Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Basic VIP and Load Balance Issue - Port won't make TCP connection

    Scheduled Pinned Locked Moved HA/CARP/VIPs
    2 Posts 1 Posters 528 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • U
      umuzidan
      last edited by

      Real simply, I have two open relay internal email servers both listening on port 26. I can telnet to each individual server but not to the VIP. I created a VIP on the same subnet at the servers and use the VIP for LB both port 26 and HTTP. I setup the LB for an active/passive, where server 1 is the active and all traffic is directed there, and server 2 is the passive in case server 1 goes offline (according to the monitor).

      It seems like no data will pass into the VIP:port and out to server 1:port, both on 26 or 80. I have a rule on that subnet to allow all traffic to pass in and out.

      Is there something I'm missing?

      Config:
      pfSense 2.4.2-Release-p1

      LAN: 172.20.30.1/24 (pfsense)
      VIP: 172.20.30.192/24 (Type=IP Alias)
      Pool1: Mode=LB, Server=172.20.30.138, Port=26, Monitor=TCP
      Pool2: Mode=LB, Server=172.20.30.139, Port=26, Monitor=TCP
      VirtualServer1: Protocol=tcp, IP Address=172.20.30.192, Pool=Pool1, Fallback Pool=Pool2

      The status for both the pool and service is green / active.

      And when it's all done, I can't telnet to the VIP (172.20.30.192) on port 26, but I can telnet to 172.20.30.138 and .139

      1 Reply Last reply Reply Quote 0
      • U
        umuzidan
        last edited by

        More information… it appears that I can successfully telnet to the VIP on port 26 from another LAN. When initiated on the same LAN/subnet as the VIP, the connection never responds. On this subnet there is only one firewall rule that allows all in/out on any protocol for IPv4+IPv6, so I there isn't any possible rule that could be blocking.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.