still nothing happened...

currently on the firewall i have...

WAN
Proto  Source Port Destination         Port         Gateway Queue Schedule Description
TCP *       * WAN address 80 (HTTP) *         none  
TCP *       * *                 80 (HTTP) *         none

LAN 
Proto Source Port Destination          Port         Gateway Queue
TCP *         * LAN address 80 (HTTP) *      none
TCP    *            *      *                      80(HTTP)  *              none

if got each one logging and im noticing in the log the bellow is being blocked...
This suggests to me that the load balancing is working but for some reason its not being allowed to the individual hosts...

Feb 27 00:22:22 WAN   10.10.0.10:57812   10.10.1.4:80 TCP:S

Feb 27 00:22:25 WAN   10.10.0.10:57812   10.10.1.2:80 TCP:S

Feb 27 00:22:31 WAN   10.10.0.10:57812   10.10.1.3:80 TCP:S

Feb 27 00:23:02 WAN   10.10.0.10:57813   10.10.1.4:80 TCP:S

Feb 27 00:23:05 WAN   10.10.0.10:57813   10.10.1.2:80 TCP:S

Feb 27 00:23:11 WAN   10.10.0.10:57813   10.10.1.3:80#

although... thinking about it i may be interpreting these logs wrong... if they are logged if a rule handles it dose that mean its been aloud?? if so why is it the host not getting the webpage??

creatureofthedark

also note that iv just added in two new rules that allow any source and port any destination any port on both wan and lan firewall rules…

I have also added a nat for wan interface to port 8080 to redirect to one of the web servers on port 80...

i cannot access the web server on port 80 but i can access the web-gui on 443 from the user host on 10.10.0.10 [in wan network]

creatureofthedark

ok i have just seen on the logs that the firewall is passing the traffic but the client is getting time outs…. iv pulled down the firewalls on the web servers and made shore that i can still get the webpage on the LAN network and i can...

i have nooooo idea what im doing wrong now... but i'm guessing its me doing something very stupid...

I don't have to setup any form of routing do i??

marcelloc

Just reading again your post, I found a mistake.

Change virtual server from 192.168.1.100 to wan ip and keep wan rule to Allow http access to balance ip and/or web servers(just like nat do).

creatureofthedark

i did that in respons to your first link… still with no effect... the fire wall is now passing the traffic but for some unknown reason im still getting timeouts...

on the dash board it is showing the load balance as active...

WebVirtualIP
Active
10.10.0.1:80

iv opened up all ports...

firewall log is showing traffic passing when i do a request with a nice green little arrow thing but odly its got a red cross when traffic comes from the  web servers to the router on port 80.... i think i have a firewall issue some where... but i cant work out where.... could it be due to there is no gateway on any of the interfaces?

marcelloc

What you get on status -> loadbalance?

creatureofthedark

10.10.1.1 id down at the moment.. but the overs are up

Pools
Name        Mode                   Servers                           Monitor         Description
NorthWebServers Load balancing 10.10.1.1:80 (0.00%)      webservers North Web Server Pool
                                        10.10.1.2:80 (86.90%)
                                        10.10.1.3:80 (87.10%)
                                        10.10.1.4:80 (86.76%)

Virtual servers
Name            Address            Servers      Status Description
WebVirtualIP      10.10.0.1 : 80    10.10.1.1    Active      Load Balanced Web Servers North
                                              10.10.1.2
                                              10.10.1.3
                                              10.10.1.4

marcelloc

It looks fine.

you did changed pfsense gui to https, but I think you need also to select Disable webConfigurator redirect rule on system -> advanced.

pfsense lan ip is the gateway of your websevers?

att,
Marcello Coutinho

creatureofthedark

ahhh we have the problem me thinks :P

your question about the gateway on the web servers got me thinking and i checked the /etc/network/interfaces on the servers… it was set incorrectly :P

Thank you for all your help!!! i am so sorry it turned out to be me being a complete idiot....