From owner-freebsd-pf@FreeBSD.ORG Tue Feb 13 11:49:22 2007 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 92FF816A406 for ; Tue, 13 Feb 2007 11:49:22 +0000 (UTC) (envelope-from linux@giboia.org) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.185]) by mx1.freebsd.org (Postfix) with ESMTP id 31AF413C494 for ; Tue, 13 Feb 2007 11:49:21 +0000 (UTC) (envelope-from linux@giboia.org) Received: by nf-out-0910.google.com with SMTP id m19so235436nfc for ; Tue, 13 Feb 2007 03:49:20 -0800 (PST) Received: by 10.82.136.4 with SMTP id j4mr12935759bud.1171367359842; Tue, 13 Feb 2007 03:49:19 -0800 (PST) Received: by 10.49.66.8 with HTTP; Tue, 13 Feb 2007 03:49:19 -0800 (PST) Message-ID: <6e6841490702130349n54860aacm185792e37127e762@mail.gmail.com> Date: Tue, 13 Feb 2007 09:49:19 -0200 From: "Gilberto Villani Brito" To: "FreeBSD (PF)" In-Reply-To: <1240af8c0702121150k52fad621q9e5899f99cf2b8e6@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <1240af8c0702121150k52fad621q9e5899f99cf2b8e6@mail.gmail.com> Subject: Re: Trying to setup DSR load balancing with pf route-to X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Feb 2007 11:49:22 -0000 Try to use round-robin like that: pass in on fxp0 route-to { web1, web2, webn } round-robin from any to x.100 keep state -- Gilberto Villani Brito System Administrator Londrina - PR Brazil gilbertovb(a)gmail.com On 12/02/07, Chip Marshall wrote: > I've been trying to get a Direct Server Return (DSR) load balancing > arrangment set up using FreeBSD 6.2's pf and the route-to option. > > The arrangement looks something like this > > Router > | > /---------+-------\ > | | > | +--------+ | +--------+ > +-0| lb 1 |1----+----0| web 1 |lo0--(x.100) > | +--------+ | +--------+ > | | > | +--------+ | +--------+ > \-0| lb 2 |1----+----0| web 2 |lo0--(x.100) > +--------+ | +--------+ > | > | +--------+ > +----0| web n |lo0--(x.100) > +--------+ > > Where x.100 is the routable IP address of the website. The Router has a > route to x.100 via interface 0 of the load balancers, which use pf's route-to > option to redirect the packets to one of the web servers, keeping state > so further packets for the same connection go to the same web server. > > The web servers then sent the returning packets directly to the router. > > The problem I'm having is that the load balancers aren't actually > passing packets. I have the following in their pf.conf: > > pass in on fxp0 route-to { web1, web2, webn } from any to x.100 keep state > > and that's it. > > Using tcpdump, I see packets coming into the load balancers, and I see > state rules being setup according to that rule, but I never see > packets leaving the load balancers, and definitely never see them > hitting the web farm. > > Any ideas for what I'm doing wrong here? > > -- > Chip Marshall > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" >