On Tue, Feb 01, 2011 at 02:22:25PM +0530, Indunil Jayasooriya wrote:
> I have 3 web servers running on port 8080 behind PF firewall. I am trying
> to load balance these incoming connections to these web servers.
>
> I wrote rules as below. Pls pay attention to *highligthed BOLD* rules .
> they are the once I have written. But, I can NOT login to these web servers
> from the Internet.
>
> *match in on $ext_if inet proto tcp to $ext_if port 8080 rdr-to $web_servers
> \
> round-robin sticky-address *
You need to pass the inbound traffic somehow (match doesn't do this).
Either change the 'match in' above to 'pass in', or add another rule
below like this:
pass in on $ext_if inet proto tcp to $web_servers port 8080
> # filter rules
> block in log
> block out log
I think it's better you put this before the match rule(s). If you don't
you'll have to use 'quick' on the pass rules I mentioned above.
> *pass out log on $int_if inet proto tcp from any to $web_servers port 8080 \
> flags S/SA modulate state*
