Re: [pfSense Support] load balancing for internal and external servers
Bill Marquette wrote: You won't be able to test load balancing of virtual servers from inside your network. It's a pf thing and unlikely to ever get resolved. ah, thanks, I did wonder if that might be the case. I put a machine outside the firewalls on which I put squid as an intermediate fix, and it works well enough for testing. thanks Paul - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] load balancing for internal and external servers
Bill Marquette wrote: Technically we can make this work if the virtual servers are in a DMZ (all you need is a NAT on the DMZ interface to hide the source address of your test machine). But there's no way to make it work if the test machine is in the same network as the server. thanks again; the issue will go away somewhat when we move our server farm to a colocation facility, at which point I have to build more firewalls anyway! On 10/10/07, Paul M [EMAIL PROTECTED] wrote: Bill Marquette wrote: You won't be able to test load balancing of virtual servers from inside your network. It's a pf thing and unlikely to ever get resolved. ah, thanks, I did wonder if that might be the case. I put a machine outside the firewalls on which I put squid as an intermediate fix, and it works well enough for testing. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] load balancing for internal and external servers
Thanks for reading this. pair of pfsense firewalls with * external carp IP 1.2.3.4 * internal carp IP 192.168.0.1 with each machine on .2 and .3 the bit that works: we have a couple of web servers, and I created a pool, and a virtual server which listens on external carp IP, then added the rule permitting traffic. works just fine, I can see the web servers from outside world the bit that doesn't wanting to test the load balanced pool from inside, I created a virtual server listening on the internal 192.168 address, no rules were required because internal (LAN) traffic is 100% permitted. Using tcpdump I see the tcp connection coming from desktop:highport to 192.168.0.1:80, there's then a conn from 1921.68.0.1:highport to webserver:80 which completes, but no traffic goes back to desktop! nothing in the firewall logs indicates dropped traffic! any clues gratefully received. thanks Paul - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] load balancing for internal and external servers
Paul M wrote: Thanks for reading this. pair of pfsense firewalls with * external carp IP 1.2.3.4 * internal carp IP 192.168.0.1 with each machine on .2 and .3 the bit that works: we have a couple of web servers, and I created a pool, and a virtual server which listens on external carp IP, then added the rule permitting traffic. works just fine, I can see the web servers from outside world the bit that doesn't wanting to test the load balanced pool from inside, I created a virtual server listening on the internal 192.168 address, no rules were required because internal (LAN) traffic is 100% permitted. Using tcpdump I see the tcp connection coming from desktop:highport to 192.168.0.1:80, there's then a conn from 1921.68.0.1:highport to webserver:80 which completes, but no traffic goes back to desktop! nothing in the firewall logs indicates dropped traffic! any clues gratefully received. p.s. I do have the Bypass firewall rules for traffic on the same interface option ticked in system-advanced settings - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] load balancing for internal and external servers
You won't be able to test load balancing of virtual servers from inside your network. It's a pf thing and unlikely to ever get resolved. --Bill On 10/9/07, Paul M [EMAIL PROTECTED] wrote: Thanks for reading this. pair of pfsense firewalls with * external carp IP 1.2.3.4 * internal carp IP 192.168.0.1 with each machine on .2 and .3 the bit that works: we have a couple of web servers, and I created a pool, and a virtual server which listens on external carp IP, then added the rule permitting traffic. works just fine, I can see the web servers from outside world the bit that doesn't wanting to test the load balanced pool from inside, I created a virtual server listening on the internal 192.168 address, no rules were required because internal (LAN) traffic is 100% permitted. Using tcpdump I see the tcp connection coming from desktop:highport to 192.168.0.1:80, there's then a conn from 1921.68.0.1:highport to webserver:80 which completes, but no traffic goes back to desktop! nothing in the firewall logs indicates dropped traffic! any clues gratefully received. thanks Paul - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]