-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi, first thanks to the developpers for this great software and thanks
to people that support others.
I've a question about inbount load balancer configuration. I'm testing
pfSense for future production use.
The matter:
- - The network:
All of this is done in a virtual environement using VirtualBox and
isolated host bridges for switches simulations.
1. The host is the client (in the WAN side)
2. The pfSense has two interface, one WAN and LAN (BTW...)
3. Two HTTP servers (linux) are on the LAN side
Host IP : 10.85.9.1/24
pfSense WAN side: (static) 10.85.9.254/24
pfSense LAN side: (static) 10.85.10.1/24
Web servers IPs: 10.85.10.244/24 , 10.85.10.245/24 (via pfSense DHCP)
Host can ping pfsense, pfsense can ping lan's machines (and BTW can ping
host)
I followed these steps:
1. I setuped a pool with the web servers on it.
2. I setuped a virtual server with IP 10.85.9.40 (and also tried the
firewall WAN IP)
3. Made an LAN rule for PASS * to * to * (all pass so...)
4. Made an WAN rule for PASS * to * to * (all pass so...) (I know,
testing purpose ONLY)
and ...
nothing work...
I tried to add a VIP of three type (arpp, carp and other) but no
success. (When I try carp, the Vserver ping and ARP reply is sent but
it's just the firewall itself, normal thing , i know)
Did I miss something?
Following the doc there is the ouptut of
# /sbin/pfctl -a slb -s nat
rdr inet proto tcp from any to 10.85.9.254 port = isi-gl -> {
10.85.10.244, 10.85.10.245 } port 80 round-robin
And according to the * * * rules no output for:
cat /tmp/rules.debug | grep 10.85.10.244
Thanks in advance and I hope that my english wasn't too awfull, because
it's not my current language.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFIelpFE8cHaggb0doRAppXAKC68mohbprWHnamUj8FKcUCTJkhXgCfdBhm
1uhYT5UB//t8UpOS/a53L14=
=7z7h
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
