My company has a web application running on a set of web servers that we're load balancing with relayd.
We've recently learned of a problem where end users who have: - Comcast cable internet connections, - Linksys cable routers provided by Comcast, and - the Linksys router's "firewall protection" setting enabled (as it is by default) can't access our load balanced servers. We've watched the traffic, and it appears that our response packets are being dropped by the Linksys router. To confirm this further, if the Linksys "firewall protection" setting is disabled, then everything works fine. To further complicate matters, the users *can* access any single one of the web servers just fine. It's only when they try to use the relayd load balanced IP address that things break. More details, in case any of them help: relayd is running on a pair of stock Dell R200 machines, along with pf and carp. The installed OpenBSD version is 4.4 i386, running the generic kernel. relayd.conf looks like this: ----------------------------------------------------------------- wsrv1=192.168.2.20 wsrv2=192.168.2.21 wsrv3=192.168.2.22 interval 5 timeout 200 table <wwwhosts> { $wsrv1 $wsrv2 $wsrv3 } redirect "wsrv" { listen on a.b.c.d port 80 tag RELAYD sticky-address forward to <wwwhosts> port 80 mode roundrobin check http "/robots.txt" code 200 } redirect "wsrv-https" { listen on a.b.c.d port 443 tag RELAYD sticky-address forward to <wwwhosts> port 443 mode roundrobin check https "/robots.txt" code 200 } ----------------------------------------------------------------- We're not completely certain that relayd is causing the issue, but we've eliminated everything else we can think of (except of course the Linksys firewall, but we can't very well tell every single possible end user in the world who might have a Linksys cable router to turn off its firewall setting.) If there's something obvious that we're doing wrong with the configuration, we'd love to know about it. Thanks!