I have done some testing today with inbound NAT and carp And round robin load balancing to test web servers.
I added the following rules to each of my carp firewalls in /tmp/rules.debug and reset the rules with pfctl. The only issue that I can see is if the connection goes down you might have to open a new brower to continue your session on the other servers in the group. It does seem to maintain it's connections to the correct server resonabley Well though. I will test the servers in load now though and see if the connections To each server can be limited with standard rule or maybe some one has a better idea all together Following presumptions ######################### rl1= wan 192.168.2.2 = carp virtual ip Below was the test. ################## ###### Added a alias of two ip addresses webservers = "{ 192.168.1.2/32 192.168.1.3/32 }" ##### added to following rdr rule rdr on rl1 proto tcp from any to 192.168.2.2 port 80 -> $webservers port 80 round-robin sticky-address ##### added also the following pass rule pass in quick on $wan proto tcp from any to { 192.168.1.2/32 192.168.1.3/32 } port = 80 flags S/SA keep state queue (qWANdef, qWANacks) label "USER_RULE: NAT http test" -----Original Message----- From: Bill Marquette [mailto:[EMAIL PROTECTED] Sent: 22 July 2005 06:16 To: Scott Ullrich Cc: alan walters; support@pfsense.com Subject: Re: [pfSense Support] round robin on inbound nat On 7/21/05, Scott Ullrich <[EMAIL PROTECTED]> wrote: > Use carp with the arp load balancing feature. Technically it should > sync across there but there is a outstanding bug with XMLRPC that > we're looking at. > > Scott Wrong feature :) CARPs arp load balancing will only load balance inbound to the firewall (if setup correctly) from a directly connected network. What alan wants (if I understand correctly) is the ability to put two (or more) servers on a port forward rule. That's part of the load balancing code I'm working on - not ready yet :) Try again after Aug 7th. --Bill > > > On 7/21/05, alan walters <[EMAIL PROTECTED]> wrote: > > > > > > > > I would like to try and test an inbound round robin to our test web servers. > > > > Would it be possible to put a shell command In to do this. > > > > > > > > If so would this sync across a carp array. > > > > > > > > Look forward to your replies > > > > > > > > > > -- > > No virus found in this outgoing message. > > Checked by AVG Anti-Virus. > > Version: 7.0.323 / Virus Database: 267.9.2/53 - Release Date: 20/07/2005 > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.323 / Virus Database: 267.9.2/53 - Release Date: 20/07/2005 --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]