Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Load Balancer Query

    General pfSense Questions
    2
    7
    881
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • arrmo
      arrmo last edited by

      Hi,

      To not scare anyone off - I do have the Load Balancer working, not a bug I don't believe … rather just me trying to really understand how this works (as I clearly don't ... :(). Let me try to explain. And yes, I have read the docs (at https://doc.pfsense.org/index.php/Inbound_Load_Balancing) - but I'm just missing something, sorry!

      1. First, create the Pool - this seems to be using the internal port, and monitors that the machinesin the pool are up and serving. Makes sense, and works fine.
      2. Then, set up the Virtual Servers. OK, I admit ... this makes sense, but a bit of confusion starting to creep in ... :(. Here, the external (WAN) IP address and port are configured, and shows what Pool to send the traffic to. This in itself works and makes sense, but then ...
      3. Also configure Firewall Rules. This is where I get confused. I did set up a NAT rule - but why is this needed? It's the same as Step 2 ... no? And I admit, at one point I removed this to try to stop the Virtual Server, but it kept passing traffic (due to #2 I assume).

      Make sense? Can anyone clarify my confusion here?

      Thanks!

      1 Reply Last reply Reply Quote 0
      • jimp
        jimp Rebel Alliance Developer Netgate last edited by

        You do not setup any NAT rules for the load balancer.

        It works using relayd which manages its own NAT rules internally.

        The only rules you have to add are firewall rules to allow traffic to reach the pool server addresses. Pass to a destination of the private IP addresses and ports used by the pool servers.

        If you find the way the load balancer works confusing, you might want to use the HAProxy package which operates like a more traditional reverse proxy/load balancer.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • arrmo
          arrmo last edited by

          @jimp:

          The only rules you have to add are firewall rules to allow traffic to reach the pool server addresses. Pass to a destination of the private IP addresses and ports used by the pool servers.

          This all makes sense - thanks for taking the time!

          Can you clarify the rules you mention … just to allow WAN access on those ports to the pool - right?

          Thanks again.

          1 Reply Last reply Reply Quote 0
          • jimp
            jimp Rebel Alliance Developer Netgate last edited by

            relayd works using pf, so as with any NAT rule you have to pass to the destination after NAT applies. So the rules would be on WAN, passing from any source, to a destination of the pool server IP addresses + ports.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • arrmo
              arrmo last edited by

              Thinking about this a bit more … so I can just set up a Rule that's the same as what NAT creates, but don't need the NAT part set up (rather, only the corresponding rule) - is that right?

              Thanks!

              1 Reply Last reply Reply Quote 0
              • jimp
                jimp Rebel Alliance Developer Netgate last edited by

                Yes, that's right. The firewall rules look like the rules for port forwards, but you should not have any port forwards configured that would overlap.

                Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                Need help fast? Netgate Global Support!

                Do not Chat/PM for help!

                1 Reply Last reply Reply Quote 0
                • arrmo
                  arrmo last edited by

                  Thanks!

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post