Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Inbound Load Balance on two TCP ports?

    HA/CARP/VIPs
    3
    4
    5.4k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rneily
      last edited by

      If I want to setup a load balancer and have it load balance two different TCP ports (443 and 80) how would I go about settting this up?

      I think it's done this way:

      1. Setup one server pool with 2 servers using ICMP to monitor or monitor either TCP port 80 or 443 on the servers
      2. Setup one virtual server on the WAN interface to use port 80 and point it to the pool.
      3. Setup another virtual server on the WAN interface, but use port 443 and point it to the pool
      4. Add firewall Rules to allow source any , destination TCP 80 and destination ip any.
      5. Add firewall Rules to alllow source any, destination TCP 443 and destination IP any.

      To further confuse things, I'm trying to set this up on a 3 interface WRAP without having a switch inbetween the WRAP and the servers.  (ie. sis0 will be WAN, sis1 will be crossover to server1 (192.168.1.2) , and sis2 will be crossover to server2 (192.168.2.2)

      1 Reply Last reply Reply Quote 0
      • B
        billm
        last edited by

        @rneily:

        If I want to setup a load balancer and have it load balance two different TCP ports (443 and 80) how would I go about settting this up?

        I think it's done this way:

        1. Setup one server pool with 2 servers using ICMP to monitor or monitor either TCP port 80 or 443 on the servers

        ICMP isn't valid for server pools.

        #1 should be, setup two server pools, one for 80, one for 443

        @rneily:

        1. Setup one virtual server on the WAN interface to use port 80 and point it to the pool.
        2. Setup another virtual server on the WAN interface, but use port 443 and point it to the pool
        3. Add firewall Rules to allow source any , destination TCP 80 and destination ip any.
        4. Add firewall Rules to alllow source any, destination TCP 443 and destination IP any.

        To further confuse things, I'm trying to set this up on a 3 interface WRAP without having a switch inbetween the WRAP and the servers.  (ie. sis0 will be WAN, sis1 will be crossover to server1 (192.168.1.2) , and sis2 will be crossover to server2 (192.168.2.2)

        And everything else is fine.

        –Bill

        pfSense core developer
        blog - http://www.ucsecurity.com/
        twitter - billmarquette

        1 Reply Last reply Reply Quote 0
        • R
          rneily
          last edited by

          Thanks for the reply. I'll try that…

          1 Reply Last reply Reply Quote 0
          • H
            hoba
            last edited by

            Just noticed: your firewall rules are set to destination any. You should only allow the destination IPs of the servers in the pool. Use an hosts(192.168.1.2, 192.168.2.2) alias and a ports(80, 443) alias to do that with just a single rule.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.