The Load Balancer Address and SMTP E-Mail
-
Hi
we are load balancing two Exchange Hub 192.168.1.1 & 192.168.1.2
the Load Balancer address is 192.168.10.100the problem is PfSense wont work with the load balancer address once configured in in the "System: Advanced: Notifications" section
we got :php: /system_advanced_notifications.php: Could not send the message to xxx@yyy.zzz – Error: could not connect to the host "192.168.10.100": ??
we dont want to enter the address of the first Hub or the second one cause it might be the Hub that goes off the pool
any suggestion ?
Thanks
-
How does a packet from pfSense get to 192.168.10.100? pfSense has a static route to the 192.168.10.x/y subnet? Or an interface in the 192.168.10.x/y subnet?
-
of course it have
pfsense WAN address 192.168.10.200
pfsense LAN address 192.168.1.200so the 192.168.10.100 is the virtual IP for the Load Balancer, then this address belong to pfsense WAN address
the problem is why pfsense cannot use this address for SMTP E-Mail ??
is there a way to success this configuration ? -
The pfSense box cannot use the load balance IP itself because it is basically an alternating port forward. It would have to route traffic out and back in again. The same reason you need NAT reflection for normal port forwards to work LAN side. I have never tested this but I wouldn't expect the load balance to work from the pfSense LAN subnet, does it?
Steve
-
Thanks for your answer
i understand, however i thought as the loadbalancer address belong to pfsense itself, this configuration could work.
i think that if pfsense try to use the loadbalancer address by using his wan address it might be possible.
then if it is true why the pfsense is trying to use his LAN address to access the SMTP E-mail and not his WAN interface address ?
i am asking because in the routing table it's obvious that the SMTP E-mail = LoadBalancer address is on the same Net that his WAN addressThanks
-
I don't know why it is trying to use the LAN interface.
The Load Balance virtual IP is on the WAN interface hence I would expect to see the pfSense box attempting to access the mail server via the WAN NIC. This will fail because the actual mail servers are on the LAN side.
This is not something I've spent much time playing with so I'm open to suggestions/corrections. Perhaps setup a second load balance IP on the LAN interface? :-\Steve
-
I think the problem is that the load balancing is configured to redirect connections entering the box on particular interface to an IP address in the pool. Connections initiated from pfSense don't enter the box on any interface hence aren't redirected.
-
The same reason connections initiated from the pfSense box will always use the default gateway in a multi-WAN setup?
I'm just not sufficinetly familiar with the underlying software to know how this is handled or what could be done work around it.
JimP made an interseting related comment recently, here: http://forum.pfsense.org/index.php/topic,64502.msg349645.html#msg349645Steve
-
ok it's a little weird
i gave up, i installed a tiny smtp relay on a third server in the wan subnet, then i configured my pfsense to use this server which is in its turn relay emails to the loadbalancer address
