Load Balancer Query

arrmo · Dec 31, 2016, 6:43 PM

Hi,

To not scare anyone off - I do have the Load Balancer working, not a bug I don't believe … rather just me trying to really understand how this works (as I clearly don't ... :(). Let me try to explain. And yes, I have read the docs (at https://doc.pfsense.org/index.php/Inbound_Load_Balancing) - but I'm just missing something, sorry!

First, create the Pool - this seems to be using the internal port, and monitors that the machinesin the pool are up and serving. Makes sense, and works fine.
Then, set up the Virtual Servers. OK, I admit ... this makes sense, but a bit of confusion starting to creep in ... :(. Here, the external (WAN) IP address and port are configured, and shows what Pool to send the traffic to. This in itself works and makes sense, but then ...
Also configure Firewall Rules. This is where I get confused. I did set up a NAT rule - but why is this needed? It's the same as Step 2 ... no? And I admit, at one point I removed this to try to stop the Virtual Server, but it kept passing traffic (due to #2 I assume).

Make sense? Can anyone clarify my confusion here?

Thanks!

jimp · Jan 2, 2017, 5:22 PM

You do not setup any NAT rules for the load balancer.

It works using relayd which manages its own NAT rules internally.

The only rules you have to add are firewall rules to allow traffic to reach the pool server addresses. Pass to a destination of the private IP addresses and ports used by the pool servers.

If you find the way the load balancer works confusing, you might want to use the HAProxy package which operates like a more traditional reverse proxy/load balancer.

arrmo · Jan 3, 2017, 2:46 AM

@jimp:

The only rules you have to add are firewall rules to allow traffic to reach the pool server addresses. Pass to a destination of the private IP addresses and ports used by the pool servers.

This all makes sense - thanks for taking the time!

Can you clarify the rules you mention … just to allow WAN access on those ports to the pool - right?

Thanks again.

jimp · Jan 3, 2017, 3:29 AM

relayd works using pf, so as with any NAT rule you have to pass to the destination after NAT applies. So the rules would be on WAN, passing from any source, to a destination of the pool server IP addresses + ports.

arrmo · Jan 14, 2017, 9:46 PM

Thinking about this a bit more … so I can just set up a Rule that's the same as what NAT creates, but don't need the NAT part set up (rather, only the corresponding rule) - is that right?

Thanks!

jimp · Jan 16, 2017, 11:34 PM

Yes, that's right. The firewall rules look like the rules for port forwards, but you should not have any port forwards configured that would overlap.

arrmo · Jan 17, 2017, 2:49 AM

Thanks!