Re: Problems with load balancing

On Tue, Feb 22, 2005 at 01:42:47PM -0500, Jaime Vargas wrote:
> I am resending this, because this the second time I don't get any
> response from the list. Am I not asking properly or providing enough
> details? Please let me know, I had spent a lot of hours testing
> the configuration below trying to figure out why it doesn't work.
> I am beg for your help.
I didn't understand your problem description. Your ruleset does several
things, and it's not clear which aspect you have trouble with.
Distinguish between load-balancing connection from the LAN to external
hosts which you want to distribute across two different upstream
gateways (using route-to on 'pass in on $int_if' rules), and making sure
that replies to incoming connections (from external to fw/LAN) get
routed back through the appropriate gateway. Which of these two is the
Remove all rules that are not relevant to the problem, find the smallest
ruleset that should have the desired effect but shows the problem.
Describe one connection that shows the problem. What machine with what
IP address on which side of which NIC is initiating the TCP connection.
tcpdump the SYN on all relevant interfaces. Show where the SYN+ACK
arrives, and where it leaves. Does any packet leave through a wrong
interface? Or does it have incorrect MAC or IP addresses as source or
Show us a tcpdump of the first packet that 'goes wrong', describe on
which interface you see it, and what part is wrong, and what the correct
part would be.
If you must replace addresses with placeholders, chose readable ones and
explain the relevance of each address. Make sure that you replace all
addresses in the same why. For instance, your tcpdump output showed
non-replaced IP addresses which I couldn't associate with anything else
in your ruleset.