Problem with load balancing

nicolas010

Hello, I have being trying to do something similar to you, I have 2 pfSense and I need them to Balance the Load of users who enters, my pfSenses are not firewalls, they work like a proxy, they give internet to users so if you could help me please, any configuration or screenshots would be nice. Thank you.

Steffan

@nicolas010:

Hello, I have being trying to do something similar to you, I have 2 pfSense and I need them to Balance the Load of users who enters, my pfSenses are not firewalls, they work like a proxy, they give internet to users so if you could help me please, any configuration or screenshots would be nice. Thank you.

Hi Nicolas,

Since someone in this forums cant tell me if my configuration is the correct way to do it, i can't help you on how to setup load balancing. (Since i don't know if my way is the correct way.) Sorry.

nicolas010

I understand, maybe you should give your post sometime, but in you say that it works, so I would like to try it if you dont mind. Thank you.

Steffan

@nicolas010:

I understand, maybe you should give your post sometime, but in you say that it works, so I would like to try it if you dont mind. Thank you.

Well, i think i have given my post plenty of time, and other post's are getting answered every day, just not mine :(
But maybe this forum is just pretty inactive, sadly..

Anyways!
I would be happy to help you! :) - Can you post a drawing/description/screenshot/something else of your setup ? where your clients are connecting from, where your servers are (Those who should be load balanced) and so on..

nicolas010

Hello! here is how I would like my network to be, if any change is needed just let me know.

So the thing is, I have plenty of users  at the bottom and right now I have 1 pfSense working and recieving all these connections, and what I want is to load balance those user, to the 2 pfSense, maybe I could put another pfSense before the other 2, that is basically, so in comparisong to your network, your two webservers would be my 2 pfSense, so would I need a third? or just those 2?, I am using pfSense 2.0.2. Thanks for your help!! :D

nicolas010

oh, BTW, I have 4 Vlans on the LAN interfaces, my pfSense gives internet to students, using captive portal, certificates, RADIUS etc. Can the pfSense load balance through Vlans?

Steffan

Oh dear, that is totally different from my setup, i only have 1 Pfsense box.

I don't think i can help you here, since i have not been playing with multiple pfsense boxes before :( but 1 thing i was thinking of as soon as i saw your drawing: Do you have 2 external IP adresses ? since you cant connect a switch to the ISP (Modem/Internet), since the modem normaly only provide 1 IP on each port and the two pfsense boxes would be fighting over it then!

nicolas010

I have many public IPs, because the network is for a university.  So I can connect 2 pfSense, but I need to load balance the users so they will know where to connect, I cannot connect the 2 pfSense right now, there is only 1 because the users need to know where to connect.

this would the network, I made some changes. Could you anyway tell me please who you configure your pfSense, ty :D

Steffan

Ok,
About the dual pfsense setup i cant help you at all.

But regarding the load balancing, maybe :)

is it your LAN clients that has to connect to a load balanced server pool?
If yes, i would do the following:

(The fields that i do not specify in this "guide" is like a description, or something that has to stay default.)
Example LAN subnet: 192.168.0.0/24
1. Create a CARP VIP with the ip of (in this example, modify to your needs): 192.168.0.100/24 on LAN interface.

2. In services > Load balancer: Create a new pool.
Mode: Load balance
Monitor: ICMP (easy for testing (but should make a propper monitor to test your application later), if your servers respond to ping)
port: The port number your applications listens to, and add your servers to the pool lets say 192.168.0.101 and 192.168.0.102.

3. In services > Load balancer: Create a new virtuel server. Port: same as in step 2, Virtual server pool: choose the pool you created in step 2. Relay protocol: TCP, IP address: (This is the part I had wrong) has to be 192.168.0.100 for internal clients, or your WAN IP if external clients should be able to visit.

4. In Firewall > Aliases create:
Name: (Something you can remember, i used in the next step!)
type: hosts
Add the IPs of the same servers you specified in your pool in step 2.

5. In Firewall > Rules create:
Interface: LAN (LAN if choosen internal clients in step 3, or WAN for external clients in step 3)
Protocol: TCP
source: Any (if choosen LAN clients in step 3, you should be able to set this to "LAN subnet", but for testing choose any!)
Destination: choose "single Host or alias" and write the name of the Alias you created in step 4.
Destination port range: port of your application, i think you can choose any to make testing easyer here!

That is what i would have done, but i cant say if this would work but it is worth a try :)
Hope this helps! - Good luck, and let me know how it works out!
Any questions, feel free to ask
(Btw, there might be some typos in my post, i did not reread it.)

nicolas010

thank you so much, I will try it later, because for now I can´t run tests, so I would let you know whatever happens, btw by internal hosts you mean the users? those users are the ones that I am creating this service for, so I think they are my internal hosts right? now this configuration where should I make it? in a third pfSense? or in any of the 2 that are in the picture? Do I have to connect these 2 directly?? meaning with a crossover cable? because carp needs it. TY.

Steffan

@nicolas010:

thank you so much, I will try it later, because for now I can´t run tests, so I would let you know whatever happens, btw by internal hosts you mean the users? those users are the ones that I am creating this service for, so I think they are my internal hosts right? now this configuration where should I make it? in a third pfSense? or in any of the 2 that are in the picture? Do I have to connect these 2 directly?? meaning with a crossover cable? because carp needs it. TY.

My guess is to config this in one of them. but if that one goes down, your load balance goes down too. i have no idear how to create load balance on two pfsense boxes at the same time..

And yes, by "Internal hosts" i mean your uers / LAN clients. they will then have to connect to the IP 192.168.0.100 to get load balanced to your servers

nicolas010

ok, I will try this configuration thanks for your time, when I do the changes I will let you know. Maybe on sunday I will make them, because I cannot turn down the machine on the week…