load balance pool working with WAN but not with LAN

xorpierre

Hi,
following situation:
I got a virtual WAN IP and a virtual LAN IP. Both are using the same LB pool (https).
From outside everything works fine (via the WAN virtual IP), but if I use the virtual LAN IP I get no return from the backend.
I do see that the LB is working, I see states like this:
10.3.1.51:40984 -> 10.3.1.22:443 (10.3.3.252:443) CLOSED:SYN_SENT

I am not sure why its closed though. 10.3.3.252 being the virtual IP for the LB (used in internal DNS). Backend servers are 20-22.

I tried everything, I am kind of out of ideas.
My FW rules on LAN are allow everything, nothing else, just this one rule.

Anyone got an idea?
Thanks

xorpierre

solved, see: https://forum.netgate.com/topic/58569/is-lan-only-load-balancer-relayd-possible/4

jimp

If you don't like the NAT solution, you could switch to haproxy instead as well. You'll probably be much happier in the long run.

xorpierre

@jimp Yea I thought about it but I'd like to keep it minimal for now. Just wanted to post the solution here, took me a while to find it. Wasn't obvious to me