[pfSense] Inbound Load Balancing on 2.0
shib4u at gmail.com
Fri Oct 14 09:15:02 EDT 2011
On Fri, Oct 14, 2011 at 6:01 PM, Seb <wzd4j9jxq2 at snkmail.com> wrote:
> Hi list,
> I followed the instructions listed here -
> http://doc.pfsense.org/index.php/Inbound_Load_Balancing and got Inbound
> Load Balancing working fine (in the end - it would be good if it said that
> you needed to add firewall pass rules for both the virtual server ip and the
> underlieing IPs!).
> BUT! It also says in that guide that there is a way to enable sticky
> connections. I cannot see this in 2.0. I note that the guide was written
> for 1.2. Was this option removed, or is it somewhere else?
> At the moment, my testing has shown that if I refresh the HTML page within
> 60 seconds I get the same server, if I wait more than 60 seconds to refresh
> I get the other server. That is cutting it a bit fine for us, as we are not
> sharing sessions between the servers. I would really like to get this
> timeout to 2 minutes. I tried setting the "State Timeout" to 120 seconds in
> the firewall rule (under Advanced Options) to see if this would change
> anything, but it didn't make any difference to which web server was sent the
> Does anyone have any suggestions on how to solve my problem?
> If Sticky Connections no longer work in pfSense 2.0, how feasible is it to
> do inbound load balancing via source IP hashing?
> Or can I make another change that would do it, perhaps a sysctl setting?
> Also, this page:
> suggests using this for troubleshooting:
> /sbin/pfctl -a slb -s nat
> But when I try it I get this:
> # /sbin/pfctl -a slb -s nat
> pfctl: DIOCGETRULES: Invalid argument
> Many thanks,
> Did u check System > Advanced > Miscellaneous
Load Balancing Load Balancing *Use sticky connections*
Successive connections will be redirected to the servers in a round-robin
manner with connections from the same source being sent to the same web
server. This 'sticky connection' will exist as long as there are states that
refer to this connection. Once the states expire, so will the sticky
connection. Further connections from that host will be redirected to the
next web server in the round robin.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the List