PfSense load balancing not work, in a weirdest way
-
Hi everyone,
I’ve been trying to test pfSense version 2.4.1 AMD64 server load balancing function, using 3 virtual machines in a KVM host. This is the setup:
As I understand, when the client sends request to the pfSense LB IP/Port – 192.168.200.254:9999, the pfSense will NAT the packet like this:
But, as I’ve captured the packets in client and web machine, the IP source and destination seems to be weird and the client cannot access the web server
Notice that 192.168.201.1 is the LAN GW assigned in the pfSense, also is the IP address of the KVM host interface.
This is the packets captured in the client
This is the packets captured in the web server
This is the packet captured in pfSense LAN interface (packets for ICMP monitor between pfSense and web server, and between pfSense and LAN GW 192.168.201.1 have been removed for tidy output):
01:13:40.485180 IP 192.168.200.100.49180 > 192.168.201.100.8080: tcp 0
01:13:40.739649 IP 192.168.200.100.49181 > 192.168.201.100.8080: tcp 0
01:13:42.354218 ARP, Request who-has 192.168.201.254 (52:54:00:2b:a2:6d) tell 192.168.201.100, length 46
01:13:42.354245 ARP, Reply 192.168.201.254 is-at 52:54:00:2b:a2:6d, length 28
01:13:43.504061 IP 192.168.200.100.49180 > 192.168.201.100.8080: tcp 0
01:13:43.754054 IP 192.168.200.100.49181 > 192.168.201.100.8080: tcp 0
01:13:45.309792 STP 802.1d, Config, Flags [none], bridge-id 8000.52:54:00:6d:03:74.8002, length 43
01:13:47.293853 STP 802.1d, Config, Flags [none], bridge-id 8000.52:54:00:6d:03:74.8002, length 43
01:13:49.277792 STP 802.1d, Config, Flags [none], bridge-id 8000.52:54:00:6d:03:74.8002, length 43
01:13:49.503980 IP 192.168.200.100.49180 > 192.168.201.100.8080: tcp 0
01:13:49.754136 IP 192.168.200.100.49181 > 192.168.201.100.8080: tcp 0
01:13:51.261825 STP 802.1d, Config, Flags [none], bridge-id 8000.52:54:00:6d:03:74.8002, length 43
01:13:53.309749 STP 802.1d, Config, Flags [none], bridge-id 8000.52:54:00:6d:03:74.8002, length 43
01:13:55.293771 STP 802.1d, Config, Flags [none], bridge-id 8000.52:54:00:6d:03:74.8002, length 43
01:13:57.021726 ARP, Request who-has 192.168.201.254 tell 192.168.201.1, length 46
01:13:57.021764 ARP, Reply 192.168.201.254 is-at 52:54:00:2b:a2:6d, length 28
01:13:57.277695 STP 802.1d, Config, Flags [none], bridge-id 8000.52:54:00:6d:03:74.8002, length 43
01:13:59.261825 STP 802.1d, Config, Flags [none], bridge-id 8000.52:54:00:6d:03:74.8002, length 43
01:14:01.309595 STP 802.1d, Config, Flags [none], bridge-id 8000.52:54:00:6d:03:74.8002, length 43
01:14:01.770170 IP 192.168.200.100.49182 > 192.168.201.100.8080: tcp 0
01:14:03.293771 STP 802.1d, Config, Flags [none], bridge-id 8000.52:54:00:6d:03:74.8002, length 43
01:14:04.785258 IP 192.168.200.100.49182 > 192.168.201.100.8080: tcp 0
01:14:05.277804 STP 802.1d, Config, Flags [none], bridge-id 8000.52:54:00:6d:03:74.8002, length 43This is the server pool configured in pfSense
Pool status:
This is the load balancing port configured in pfSense
Load balancing port status:
Notice that I’ve added a floating rule to allow everything in the pfSense
Can you please explain this result, and tell me what I have done wrong ?
Thank you.
-
Anyone, please ?