Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Web Server Load Balancing

    Scheduled Pinned Locked Moved Routing and Multi WAN
    3 Posts 1 Posters 3.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tj.krause
      last edited by

      Hi guys,

      For quite a while now, we've been running clusters of servers with IPVS and ldirectord on a server after pfSense which has a pool behind it. However, the load balancers in my mind are just an extra machine with very low load that could be replaced by pfSense. I've tried using the built in Load Balancer in version 2.0.3 however I cannot seem to get it to work correctly which is probably just due to me understanding it incorrectly would someone care to shed some light?

      So from both my Staff and IT networks on any machine I can access the load balanced cluster which outputs the machine hostname so I can verify that it is working. However, when trying to access it from the Internet I am unable to ping it and the browser times out immediately. Note: I am access it by IP address from the outside also all traffic on port on port 80 from outside to anywhere is allowed (for testing)

      To do this I've setup the balancer which works great inside our network but when accessing it from outside it falls flat on its face. I have the virtual server running on the server network and an external IP NAted to it.

      My config is as follows:

      4 Interfaces involved, Server (DMZ), IT (privileged access), Internet (WAN), Staff (limited access, should act like external internet/shared permissions)

      Internet
        ||
        || (WAN interface)
        ||
      pfSense === (Server interface - 10.4.x.x) -> (Switch) -> WWW-pri, WWW-sec
        ||
        || (IT interface)
        ||
        ME

      Load Balancer Pools

      | Name | Mode | Servers | Port | Monitor |
      | WWWSrvPool | loadbalance | 10.4.3.1, 10.4.3.2 | 80 | WWWClusterMon |

      Load Balancer Virtual Servers

      | Name | Protocol | IP Address | Port | Pool | Fall Back Pool |
      | WWWVirtServer | tcp | 10.4.3.200 | 80 | WWWSrvPool | none |

      Load Balancer Monitors

      | Name | Type | Path | Host | HTTP Code |
      | WWWClusterMon | HTTP | / | 10.4.3.200 | 200 OK |

      NATing

      INTERFACE: OUTSIDE (internet)
      EXTERNAL IP: xx.xx.xx.84
      Internal IP: 10.4.3.200

      Virtual IP Addresses

      xx.xx.xx.84/32 IP Alias

      1 Reply Last reply Reply Quote 0
      • T
        tj.krause
        last edited by

        No one? I was considering using HA-Proxy however if the service dies randomly as far as I can tell you will be sent to the pfSense interface instead which is definitely not what I'm looking for. Anyone have any ideas?

        1 Reply Last reply Reply Quote 0
        • T
          tj.krause
          last edited by

          Nevermind I got it working by changing my firewall rule to unblock the servers in the pool on port 80 (which I had tried) and at the same time changing the type of the virtual IP to CARP IP (It doesn't seem to work as IP Alias or Proxy ARP)

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.