The pfSense Store

Author Topic: LAN side internal load-balance. Help!  (Read 972 times)

0 Members and 1 Guest are viewing this topic.

Offline romp

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
LAN side internal load-balance. Help!
« on: May 19, 2012, 08:41:00 pm »
I have a problem that seems like it should be easy to do, but pfSense hates me.

I have several SMTP servers.  I would like to be able to load balance them when one of our LAN servers sends emails.  I do not need nor want it accessible from the WAN.

For example,

  LAN interface:   172.24.0.1/16
  Load Balance IP: 172.24.200.254
  Pool IPs; 172.24.200.1-4

Yes, they are all in the same subnet.

If I telnet (port 25) directly to the SMTP servers (eg 172.24.200.1) I can connect fine.  If I try the same with 172.24.200.254, nada.

I have seen information saying that I need to do NAT Reflection or something, but I can't figure out where, how, or what to add.

Please help.

Offline marcelloc

  • Hero Member
  • *****
  • Posts: 9983
  • Karma: +2/-0
    • View Profile
Re: LAN side internal load-balance. Help!
« Reply #1 on: May 19, 2012, 09:49:51 pm »
romp,

Pfsense does not hates you, it's just doing what you configured :)

See what is happening:
workstation 172.24.150.20 asks 172.24.200.254 a smtp connection
172.24.200.254 forward this request to 172.24.200.1 pool member
172.24.200.1 accepts the request and answer ok to 172.24.150.20.
172.24.150.20 rejects the message as it asked 172.24.200.254 for a connection.

Forcing source ip to 172.24.200.254 while talking to 172.24.200.1-4 using an outbound nat rule will fix this communication issue.
You may need to change outbound nat to manual before applying the rule.

att,
Marcello Coutinho
« Last Edit: May 19, 2012, 09:52:56 pm by marcelloc »