I have an existing firewall that already load balances our web server
traffic from an external IP across two web servers that are on the
internal network. I would like to set up "internal load balancing" since
I have webservices internally I would like to provide to the rest of the
cluster. These services should not be exposed to the external world. So
for such a purpose I added an alias to an existing carp interface for
10.0.5.200
carp50: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:5e:00:01:96
carp: MASTER carpdev vlan50 vhid 150 advbase 1 advskew 100
groups: carp
inet6 fe80::200:5eff:fe00:196%carp50 prefixlen 64 scopeid 0x10
inet 10.0.5.1 netmask 0xffffff00 broadcast 10.0.5.255
inet 10.0.5.200 netmask 0xffffff00 broadcast 10.0.5.255
I would like to "load balance" that traffic across two other web servers
that are on e.g. 10.0.5.81 and 10.0.5.82. For the time being I added a
following RDR rule
rdr pass on $if_local proto tcp to 10.0.5.200 port $ports_web -> 10.0.5.81
Unfortunately I can't connect to 10.0.5.200. For example if from another
server on the network I do
$ telnet 10.0.5.81 80
Trying 10.0.5.81...
Connected to web1.local (10.0.5.81).
Escape character is '^]'.
However if I do
$ telnet 10.0.5.200 80
Trying 10.0.5.200...
telnet: connect to address 10.0.5.200: Connection refused
telnet: Unable to connect to remote host: Connection refused
Sniffing on carp50 shows no activity. I suppose there may be some
"routing confusion" however I even tried setting up another totally
different physical interface, created carp10 and IP 10.0.1.200
redirecting to 10.0.5.81 with the same effect.
Any help would be appreciated.
Thanks,
Vladimir
