Is it possible to use a load balanced virtual server on public IP (No NAT)?



  • I wonder if anyone can tell me if this is possible.  I would like to setup a public Load Balancing Virtual Server that hands off traffic to two of our production machines on their public interfaces.

    I have the following setup: 3 X NICS

    1. WAN
    2. WAN_BRIDGE
    3. LAN

    I am running Bridging Mode on the WAN_BRIDGE to the WAN (transparent mode) and allowed traffic goes through to the servers on their public interfaces.

    So I want to setup the following on PUBLIC IP.

    Put a VIP or LB Virtual Server on a public IP so say - HTTP_LB_Virt - 123.123.123.240

    From this I want all traffic on port 80 to 123.123.123.240 to load balance between public 123.123.123.241 (server A) and pubic 123.123.123.242 (server B).

    The firewall handles traffic for the /26 subnet (123.123.123.128/26).

    I have tried as many combinations as I could, but from everything I am reading I seem to be encoutering references to NAT.  Intuitively, I would think adding a Virtual IP to the firewall of 123.123.123.240 and then a Load balancing pool with server A & B in it and then a Load balancing Virtual Server on port 80 and listening on 123.123.123.240 would do it… But it does not, even if I do not create a Virtual IP and just the Load Balacne Virtual Server, this makes no difference.

    I do not want to run NAT on the firewall, is it is possible to load balance on public IPs without NAT and if so.... how?

    Thank you...

    #########

    Since then I have tried doing it through a VIP to 1:1 NAT and that does not work either to a server public OR LAN interface.. I am wondering if it is even possible when using Bridging, further I can only ping the VIP from the firewall itself if I create it as a CARP address....?  I am thoroughly stamped and have not only searched but trolled through a lot of the post pages and I have not found anything that seems similar.



  • Bridge and NAT (nat is still nat even if used in pubic IP address range) can't work together.

    I know i could do that on linux (without bridging only with weighted Dnat) but to keep it short in your situation with pfsense setup the way it is, just use round robin DNS style load balancing. You can set that in your DNS server.



  • Hi thanks for the reply.  I have not looked at this in a while as it did not seem possible and as of yet it is not possible.

    We do use multihomed DNS, however it is not ideal as there is no failover, if a server goes down, DNS does not automatically remove or change the DNS record, which means there is a failure and no response for x% of requests made (depending on how many host are in the loop).

    I will still like to find a solution for this, if possible without having to fly out to the data centre to reconfigure the entire network :)

    Thanks


Locked