[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pf load balancing, macros, tables...



> > yet this does not:
> > rdr on $ext proto tcp from any          to <web_servers_ext> port 80     -> \
> >         <web_servers_int> round-robin sticky-address
> 
> There was a bug fixed recently where pf would fail to select a
> translation when a rule did not have an explicit (or implicit) address
> family (IPv4/v6). This was backported to 3.6-stable, maybe you have an
> older kernel. To test the theory, add 'inet' to your rule, which makes
> the address family explicit.
> 
> If this is not the problem, describe exactly how 'it is not working'.
Mea culpa. I really should have given you more to go on. :-(
That said, when looking at a tcpdump -netttvvvi pflog0 port 80, it was
as you suspected: pf apparently wasn't selecting an appropriate
translation rule so connections were getting blocked my the default
block rule.
As described, simply changing to rule to this:
rdr on $ext inet proto tcp from any             to <web_servers_ext>
port 80    -> \
        <web_servers_int> round-robin sticky-address
makes everything pass through like a champ. Now to grab an updated
3.6-stable. :-)
Thanks so much.
Kevin