Routing through a load balanced HA Pool and Internet Access!
-
First post:
I have setup an HA proxy and load-balance lab with keepalived as follow:pfSense 2.0.1 with 3 interfaces LAN, WAN ,OPT1
ON LAN Interface:
LB1 10.4.0.4
LB2 10.4.0.5
LB VIP 10.4.0.50On OPT1 Interface
Web1 10.4.32.25 /28
Web2 10.4.32.26 /28ON WAN Interface
I have a public IP to the internet.I wonder what I should do to make Web1 and Web2 able to access the internet while I still have access to them from another routed subnet 10.2.0.x/24
I tried the following:
1- set WEB1 and WEB2 Default GW to 10.4.32.20 (which is the OPT1 pfSense Interface) - They can go online but not accessible from other 10.2.0.x subnet.2- Set default GW to next hop router ( results is they are accessible from other subnet but won't go online)
3- Assign manual NAT rules so it will not NAT while going to other private subnet ( that works intermittently) It works when I save and if I delete the rule and create the same rule again I will not get same results.
My questions are:
1- In a LB HA - what should be the default gateway for the web servers? and what should be the default gateway for HAproxy boxes with VIP?2- Is it normal to have intermittent results?
3- there is situations where the request go through the VIP and returned bypassing the LB boxes - how to avoid that?
4- Will Rules –> Opt1 --> allow --> Proto any --> source any --> destination Any allow all traffic hitting that interface or I have to be specific about which network source & destination for the rule?
Any answer would be appreciated!