Hi Bill,
All is carp, when the primary is off, I can ping the address still.
Primary:
# pfctl -sn -aslb
rdr inet proto tcp from any to 10.2.48.1 port = smtp -> { 10.5.49.1,
10.5.49.2 } port 25 round-robin sticky-address
rdr inet proto tcp from any to 10.2.48.1 port = http -> { 10.5.49.1,
10.5.49.2 } port 80 round-robin sticky-address
Secondary:
# pfctl -sn -aslb
rdr inet proto tcp from any to 10.2.48.1 port = smtp -> { 10.5.49.1,
10.5.49.2 } port 25 round-robin
rdr inet proto tcp from any to 10.2.48.1 port = http -> { 10.5.49.1,
10.5.49.2 } port 80 round-robin
Thanks,
Lee
Bill Marquette wrote:
Hmm, what does the output of "pfctl -sn -aslb" look like on both
boxes? The other obvious question is, are the virtual addresses that
front end your load balance pool CARP addresses? If they aren't, then
the secondary won't take them over on failover regardless of the load
balance config.
--Bill
On 10/10/07, Lee Hetherington <[EMAIL PROTECTED]> wrote:
Hi Bill,
The config was sync'd ok, I can see it on both boxes. Below is a ps -ax
from the secondary machine:
# ps -ax |grep slb
60083 ?? Ss 0:00.51 /usr/local/sbin/slbd -c/var/etc/slbd.conf -r5000
65097 p0 RV 0:00.00 grep slb (tcsh)
Looks to me like its running? I tried editing the config and saving it
like you suggest, and the ps -ax was then:
# ps -ax | grep slb
65407 ?? Ss 0:00.00 /usr/local/sbin/slbd -c/var/etc/slbd.conf -r5000
Still nothing however when I reboot the primary...
Lee
Bill Marquette wrote:
Can you confirm that the load balancer config sync'd over to the
secondary? Also, assuming it did, can you do a 'ps -ax |grep slb'
from the shell? I suspect it never started slbd after sync (as an
interim workaround, you could try going to the load balancer page on
the secondary and editing/saving the config).
--Bill
On 10/9/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
Hi Bill,
Sorry, inbound... we have 2x Web Servers behind the PFsense boxes so we are
load balancing 443 and 80 TCP
Lee
On Tue, 9 Oct 2007 08:47:27 -0500, "Bill Marquette" <[EMAIL PROTECTED]> wrote:
Inbound or outbound load balancing?
--Bill
On 10/9/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
Hi There,
Im using 1.2 RC2 on Intel boxes. I have the load balancer setup and
working, the two machines are syncing settings and the carp is working
properly. However, if I reboot the primary firewall the secondary takes
over pings, but the load balancing doesnt work again until the primary is
back online.
Everything seems to be ok, when the primary disappears, the ping drops 1
packet, then the secondary carries on and everything runs ok. The servers
on the lan interface of the firewall can route out to the internet fine
whilst running with only the secondary firewall. The only thing not to
work is the load balancer.
Anyone have any ideas?
I have it wired as:
INTERNET --> PIX 515 PAIR --> 2X CISCO 3550-EMI --> PFSENSE PAIR --> 2X
CISCO 3550-EMI --> LAN
Each of the pix/pfsense are connected to seperate switches, which are in
turn linked together.
Thanks in advance,
Lee
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
Message scanned for all known viruses by Mailsauce. Email protection
solutions from E-Sauce. For more information please visit
http://www.mailsauce.com
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
Message scanned for all known viruses by Mailsauce. Email protection solutions
from E-Sauce. For more information please visit http://www.mailsauce.com
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
Message scanned for all known viruses by Mailsauce. Email protection solutions
from E-Sauce. For more information please visit http://www.mailsauce.com
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
