Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Hy, I Recently installed pfSense 2.0RC and i tried to Set an Loadbalancing, I

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 3 Posters 1.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      blackriderws
      last edited by

      Hy,

      I Recently installed pfSense 2.0RC and i tried to Set an Loadbalancing,

      I Added the IP Pools:
      192.168.1.10:80 -> webserver 1
      192.168.1.100:80 -> webserver 2

      And Added an Virtual Server IP: 192.168.1.200:80 -> Virtual IP

      But when i trying to see http://192.168.1.200/ The Ip Address do no respond.

      1 Reply Last reply Reply Quote 0
      • marcellocM
        marcelloc
        last edited by

        balance will not work on same interface, you will need a reverse proxy package or an outbound nat to change source ip going to web servers.

        visual example:

        192.168.1.20 asks 192.168.1.200 for a page

        192.168.1.20  forwards to 192.168.1.10

        192.168.1.10 see that client(192.168.1.20) is on same network

        192.168.1.10 returns page directly to 192.168.1.20

        192.168.1.20 rejects this communication as he asked 192.168.1.200 for a page and response came from 192.168.1.10

        Treinamentos de Elite: http://sys-squad.com

        Help a community developer! ;D

        1 Reply Last reply Reply Quote 0
        • jimpJ
          jimp Rebel Alliance Developer Netgate
          last edited by

          Last I heard that actually did work, but I haven't tried it myself. We had a customer doing balancing like that on a one-arm firewall. It had some issues though, not sure if it was related to that or not.

          Check the relayd tab under system logs and see what the error is. Most common mistake would be that 192.168.1.200 must be a CARP VIP or IP Alias VIP in order for it to work, a proxy arp or 'other' type VIP will not work.

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • marcellocM
            marcelloc
            last edited by

            An outbound nat could simulate a proxy, that's the only way I could do this.

            This way,server logging will have only firewall ip address.

            A proxy could set a X-forwarder-ip and a web server(for example) is able to log clients ip.

            Treinamentos de Elite: http://sys-squad.com

            Help a community developer! ;D

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.