On 2019-11-06 08:25, Stuart Henderson wrote:
On 2019/11/05 20:46, Mischa Peters wrote:
When you are using transparent (Direct Server Return) you have to make sure you
disable ARP on the servers you are load balancing.
Transparent is not "direct server return", that is done with "route to".
What happens with transparant is that the server gets the client IP as source,
not the IP of relayd, and will respond directly to the client from its own IP
address. The client is expecting a response from the relayd IP address and
doesn’t respond to the server.
The client is expecting a response from the address it sent packets to,
"transparent" doesn't interfere with this.
There is something fiddly with the config for "transparent" but it should
be possible to do what OP wants if relayd is on a machine on the network
path between client and destination (e.g. on a firewall/router).
relayd is on the same machine (on lo0:8443) as the destination (httpd on
re0:443). Any ideas what might be missing?
