Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    HAProxy + CARP VIP, Health Checks going out wrong interface

    Scheduled Pinned Locked Moved
    Cache/Proxy
    1
    2
    519
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      follysuperscript
      last edited by follysuperscript

      Hello,

      Recently reconfigured my pfSense setup to get ready for a CARP setup. Currently only 1 firewall with a CARP VIP, which automatically becomes master.

      I've reconfigured my HAProxy to sit on the new CARP VIP (.1) instead of the native IP (.2). This is working great, but oddly, on my busiest back-end, some of the destinations ports are showing offline.

      After poking around it looks like most of the traffic is going out of the .1 address, but for some reason some is additionally going out .2. I have rules on my back-end server allowing only the .1 address, and would prefer to leave it that way.

      Any ideas how I can constrain the HAProxy health check service to only go out a specific interface / IP?

      Any help greatly appreciated!

      F 1 Reply Last reply Reply Quote 0
      • F
        follysuperscript @follysuperscript
        last edited by

        @follysuperscript

        I got this working by adding the following to the back-end > advanced settings > "Per server pass thru"

        I added:
        source <CARP_VIP>

        Replace <CARP_VIP> with the IP you want the health check to originate from.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.