Need help setting up LoadBalancing with only one interface

Reply to Need help setting up LoadBalancing with only one interface on Thu, 24 May 2012 17:54:35 GMT

Daniel Rollins — Thu, 24 May 2012 17:54:35 GMT

Running wireshark on both sides (client and Web Server), I can see the client sending packets to the Load Balancer Address and I can see the Web Server Receiving packets from the WAN address of the PFSense box which it then tries to respond to but the client never receives them.

Additional info: Client: 192.168.1.50 sends to Virtual Server (192.168.1.20). Web Server (192.168.1.30) sees packets coming from 192.168.1.1 (Load Balancer box WAN interface, not Virtual Server IP). Web Server sends packets back to 192.168.1.1, PFSense does not pass them on to client.

What do I have configured wrong?

Reply to Need help setting up LoadBalancing with only one interface on Wed, 23 May 2012 05:06:21 GMT

wallabybob — Wed, 23 May 2012 05:06:21 GMT

@Daniel:

How would the normal configuration go?

A more common configuration would be incoming accesses from the Internet to the IP address of the WAN interface directed to a pool of servers on another interface (and another subnet).

@Daniel:

Can I have 2 interfaces on the same network?

No.

@Daniel:

I have a Coyote Equalizer that can do this with just one NIC and no problems but I'm trying to do a virtual solution. It will eventually be production so I would like it to be somewhat standard.

I don't know what you mean by "virtual solution".

My question about "production" was because sometimes people setup a configuration for testing and anticipate they will need only minor tweaks to put it into "production" use. Sometimes the anticipated minor tweaks become major tweaks because the testing configuration and production configuration are not "similar enough".

The configuration you have chosen needs NAT reflection enabled to work and the pfSense book said there were limitations in NAT reflection in pfSense version 1.2.3 which were unlikely to be removed in version 2.x.

@Daniel:

As far as the packet capture, would you recommend wireshark on the webserver or browser system or is there a packet capture for PFSense that I should run there?

At different times you might to verify particular frames arrive on (or leave from) a particular interface so use the appropriate tool to get that verification. pfSense has a packet capture utility, tcpdump, and has a mechanism to request a packet capture from the GUI: Diagnostics -> Packet Capture

Reply to Need help setting up LoadBalancing with only one interface on Tue, 22 May 2012 22:26:49 GMT

Daniel Rollins — Tue, 22 May 2012 22:26:49 GMT

How would the normal configuration go? Can I have 2 interfaces on the same network? I have a Coyote Equalizer that can do this with just one NIC and no problems but I'm trying to do a virtual solution. It will eventually be production so I would like it to be somewhat standard.

As far as the packet capture, would you recommend wireshark on the webserver or browser system or is there a packet capture for PFSense that I should run there?

Reply to Need help setting up LoadBalancing with only one interface on Tue, 22 May 2012 21:12:33 GMT

wallabybob — Tue, 22 May 2012 21:12:33 GMT

It is an unusual configuration. Are you using this configuration as a step towards a "production" configuration? (Loadbalancing would commonly involve server accesses coming into pfSense on one interface and leaving on another.)

@Daniel:

If I open my browser directly to the servers (192.168.1.30 or 192.168.1.40) the servers respond but if I go to 192.168.1.20 I get nothing.

A packet capture of this interaction would provide more information.