Inbound Load Balance on two TCP ports?

rneily

If I want to setup a load balancer and have it load balance two different TCP ports (443 and 80) how would I go about settting this up?

I think it's done this way:

1. Setup one server pool with 2 servers using ICMP to monitor or monitor either TCP port 80 or 443 on the servers
2. Setup one virtual server on the WAN interface to use port 80 and point it to the pool.
3. Setup another virtual server on the WAN interface, but use port 443 and point it to the pool
4. Add firewall Rules to allow source any , destination TCP 80 and destination ip any.
5. Add firewall Rules to alllow source any, destination TCP 443 and destination IP any.

To further confuse things, I'm trying to set this up on a 3 interface WRAP without having a switch inbetween the WRAP and the servers.  (ie. sis0 will be WAN, sis1 will be crossover to server1 (192.168.1.2) , and sis2 will be crossover to server2 (192.168.2.2)

billm

@rneily:

If I want to setup a load balancer and have it load balance two different TCP ports (443 and 80) how would I go about settting this up?

I think it's done this way:

1. Setup one server pool with 2 servers using ICMP to monitor or monitor either TCP port 80 or 443 on the servers

ICMP isn't valid for server pools.

#1 should be, setup two server pools, one for 80, one for 443

@rneily:

2. Setup one virtual server on the WAN interface to use port 80 and point it to the pool.
3. Setup another virtual server on the WAN interface, but use port 443 and point it to the pool
4. Add firewall Rules to allow source any , destination TCP 80 and destination ip any.
5. Add firewall Rules to alllow source any, destination TCP 443 and destination IP any.

To further confuse things, I'm trying to set this up on a 3 interface WRAP without having a switch inbetween the WRAP and the servers.  (ie. sis0 will be WAN, sis1 will be crossover to server1 (192.168.1.2) , and sis2 will be crossover to server2 (192.168.2.2)

And everything else is fine.

–Bill

rneily

Thanks for the reply. I'll try that…

hoba

Just noticed: your firewall rules are set to destination any. You should only allow the destination IPs of the servers in the pool. Use an hosts(192.168.1.2, 192.168.2.2) alias and a ports(80, 443) alias to do that with just a single rule.