Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfSense not working with Windows NLB

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 2 Posters 667 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      scottys
      last edited by

      Hey all!

      Before the first reply i get, i have put in "net.link.ether.inet.allow_multicast" from https://doc.pfsense.org/index.php/Upgrade_Guide#Microsoft_Load_Balancing_.2F_Open_Mesh_Traffic

      It works great on my test servers. I set up some test servers with Windows NLB using the same settings as production across the board. We have tried to bring our production servers behind our new pfSense, and it will not work.

      we have 5 IPs (well a tons more on different WAN interfaces, but that's another story)

      here's an example of the setup (fake IPs will be used):
      WAN interface IP - 1.1.1.1/29
      I set 1.1.1.2/29 as a VIP on production with the correct NAT rules (80, 443) to go to the cluster IP 10.0.0.50/24 with outbound NAT to 1.1.1.2. Go into the servers and change each servers gateway to the pfsense, then remove old gateway from network.
      Test it, and we get no response. even after as long as 30 minutes, nothing.

      I come in and spin up test servers, make a new cluster and set it up as close as possible to production and put them on another one of our IPs that is not is use 1.1.1.3 (another VIP on same interface). Set NAT rules the exact same. Test it out… and it works perfectly

      I am at a loss. This cluster has been up for multiple years, but the test ones I have set up are the same build, same settings, same everything (except local IP).

      Has anyone come across this? Anyone know a solution? I cannot find a pattern of why it works on my test servers, but not the production ones... :-\

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        Run a packet capture on the internal interface in pfSense whilst trying to reach the servers from an external client.

        What is happening? Or failing to happen?

        Steve

        1 Reply Last reply Reply Quote 0
        • S
          scottys
          last edited by

          that would be an issue, since these are production servers I cant really take them offline to test that.

          I believe it has something to do with the old cluster… no idea what it could possibly be, but we took one of the servers out of the cluster this morning and made a new cluster with the exact same settings (except name). It works on the new cluster.

          So our solution is to break apart the old cluster, and basically rebuild it with the same settings... and it works...  :o

          yea... windows is nuts

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            @Scotts:

            yea… windows is nuts

            No argument here.  ;D

            Steve

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.