[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: load balance (rdr) with tables



On Thu, Jan 13, 2005 at 05:32:45PM -0800, Gustavo A. Baratto wrote:
> the rdr rule that DOES NOT work is this:
> ---
> table <smtp> persist {10.10.10.10, 10.10.10.11}
> rdr pass on $ext_if proto tcp from any to any port {25 110 143} ->
> <smtp> round-robin sticky-address
> ---
Can you be a little more specific about what 'does not work'? What do
you expect it to do, precisely, and how does what you observe it doing
differ from those expectations?
Does the rule not apply and fail to replace connections' destination
addresses? Try to establish a couple of connections that the rdr rule
should apply to, then check related output of pfctl -vss. How are
destination addresses replaced?
Does the rule apply, but not cycle through both addresses in the table?
You're testing from different source addresses, understanding what
'sticky-address' is supposed to do, right?
Does it cycle through both addresses, but not honour 'sticky' to use the
same one for multiple connections from the same source?
Can you enable verbose debug logging with pfctl -x m and check
/var/log/messages for lines from pf (generated while trying to establish
a connection through the rdr rule)?
What do pfctl -vvsT and pfctl -t smtp -vvTs print? Does the output
change after connection attempts?
Daniel