Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Stumped: cant get standard haproxy to work in VM pfsense, works ok in HW

    Scheduled Pinned Locked Moved pfSense Packages
    3 Posts 2 Posters 2.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      ace
      last edited by

      We have several  pfsense 1.2.3 boxes with haproxy 0.29 working in production since a year with no issues.  Each is a pair in failover type mode.

      Now we are trying to setup a staging environtment which replicates the production, using vSphere 5.

      We downloaded the vmware appliance, which happens to be the same 1.2.3 version of pfsense (althought the included haproxy is slightly newer at 0.32).

      We reproduced the production setup in the staging one, except we only have one in staging, so no failover/carp pair.

      But haproxy just doesnt work for some reason.

      Here is what we have:

      1. Virtual IPs (set as carp, but no carp settings added, and sync not enabled).
        Virtual IP address Type Description
        10.10.10.150/24 (vhid 3) [CARP] oursite.com

      2. FW rule to let it in.
        WAN
        Proto   Source  Port   Destination   Port            Gateway Schedule
        TCP  *         *       *                 80 (HTTP)   *

      3. NAT
        Nothing

      4. HAProxy listener (aka frontend)
        Name             Description                                      Address             Type Server pool
        http-skl-pub   skl.com Public Load Balancer HTTP       10.10.10.150:80  http http-lb-1_80

      5. server pool (aka servers)
        Name Status Listener
        http-lb-1_80 active http-skl-pub

      In the server pool are the following servers:

      Name Address Port Weight Backup
      proxy1 10.10.32.46 8080 100
      proxy2 10.10.32.50 8080 100

      I can wget 10.10.32.46:8080 from any server on the LAN ok.
      I see the head health checks coming in on 10.10.32.46 every second, so that seems ok.

      I tried enabling proxystats, but they dont work at all, i.e.
      10.10.10.150/proxystats just times out.
      wget and ping 10.10.10.150 time out.

      From the WAN, I can even wget to the 10.10.32.46 boxes, only the VIP does nothing - like it doesnt exist or is being blocked.  There dont seem to be any logging in pfsense for this kind of thing (at least nothing in the web gui log pages under "syste logs"), and we dont have any syslog servers.

      Any ideas?

      1 Reply Last reply Reply Quote 0
      • marcellocM
        marcelloc
        last edited by

        Can you check if haproxy is running?

        Treinamentos de Elite: http://sys-squad.com

        Help a community developer! ;D

        1 Reply Last reply Reply Quote 0
        • A
          ace
          last edited by

          Not sure how to check if haproxy is running, but I can see it hitting the apache every second with its heartbead "head" requiest.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.