RE: [pfSense Support] round robin on inbound nat

[alan walters]

I have done some testing today with inbound NAT and carp
And round robin load balancing to test web servers.

I added the following and it seems to work fine on bsd.


Following presumptions
#
rl1= wan
192.168.2.2 = carp virtual ip

Below was the test.
##

## Added a alias of two ip addresses

webservers = { 192.168.1.2/32 192.168.1.3/32 }

# added to following rdr rule

rdr on rl1 proto tcp from any to 192.168.2.2 port 80 - $webservers port
80 round-robin sticky-address

# added also the following pass rule

pass in quick on $wan proto tcp from any to { 192.168.1.2/32
192.168.1.3/32 } port = 80 flags S/SA keep state  queue (qWANdef,
qWANacks)  label USER_RULE: NAT http test




-Original Message-
From: Bill Marquette [mailto:[EMAIL PROTECTED] 
Sent: 22 July 2005 06:16
To: Scott Ullrich
Cc: alan walters; support@pfsense.com
Subject: Re: [pfSense Support] round robin on inbound nat

On 7/21/05, Scott Ullrich [EMAIL PROTECTED] wrote:
 Use carp with the arp load balancing feature.  Technically it should
 sync across there but there is a outstanding bug with XMLRPC that
 we're looking at.
 
 Scott

Wrong feature :)  CARPs arp load balancing will only load balance
inbound to the firewall (if setup correctly) from a directly connected
network.  What alan wants (if I understand correctly) is the ability
to put two (or more) servers on a port forward rule.  That's part of
the load balancing code I'm working on - not ready yet :)  Try again
after Aug 7th.

--Bill

 
 
 On 7/21/05, alan walters [EMAIL PROTECTED] wrote:
 
 
 
  I would like to try and test an inbound round robin to our test web
servers.
 
  Would it be possible to put a shell command In to do this.
 
 
 
  If so would this sync across a carp array.
 
 
 
  Look forward to your replies
 
 
 
 
  --
   No virus found in this outgoing message.
   Checked by AVG Anti-Virus.
   Version: 7.0.323 / Virus Database: 267.9.2/53 - Release Date:
20/07/2005
 
 
 -
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: FW: [pfSense Support] round robin on inbound nat

[Scott Ullrich]

Thats fine and all but what if you loose a web server?

We're currently working on what you have here in addition to a
monitoring daemon which will remove servers from a pool if it stops
answering requests.

Scott


On 7/22/05, alan walters [EMAIL PROTECTED] wrote:
 Sorry that was an accident. Did not mean to send it
 
 -Original Message-
 From: alan walters
 Sent: 22 July 2005 15:11
 To: 'Bill Marquette'; Scott Ullrich
 Cc: support@pfsense.com
 Subject: RE: [pfSense Support] round robin on inbound nat
 
 I have done some testing today with inbound NAT and carp
 And round robin load balancing to test web servers.
 
 I added the following and it seems to work fine on bsd.
 
 
 Following presumptions
 #
 rl1= wan
 192.168.2.2 = carp virtual ip
 
 Below was the test.
 ##
 
 ## Added a alias of two ip addresses
 
 webservers = { 192.168.1.2/32 192.168.1.3/32 }
 
 # added to following rdr rule
 
 rdr on rl1 proto tcp from any to 192.168.2.2 port 80 - $webservers port
 80 round-robin sticky-address
 
 # added also the following pass rule
 
 pass in quick on $wan proto tcp from any to { 192.168.1.2/32
 192.168.1.3/32 } port = 80 flags S/SA keep state  queue (qWANdef,
 qWANacks)  label USER_RULE: NAT http test
 
 
 
 
 -Original Message-
 From: Bill Marquette [mailto:[EMAIL PROTECTED]
 Sent: 22 July 2005 06:16
 To: Scott Ullrich
 Cc: alan walters; support@pfsense.com
 Subject: Re: [pfSense Support] round robin on inbound nat
 
 On 7/21/05, Scott Ullrich [EMAIL PROTECTED] wrote:
  Use carp with the arp load balancing feature.  Technically it should
  sync across there but there is a outstanding bug with XMLRPC that
  we're looking at.
 
  Scott
 
 Wrong feature :)  CARPs arp load balancing will only load balance
 inbound to the firewall (if setup correctly) from a directly connected
 network.  What alan wants (if I understand correctly) is the ability
 to put two (or more) servers on a port forward rule.  That's part of
 the load balancing code I'm working on - not ready yet :)  Try again
 after Aug 7th.
 
 --Bill
 
 
 
  On 7/21/05, alan walters [EMAIL PROTECTED] wrote:
  
  
  
   I would like to try and test an inbound round robin to our test web
 servers.
  
   Would it be possible to put a shell command In to do this.
  
  
  
   If so would this sync across a carp array.
  
  
  
   Look forward to your replies
  
  
  
  
   --
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.323 / Virus Database: 267.9.2/53 - Release Date:
 20/07/2005
  
 
  -
  To unsubscribe, e-mail: [EMAIL PROTECTED]
  For additional commands, e-mail: [EMAIL PROTECTED]
 
 
 
 -
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 
 
 


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]