Load Balancing Failing

arrmo

Hi,

I have been struggling to figure this out (and no luck so far) … but in v2.2.2 I seem to be having issues with Load Balancing. I have it configured, and traffic will forward to one of the machines on the list, but not to a second one. I have disabled all but the "troubled" one - and it just won't forward, but it does show it as up (bright green ... ;)). I have removed and re-added it, no luck. And if I take the targeted service down -> yep, load balancer confirms the correct status.

Basically, Load Balancer is probing the right port, showing the correct status - but won't forward traffic to it.

Thoughts?

Thanks!

Roofus

Have you looked at how the traffic is being routed via your firewall rules?

OK so you have your Gateway Group configured. And, I am assuming that the working machine is on one interface and second (not working one) is on a different interface.

Have you set up the firewall rules to use the 'load balance' [gateway group] for the LAN traffic or just [default] interface.

It must be how the traffic is being treated/routed, especially if taking off the primary machine still does not cause the traffic to fall over to the second machine.

1.jpg_thumb

2.jpg_thumb

superweasel

It could be that failover is working correctly, but that DNS is not functioning.

Make sure you have the following setup:

General>DNS servers - set the DNS servers for each interface
Advanced>Load Balancing>Enable default gateway switching

![Voila_Capture 2015-05-11_09-50-41_AM.png](/public/imported_attachments/1/Voila_Capture 2015-05-11_09-50-41_AM.png)
![Voila_Capture 2015-05-11_09-50-41_AM.png_thumb](/public/imported_attachments/1/Voila_Capture 2015-05-11_09-50-41_AM.png_thumb)
![Voila_Capture 2015-05-11_09-47-27_AM.png](/public/imported_attachments/1/Voila_Capture 2015-05-11_09-47-27_AM.png)
![Voila_Capture 2015-05-11_09-47-27_AM.png_thumb](/public/imported_attachments/1/Voila_Capture 2015-05-11_09-47-27_AM.png_thumb)

Roofus

Arrmo,

Are you using IP addresses directly or DNS names of 'machines' ?

Roofus

arrmo

Hi,

Trying to answer the questions above (good questions, thanks!),

the machines are on the same subnet, LAN side of pfSense
no hostnames involved, all hard-coded IP addresses (thought I would like to use hostnames, but when I asked before I was told that's not possible?)

So no gateway switching, etc. - just Load Balancing from WAN to two different LAN addresses. Make sense?

Thanks!

tim.mcmanus

Can you post your firewall rules?

Are you possibly forwarding the same port to two different machines? If you have a firewall rule forwarding port 80 to machine1 and a second rule forwarding the same port to machine2, the traffic will always route to the first rule it hits.

arrmo

Hi,

Not quite understanding the question - as I'm not using firewall rules at all here. Rather, Load Balancing (relayd). Make sense?

Thanks!

tim.mcmanus

@arrmo:

Hi,

Not quite understanding the question - as I'm not using firewall rules at all here. Rather, Load Balancing (relayd). Make sense?

Thanks!

If you're using pfSense, you are using firewall rules. If you haven't set up or modified any rules, how is traffic passing from the WAN to the LAN? By default, all incoming traffic would be blocked.

pfSense will see the devices on the LAN side and acknowledge they are there, but if you don't have a firewall rule defined to pass traffic from the WANs, no traffic will arrive at those machines.

That's why there are several questions regarding firewall rules on this thread.

arrmo

Hi,

Understood. I have set this up inside Load Balancer - in terms of the Pool, and the Virtual Server. I didn't create (manually) any firewall rules - but I just went in and checked, and you are right … thanks for poking!

It looks like Load Balance (prior to v2.2.2) set this up, but not now - so I went in and manually added and entry. And now it works!

Thanks very much!