> > *match in on $ext_if inet proto tcp to $ext_if port 8080 rdr-to > $web_servers > > \ > > round-robin sticky-address * > > You need to pass the inbound traffic somehow (match doesn't do this). > Either change the 'match in' above to 'pass in',
YES, changed. It worked. > or add another rule > TESTED this below too. it also worked. > below like this: > > pass in on $ext_if inet proto tcp to $web_servers port 8080 > > > > # filter rules > > block in log > > block out log > > I think it's better you put this before the match rule(s). If you don't > you'll have to use 'quick' on the pass rules I mentioned above. > > as You said, I put the above 2 rules before. thanks a lot. *Here are my rules NOW. * ##For web_servers - BEGIN match in on $ext_if inet proto tcp to $ext_if port 8080 rdr-to $web_servers \ round-robin sticky-address pass in on $ext_if inet proto tcp from any to $web_servers port 8080 * # either the above 2 rules or the below one* pass in on $ext_if inet proto tcp to $ext_if port 8080 rdr-to $web_servers \ round-robin sticky-address *#This is to go out from $int_if* pass out log on $int_if inet proto tcp from any to $web_servers port 8080 \ flags S/SA modulate state ##END But, it always directs to one particular ip address. How to see load balancing? -- Thank you Indunil Jayasooriya