Routing through a load balanced HA Pool and Internet Access!



  • First post:
    I have setup an HA proxy and load-balance lab with keepalived as follow:

    pfSense 2.0.1 with 3 interfaces LAN, WAN ,OPT1

    ON LAN Interface:
    LB1 10.4.0.4
    LB2 10.4.0.5
    LB VIP 10.4.0.50

    On OPT1 Interface
    Web1 10.4.32.25 /28
    Web2 10.4.32.26 /28

    ON WAN Interface
    I have a public IP to the internet.

    I wonder what I should do to make Web1 and Web2 able to access the internet while I still have access to them from another routed subnet 10.2.0.x/24

    I tried the following:
    1- set WEB1 and WEB2 Default GW to 10.4.32.20 (which is the OPT1 pfSense Interface) - They can go online but not accessible from other 10.2.0.x subnet.

    2- Set default GW to next hop router ( results is they are accessible from other subnet but won't go online)

    3- Assign manual NAT rules so it will not NAT while going to other private subnet ( that works intermittently)  It works when I save and  if I delete the rule and create the same rule again I will not get same results.

    My questions are:
    1- In a LB HA - what should be the default gateway for the web servers? and what should be the default gateway for HAproxy boxes with VIP?

    2- Is it normal to have intermittent results?

    3- there is situations where the request go through the VIP and returned bypassing the LB boxes - how to avoid that?

    4- Will Rules –> Opt1 --> allow --> Proto any --> source  any --> destination Any allow all traffic hitting that interface or I have to be specific about which network source & destination for the rule?

    Any answer would be appreciated!


Log in to reply