Need help setting up LoadBalancing with only one interface
-
I have the following network: 192.168.1.0/24
Since there is only one network I setup PFSense to only use the WAN interface
WAN IP: 192.168.1.1
I have 2 Web servers: 192.168.1.30 & 192.168.1.40
I would like to setup PFSense to load balance between them.
I setup a Monitor as well as a Pool (with 192.168.1.30 & 192.168.1.40 in it), as well as a Virtual Server (192.168.1.20)
I setup a Virtual IP address (IP Alias for the WAN port and set it to 192.168.201.20/24).Checking the status of the load balancer shows the Pool as 100.00% and the Virtual Server as Active.
If I open my browser directly to the servers (192.168.1.30 or 192.168.1.40) the servers respond but if I go to 192.168.1.20 I get nothing.What am I doing wrong?
Thanks
-
It is an unusual configuration. Are you using this configuration as a step towards a "production" configuration? (Loadbalancing would commonly involve server accesses coming into pfSense on one interface and leaving on another.)
If I open my browser directly to the servers (192.168.1.30 or 192.168.1.40) the servers respond but if I go to 192.168.1.20 I get nothing.
A packet capture of this interaction would provide more information.
-
How would the normal configuration go? Can I have 2 interfaces on the same network? I have a Coyote Equalizer that can do this with just one NIC and no problems but I'm trying to do a virtual solution. It will eventually be production so I would like it to be somewhat standard.
As far as the packet capture, would you recommend wireshark on the webserver or browser system or is there a packet capture for PFSense that I should run there?
-
How would the normal configuration go?
A more common configuration would be incoming accesses from the Internet to the IP address of the WAN interface directed to a pool of servers on another interface (and another subnet).
Can I have 2 interfaces on the same network?
No.
I have a Coyote Equalizer that can do this with just one NIC and no problems but I'm trying to do a virtual solution. It will eventually be production so I would like it to be somewhat standard.
I don't know what you mean by "virtual solution".
My question about "production" was because sometimes people setup a configuration for testing and anticipate they will need only minor tweaks to put it into "production" use. Sometimes the anticipated minor tweaks become major tweaks because the testing configuration and production configuration are not "similar enough".
The configuration you have chosen needs NAT reflection enabled to work and the pfSense book said there were limitations in NAT reflection in pfSense version 1.2.3 which were unlikely to be removed in version 2.x.
As far as the packet capture, would you recommend wireshark on the webserver or browser system or is there a packet capture for PFSense that I should run there?
At different times you might to verify particular frames arrive on (or leave from) a particular interface so use the appropriate tool to get that verification. pfSense has a packet capture utility, tcpdump, and has a mechanism to request a packet capture from the GUI: Diagnostics -> Packet Capture
-
Running wireshark on both sides (client and Web Server), I can see the client sending packets to the Load Balancer Address and I can see the Web Server Receiving packets from the WAN address of the PFSense box which it then tries to respond to but the client never receives them.
Additional info: Client: 192.168.1.50 sends to Virtual Server (192.168.1.20). Web Server (192.168.1.30) sees packets coming from 192.168.1.1 (Load Balancer box WAN interface, not Virtual Server IP). Web Server sends packets back to 192.168.1.1, PFSense does not pass them on to client.
What do I have configured wrong?