How to make loadbalancing work from the pfSense box itself?
-
I found, that load balancing does not work if ran from pfSense box itself.
For example, if I query
curl somesite.com
then the site sees that requests are coming from default gateway only.
Simultaneously, if I do the same command from any computer in the LAN, the requests are coming from different gateways, i.e. load balancing is working.
How to do so that load balancing work from pfSense too? And if it is impossible, then what is the reason for that?
-
Why is that an issue for you?
-
It isn't possible currently.
For traffic flowing through the firewall, pf can make the decision to re-route the packet to another gateway easily.
For traffic from the firewall itself, the OS selects the interface/bind address/etc according to the system routing table, and it's too late for pf to alter that.
In the past there were some hacks done to pf to allow that to work, but they were dropped a long time ago since it was not viable on newer versions of pf.
-
For 99% of situations, this isn't a big problem really. But one specific case that I've been struggling with for many moons is how to guarantee that email alerts will get delivered in a multi-wan scenario. (See my most recent post about this)
Chris, do you have any ideas for a solution to that? Is there a way to reference the "current/working gateway of a gateway group" in a PHP variable? If so, then my recent hack of replacing fsockopen() with stream_socket_client() in /etc/inc/smtp.inc could work (it worked in my testing when I manually specified the IP of a working gateway…) without changing the firewall's default route.
-
Route traffic to internal server which uses gateway group to send smtp
-
Not as common to have an "internal mail server" these days. Most of the locations where I have pfSense installed (including my home) do not have one.
-
Activate Default Gateway Switching, and then so long as you don't have a static route pushing the mail server out a specific gateway, it should work.
-
Hmm. I wonder if gateway switching would resolve my issue of not getting syslog notifications when my primary wan goes down at one client.
