Re: pf rules for Load Balance Incoming Connections for webservers

2011-02-02 Thread Indunil Jayasooriya
But, it always directs to one particular ip address. How to see load balancing? today, I myself learnt it from the below url http://www.openbsd.org/faq/pf/pools.html#incoming match in on $ext_if proto tcp to port 80 rdr-to $web_servers \ round-robin *sticky-address * * * Successive

pf rules for Load Balance Incoming Connections for webservers

2011-02-01 Thread Indunil Jayasooriya
Hi list, I have 3 web servers running on port 8080 behind PF firewall. I am trying to load balance these incoming connections to these web servers. I wrote rules as below. Pls pay attention to *highligthed BOLD* rules . they are the once I have written. But, I can NOT login to these web

Re: pf rules for Load Balance Incoming Connections for webservers

2011-02-01 Thread Ryan McBride
On Tue, Feb 01, 2011 at 02:22:25PM +0530, Indunil Jayasooriya wrote: I have 3 web servers running on port 8080 behind PF firewall. I am trying to load balance these incoming connections to these web servers. I wrote rules as below. Pls pay attention to *highligthed BOLD* rules . they are

Re: pf rules for Load Balance Incoming Connections for webservers

2011-02-01 Thread lilit-aibolit
Indunil Jayasooriya P?P8QP5Q: Hi list, I have 3 web servers running on port 8080 behind PF firewall. I am trying to load balance these incoming connections to these web servers. I wrote rules as below. Pls pay attention to *highligthed BOLD* rules . they are the once I have written. But, I

Re: pf rules for Load Balance Incoming Connections for webservers

2011-02-01 Thread Indunil Jayasooriya
*match in on $ext_if inet proto tcp to $ext_if port 8080 rdr-to $web_servers \ round-robin sticky-address * You need to pass the inbound traffic somehow (match doesn't do this). Either change the 'match in' above to 'pass in', YES, changed. It worked. or add another rule

Re: pf rules for Load Balance Incoming Connections for webservers

2011-02-01 Thread Rodrigo Mosconi
2011/2/1 Indunil Jayasooriya induni...@gmail.com # macros (...) web_servers = { 192.168.x.64, 192.168.x.66, 192.168.x.67 } lan_net=192.168.x.0/24 A table isn't better? I mean, we can control it without reloading the pf rules and the matching algorithm is better.