PFSense LoadBalancer on LAN, for LAN



  • Hi,

    I'm trying to setup an internal load balancer for some of our webservers by using an internal IP on our PF box (this might be entirely mental, I'm just trying to see if it'll actually work). Our PF is on 10.2.0.1/16 for "gateway" and I've added 10.2.0.32 as an alias.

    The test box I've got has WAN and LAN. I've added a load balancer with IP address 10.2.0.32, port 80, and added the two internal servers (10.2.1.1 and 10.2.1.2) to the pool. Both .1.1 and 1.2. are running apache, if I whack http://10.2.1.1 into a browser it'll work. However if I try 10.2.0.32 it doesn't work.

    I've also added a firewall rule (I'm 90% sure this isn't needed as we have an all traffic whitelist rule) for permit the destination 10.2.1.1 or 10.2.1.2.

    10.2.0.32 responds to ping, but not HTTP. I've done a traffic capture on my desktop and the TCP handshake is never completed.

    I can't see any drops or similar in the system logs.

    I presume I'm missing something to make this actually work/fundamentally misunderstanding something important?

    Can anyone shed any light on this?

    Many Thanks,
    Rob

    EDIT:
    I've just tested this on our local PF box (2 LANS, 10.2.0.0/16 and 192.168.1.0/24) and the balancer appears to work from a box on LAN 2 with the IP listening on 192.168.1.4 and pointing to a pool of 10.2.1.1 and 10.2.1.2 from LAN2.

    This sort of implies they only work across two different interfaces, unless I'm missing something?



  • Hi all,

    I'm hoping to get this thread going again if possible? - after reading the forum rules I thought it better to try here again before creating a new thread.

    I'd like to create a LoadBalancer for a dev domain for exchange 2010 CAS for use with IIS is this possible?
    I could do with some outline steps to get me going laong the lines of:

    create LAN NIC with static IP in LAN address range (10.10.10.xxx)

    create WAN NIC with static IP of xxx.xxx.xxx.xxx

    add vIP on LAN interface with static IP 10.10.10.xxx

    create port alias for exchange port range (1-65535)

    add CAS01 to server pool

    add CAS02 to server pool

    etc
    etc

    (I've done most of the above and its not working - but happy to scrap all and start again if needed)
    thanks in advance

    :)


Log in to reply