Hi David,
On Fri, 25 Jan 2008 13:24:25 -0500
David Goldsmith <[EMAIL PROTECTED]> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> We have two firewalls running OpenBSD 4.2 with PF and CARP. We have
> two web servers that we want to load balance traffic between and have
> clients stay connected to one server as long as that server is up.
>
> Our /etc/pf.conf and /etc/hoststated.conf files are configured per the
> examples in "The Book of PF" on pages 51-53. The problem is that a
> web client is not sticking to one server or the other. Each time we
> refresh the page in the browser, we connect to the other server. The
> servers each have a web page whose contents identify which server it
> is.
>
> We have been testing this from clients with IP addresses on the
> 10.1.16.0/24 subnet which is attached to the trunk0 interface on the
> firewalls. The web servers are on the 10.1.48.0/24 subnet connected
> to trunk2 on the firewalls.
>
> Here are the contents of the config files:
>
> /etc/pf.conf
> - ------------
> int_if="trunk0"
> build_if="trunk2"
>
> webserver="10.1.48.200"
> webports = "{ http, https }"
> table <webpool> persist { 10.1.48.100, 10.1.48.101 }
>
> set timeout src.track 60
>
> rdr-anchor "hoststated/*"
>
> rdr on $int_if proto tcp from any to $webserver port $webports -> \
> ~ <webpool> round-robin sticky-address
^^^ I think the second rule is not needed if hoststated is running.
AFAIK this second rule will never be "executed" if hoststaed is
running, because hoststated creates the "same" rule (before) on the
anchor position.
> pass in on $int_if proto tcp from any to <webpool> port $webports
> pass out on $build_if proto tcp from any to <webpool> port $webports
>
>
> /etc/hoststated.conf
> - --------------------
> interval 30
> timeout 2000
>
> site1_public = "10.1.48.200"
> site1_web1a = "10.1.48.100"
> site1_web1b = "10.1.48.101"
>
> # Port 80
> table webpool {
> ~ real port http
> ~ check http "/up.txt" code 200
> ~ host $site1_web1a
> ~ host $site1_web1b
> }
>
> service site1 {
> ~ virtual host $site1_public port http
> ~ tag HOSTSTATED
> ~ table webpool
> }
^^^ here you missed the sticky-address option, check: man
hoststated.conf
Regards,
Joerg
