Netgate SG-1000 microFirewall

Author Topic: Basic VIP and Load Balance Issue - Port won't make TCP connection  (Read 90 times)

0 Members and 1 Guest are viewing this topic.

Offline umuzidan

  • Newbie
  • *
  • Posts: 8
  • Karma: +0/-0
    • View Profile
Real simply, I have two open relay internal email servers both listening on port 26. I can telnet to each individual server but not to the VIP. I created a VIP on the same subnet at the servers and use the VIP for LB both port 26 and HTTP. I setup the LB for an active/passive, where server 1 is the active and all traffic is directed there, and server 2 is the passive in case server 1 goes offline (according to the monitor).

It seems like no data will pass into the VIP:port and out to server 1:port, both on 26 or 80. I have a rule on that subnet to allow all traffic to pass in and out.

Is there something I'm missing?

Config:
pfSense 2.4.2-Release-p1

LAN: 172.20.30.1/24 (pfsense)
VIP: 172.20.30.192/24 (Type=IP Alias)
Pool1: Mode=LB, Server=172.20.30.138, Port=26, Monitor=TCP
Pool2: Mode=LB, Server=172.20.30.139, Port=26, Monitor=TCP
VirtualServer1: Protocol=tcp, IP Address=172.20.30.192, Pool=Pool1, Fallback Pool=Pool2

The status for both the pool and service is green / active.

And when it's all done, I can't telnet to the VIP (172.20.30.192) on port 26, but I can telnet to 172.20.30.138 and .139

Offline umuzidan

  • Newbie
  • *
  • Posts: 8
  • Karma: +0/-0
    • View Profile
Re: Basic VIP and Load Balance Issue - Port won't make TCP connection
« Reply #1 on: January 04, 2018, 02:08:19 pm »
More information... it appears that I can successfully telnet to the VIP on port 26 from another LAN. When initiated on the same LAN/subnet as the VIP, the connection never responds. On this subnet there is only one firewall rule that allows all in/out on any protocol for IPv4+IPv6, so I there isn't any possible rule that could be blocking.