Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Routing through a load balanced HA Pool and Internet Access!

    Scheduled Pinned Locked Moved Routing and Multi WAN
    1 Posts 1 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      hanoon
      last edited by

      First post:
      I have setup an HA proxy and load-balance lab with keepalived as follow:

      pfSense 2.0.1 with 3 interfaces LAN, WAN ,OPT1

      ON LAN Interface:
      LB1 10.4.0.4
      LB2 10.4.0.5
      LB VIP 10.4.0.50

      On OPT1 Interface
      Web1 10.4.32.25 /28
      Web2 10.4.32.26 /28

      ON WAN Interface
      I have a public IP to the internet.

      I wonder what I should do to make Web1 and Web2 able to access the internet while I still have access to them from another routed subnet 10.2.0.x/24

      I tried the following:
      1- set WEB1 and WEB2 Default GW to 10.4.32.20 (which is the OPT1 pfSense Interface) - They can go online but not accessible from other 10.2.0.x subnet.

      2- Set default GW to next hop router ( results is they are accessible from other subnet but won't go online)

      3- Assign manual NAT rules so it will not NAT while going to other private subnet ( that works intermittently)  It works when I save and  if I delete the rule and create the same rule again I will not get same results.

      My questions are:
      1- In a LB HA - what should be the default gateway for the web servers? and what should be the default gateway for HAproxy boxes with VIP?

      2- Is it normal to have intermittent results?

      3- there is situations where the request go through the VIP and returned bypassing the LB boxes - how to avoid that?

      4- Will Rules –> Opt1 --> allow --> Proto any --> source  any --> destination Any allow all traffic hitting that interface or I have to be specific about which network source & destination for the rule?

      Any answer would be appreciated!

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.