On Mon, 13 Feb 2012 18:41:21 -0500, Jim Pingle <[email protected]> wrote: > On 2/13/2012 5:44 PM, jschmidt wrote: >> as I said, I left the VIP as it was for the 1:1 NAT, which was PARP. I >> guess I didn't pay much attention to the type, as it was working before >> w/ the 1:1 NAT... >> So I can just re-config that VIP type from PARP to Other? > > The load balancer has to bind to the VIP so it _must_ be CARP or IP > Alias. You can't use Proxy ARP or Other. All you need to do is change > the type, fix the subnet mask, and save. I hit send early yesterday...
I changed the VIP from Proxy ARP to CARP (I'm not sure what you mean by 'IP Alias' - just a host alias that points to the outside addr?). it now looks like this: (my pfSense box is 173.15.81.132/255.255.255.248 GW 173.15.81.134) 173.15.81.129/32 (vhid 1) CARP 173.15.81.130/32 PARP 173.15.81.131/32 PARP 173.15.81.133/32 PARP the three 1:1 NAT's above work as before, as well as some port forwards on 173.15.81.132, the pfSense host my WAN rules look like: Proto Source Port Destination Port ICMP * * 173.15.81.129 * TCP/UDP * * 173.15.81.129 53 (DNS) Name Type Servers/Gateways Port Monitor dns server (balance) 192.168.69.54 192.168.69.55 53 ICMP Status: Load Balancer: Virtual Server show Online for both internal IP's Status: Load Balancer: Pool is empty ^ is that normal? now, dns queries to 173.15.81.129 are hitting the pfSense host on 173.15.81.132, NOT what I intended. >> I'll take your word on which rule should work (since I've got 'em both >> set up already), but your book clearly states in section 17.1.1.2 and in >> the web server example that follows that the rule points to the inside >> addresses (the alias). Is this due to my use of a different WAN IP than >> the pfSense box? > > That may be the case for port forwards and 1:1 NAT, but the load > balancer is listening directly on the public IP. ok, I was referring to the server load balancing section of the book (sect. 17.1.1.2) - it states the opposite. > Jim _______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
