Load balancer and Nat Reflection
-
Reflection works fine (if port forwarding is set to only TCP.. TCP&UDP wont work) on all carp vips.
but;
if i create a load balanced Virtual server with Carp VIP then reflection is not working. the load balanced cluster i not reachable from the LAN on his external WAN ip adres.
Is there some sollution for this problem ?
-
Yep, stop using NAT reflection, use a split-horizon DNS setup instead.
-
yes thats a option, next problem:
load balacing
in: external ip (carp vip) on WAN
balance: 2x internal ip on LANwork OK.
Load balacing:
in: internal ip (carp vip on LAN)
balance: 2x internal ip on LANis not working…
is this a know problem that load balancing on a internal ip (port 80) to 2 other internal ip's is not working?
Regards
Arjen
------------------ Lack of NAT Reflection
pfSense 1.2 implements server load balancing entirely in pf using NAT. It does not, however, automatically add NAT reflection rules even when NAT reflection is enabled in the Advanced section. (That parameter applies only to Port Forward NAT rules.) This means that you will not be able to connect to your virtual server from the same network on which your real servers reside.
You can add the reflection rules manually in the "Outbound" NAT section, however. For more details on why you cannot connect internally and what rules need to be added manually, see Redirection and Reflection section of the pf manual.
–----------------is there any info about how to create the reflection rules in the outbound nat section ?
-
nobody ?? :-\
howto create manual reflection rules…
-
Seems like a pretty convoluted way to get things done when split-dns would handle it better…
http://doc.pfsense.org/index.php/Why_can%27t_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks%3F
