Web GUI and Load Balancer Conflict

  • I have two routers with their WAN interfaces in a /28.

    They share a handful of CARP IPs for redundancy.

    Let's just call them:
    1. - Router 1
    .2 - Router 2
    .3 - CARP WAN
    .4 - CARP Exchange

    Up until last night, we had any 443/HTTPS traffic coming in to the Exchange CARP getting NATted in to our single exchange server.

    Last night, the Windows guys announced the exchange cluster was ready and that the firewall should load balance the connections between three internal exchange servers.

    I deleted the NAT forward from CARP Exchange.

    In the Load Balancer setup, I added a pool called 'exch' in Load Balance mode, and set the port to 443.  I added the three exchange IPs to the list of enabled servers.

    In 'Virtual Servers', I set the IP Address to be the IP of CARP Exchange, and the port to 443.

    I went into the firewall and allowed inbound 443 to the CARP Exchange IP.

    From outside the network I would try to connect and eventually get a timeout.

    The moment I restart the Load Balancing service, I immediately get a connection, but it's to the pfSense GUI and I get warned about a potential DNS rebinding attack.

    Is the only way to use the load balancer on port 443 to change the pfSense GUI to a different port?

    Is there a way to bind the GUI to a particular set of IP addresses (like .1 and .2 on the WAN interface as well as the IPs on the LAN interface)?

  • Rebel Alliance Developer Netgate

    Move the GUI to another port.

    You can't selectively bind the pfSense GUI to specific IPs (yet).

Log in to reply