Re: [pfSense Support] Load Balancing

Thu, 10 Nov 2005 09:16:43 -0800

Damn things. Now my external carp has gone to INIT and the right firewall wont let me connect. 

But I can telnet from left onto the actual lan server on port 25

Lee


Lee Hetherington wrote:


Bill

Yes Im outside of that physical network

Scott
No errors no... Im just rebooting now actually. Im going to login and try telnet from firewall to private ip in a sec... 



Scott Ullrich wrote:


Well if your no longer logging errors your headed in the right
direction.   Have you rebooted?    Have you telnetted from the
firewall to the private ip port 25?

Scott

On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote:

Nope. Doesnt even log any errors in the firewall log either...



Scott Ullrich wrote:


I dont know you tell us.  Did it work?


On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote:



Ok here is what I have

WAN interface

Allow anything to connect to vip address on port 25
Allow anything to connect to internal /24 on port 25

LAN Interface

Allow anything to connect to internal/24 on port 25

Surely that covers it off?

Lee

Bill Marquette wrote:




NAT occurs before filtering.  You need a rule on the WAN interface
allowing connections to the physical server IPs.

--Bill

On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote:
I have. On the wan interface, im allowing anything to connect to the vip 
85.116.30.1 address on port 25

Do I need any others?


Scott Ullrich wrote:






Perhaps you need firewall rules!?

On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote:







0.92 Latest
For some reason left is master for the carp of the smtp and right is 
master of the carp for the external (routing)...

On the machine which is the inbound carp I have:

DENIED:
Aug 13 16:12:12 WAN 81.174.235.11.34623 85.116.30.1.25 TCP 


On the machine which is the smtp carp I have:

DENIED:
Nov 10 16:20:48 WAN 81.174.235.11.34683 192.168.7.1.25 TCP 


Looks like one of them has the wrong date too :)

Scott Ullrich wrote:








1.  What version
2. What do you see in the firewall filter logs regarding these connections 

On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote:









Ok,
I have left and right pfsense boxes. On my opt1 interface I have a carp setup: 85.116.x.1/27 is the network im using. My internal network is 
then 192.168.x.0/24

I have 85.116.x.1 assigned as the virtual
I have 85.116.x.2 on left
85.116.x.3 on right
I want to load balance 85.116.x.1 inbound on port 25 to a pool i have 
setup which contains:

192.168.x.1
192.168.x.4

The left and right also have

192.168.x.254 as virtual
192.168.x.252 on left
192.168.x.253 on right
I have a firewall rule which allows * to connect on port 25 to the carp 
address which is 85.116.x.1
The tcp connection just times out. At one point it was in the log 
saying "bad gateway 85.116.x.1"
Other than this, its exactly as described in the IncomingLoadBalancing 
example on the wiki.

Lee


Scott Ullrich wrote:
Many people have followed these and they work. You'll need to provide 
more information of how its all setup and what doesn't work.

On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote:











Hi Scott,

I followed those exactly. And yet I still have no Joy :(
Can anyone suggest anything which I may need to tick or the such which 
may prevent this from working?

Regards

Lee



Scott Ullrich wrote:












Try visiting these docs:
http://wiki.pfsense.com/wikka.php?wakka=OutgoingLoadBalancing http://wiki.pfsense.com/wikka.php?wakka=IncomingLoadBalancing 

Scott


On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote:













Hi,
Im new to pfsense and have two machines running 0.92 both with 2x Dual Port 100+ Intel Management adaptors. I cannot for the life of me get 
load balancing working.  Here is how I have them setup:

left.pfsense

fxp1   Lan
fxp2   Cross Over cable to right.pfsense for sync
fxp3   DMZ Servers
fxp4   WAN

right.pfsense

fxp1   Lan
fxp2   Cross Over cable to right.pfsense for sync
fxp3   DMZ Servers
fxp4   WAN
On my internal lan and wan I have carp's setup with virtual ip's. I wish to use one of my virtual ip's to load balance mail to 2 servers on my internal lan. I have it all setup as per on the wiki but I cannot get anything through to the mailservers on the internal lan. I have a firewall rule which allows * to connect to the virtual ip on port 25. 

Any ideas? please help.

Lee
--------------------------------------------------------------------- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
____________________________________________________________________ This e-mail has been scanned for viruses by Mailsauce. For further 
information visit http://www.mailsauce.com
--------------------------------------------------------------------- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
____________________________________________________________________ This e-mail has been scanned for viruses by Mailsauce. For further 
information visit http://www.mailsauce.com
--------------------------------------------------------------------- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
____________________________________________________________________ This e-mail has been scanned for viruses by Mailsauce. For further 
information visit http://www.mailsauce.com
--------------------------------------------------------------------- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
____________________________________________________________________ 
This e-mail has been scanned for viruses by Mailsauce. For further
information visit http://www.mailsauce.com
--------------------------------------------------------------------- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


____________________________________________________________________
This e-mail has been scanned for viruses by Mailsauce. For further
information visit http://www.mailsauce.com









---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]






---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


____________________________________________________________________
This e-mail has been scanned for viruses by Mailsauce. For further
information visit http://www.mailsauce.com







---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


____________________________________________________________________
This e-mail has been scanned for viruses by Mailsauce. For further
information visit http://www.mailsauce.com






---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


____________________________________________________________________
This e-mail has been scanned for viruses by Mailsauce. For further
information visit http://www.mailsauce.com






---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to