Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    PFSENSE Load Balancer on the same VLAN

    General pfSense Questions
    3
    5
    35
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      emeric last edited by

      Hello,

      I set up a VIP via the pfsense load balancer.

      All client accesses that are not in the same vlan as the load balancer pool servers are OK.

      But for clients present on the same vlan as the pool, it's KO.

      From what I understood the load balancer relay the IP of one of the servers in the pool to the client. Hence my problem.

      I put my VIPs on a new DMZ and I set up a nat outbound on this DMZ to nat the source IP of all the requests to my VIPs but without success.

      Is what I am trying to do possible?

      Thanks

      1 Reply Last reply Reply Quote 0
      • jimp
        jimp Rebel Alliance Developer Netgate last edited by

        You can solve that with some carefully crafted NAT rules, but you are better off removing that config and using the HAProxy package instead. Since it's a real proxy, it would not have that issue.

        The built-in load balancer has been removed from 2.5.0, so it's a dead end to start with it now.

        1 Reply Last reply Reply Quote 0
        • E
          emeric last edited by

          thank you for your reply.

          I have tested several NAT possibilities but none match in case the client is on the same vlan as the server pool (even if the VIP is in a specific DMZ).

          I am in 2-5-1 and the load balencer service is still present for the time being.

          For the moment, I have not succeeded in getting HAProxy to work despite the various help we can get on the various forums. It must be said that most of the aids are for Web load balancing. I am trying to do LDAP and DNS type TCP ... and this to automate my failovers on my two sites (nominal and its backup).

          I will resume my tests on HA Proxy.

          Regards,

          1 Reply Last reply Reply Quote 0
          • stephenw10
            stephenw10 Netgate Administrator last edited by

            2.5 has not been released yet. 2.5.1 does not exist so I imagine you must be running 2.4.5p1?

            For relayd see:
            https://docs.netgate.com/pfsense/en/latest/book/loadbalancing/troubleshooting-server-load-balancing.html#unable-to-reach-a-virtual-server-from-a-client-in-the-same-subnet-as-the-pool-server

            But, yeah, you should switch to HAProxy now to be ready for 2.5.

            Steve

            E 1 Reply Last reply Reply Quote 0
            • E
              emeric @stephenw10 last edited by

              @stephenw10

              Hello,

              Indeed I was wrong in the version. It's good 2.4.5p1.

              Following the advice to use the HAProxy, I tried again and managed to set up my VIPs last night.

              So I am ready for the next versions of pfsense.

              Thanks again to everyone.

              Emeric

              1 Reply Last reply Reply Quote 1
              • First post
                Last post

              Products

              • Platform Overview
              • TNSR
              • pfSense Plus
              • Appliances

              Services

              • Training
              • Professional Services

              Support

              • Subscription Plans
              • Contact Support
              • Product Lifecycle
              • Documentation

              News

              • Media Coverage
              • Press
              • Events

              Resources

              • Blog
              • FAQ
              • Find a Partner
              • Resource Library
              • Security Information

              Company

              • About Us
              • Careers
              • Partners
              • Contact Us
              • Legal
              Our Mission

              We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

              Subscribe to our Newsletter

              Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

              © 2021 Rubicon Communications, LLC | Privacy Policy