Inbound Load Balance on two TCP ports?
-
If I want to setup a load balancer and have it load balance two different TCP ports (443 and 80) how would I go about settting this up?
I think it's done this way:
- Setup one server pool with 2 servers using ICMP to monitor or monitor either TCP port 80 or 443 on the servers
- Setup one virtual server on the WAN interface to use port 80 and point it to the pool.
- Setup another virtual server on the WAN interface, but use port 443 and point it to the pool
- Add firewall Rules to allow source any , destination TCP 80 and destination ip any.
- Add firewall Rules to alllow source any, destination TCP 443 and destination IP any.
To further confuse things, I'm trying to set this up on a 3 interface WRAP without having a switch inbetween the WRAP and the servers. (ie. sis0 will be WAN, sis1 will be crossover to server1 (192.168.1.2) , and sis2 will be crossover to server2 (192.168.2.2)
-
If I want to setup a load balancer and have it load balance two different TCP ports (443 and 80) how would I go about settting this up?
I think it's done this way:
- Setup one server pool with 2 servers using ICMP to monitor or monitor either TCP port 80 or 443 on the servers
ICMP isn't valid for server pools.
#1 should be, setup two server pools, one for 80, one for 443
- Setup one virtual server on the WAN interface to use port 80 and point it to the pool.
- Setup another virtual server on the WAN interface, but use port 443 and point it to the pool
- Add firewall Rules to allow source any , destination TCP 80 and destination ip any.
- Add firewall Rules to alllow source any, destination TCP 443 and destination IP any.
To further confuse things, I'm trying to set this up on a 3 interface WRAP without having a switch inbetween the WRAP and the servers. (ie. sis0 will be WAN, sis1 will be crossover to server1 (192.168.1.2) , and sis2 will be crossover to server2 (192.168.2.2)
And everything else is fine.
–Bill
-
Thanks for the reply. I'll try that…
-
Just noticed: your firewall rules are set to destination any. You should only allow the destination IPs of the servers in the pool. Use an hosts(192.168.1.2, 192.168.2.2) alias and a ports(80, 443) alias to do that with just a single rule.