Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 2 subscribers
  • Views 1751 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Server load balancing - not reachable from same subnet

drees
I've got a fairly typical setup running Astaro 7.502 with an external subnet, DMZ and LAN.

Two webservers on the DMZ are loadbalanced (port 80/443).

The web servers are reachable both from externally and the LAN using the External web server IPs.

But if you try to use the external IP address to reach the web servers from the DMZ itself, the connection times out.

There are no packet drops logged in the firewall rules.

Any ideas on how to get this to work so we can take advantage of SLB from the same subnet?

Smells like a NAT issue to me, but I've tried the usual tricks without any success.


This thread was automatically locked due to age.
Parents
  • 0
    afaik, Astaro won't reflect traffic back into the same LAN.
    Maybe turning off spoof protection would help, but I doubt it.

    It does work if you have a DMZ; traffic from the LAN to the external address will forward to the DMZ. (default spoof protection enabled)

    Barry
  • 0 in reply to BarryG
    afaik, Astaro won't reflect traffic back into the same LAN.
    Maybe turning off spoof protection would help, but I doubt it.

    Weird - I swear that use to work at one point in time.  But I tested it and it doesn't seem to work any more.  I'll have to try turning off spoof protection...

    It does work if you have a DMZ; traffic from the LAN to the external address will forward to the DMZ. (default spoof protection enabled)

    Yes, that does work.
  • 0 in reply to drees
    I'll have to try turning off spoof protection...

    Nope - doesn't do anything.
Reply Children
No Data