Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pfsense on Lan only for haproxy: WAN configuration

    Scheduled Pinned Locked Moved General pfSense Questions
    1 Posts 1 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E Offline
      execcr
      last edited by

      Hello, sorry maybe for the dumb question but…
      i have this situation: i have some internal webserver, mixed http and https.
      Actually i have a box with apache2 as reverse proxy right behind the company main (and unique) firewall:

      ISP --> ISP_router --> firewall (kerio control) --> apache2_reverseproxy ---> multiple VMs with web services

      On the firewall i have a route to redirect all the traffic incoming from 1 WAN IP to the apache2 reverse proxy machine. Then via AWS Route53 DNS i managed the subdomains for the web services. When i put on live the pfsense machine with haproxy the plan is to modify the router to let point the 1 WAN IP to the new LAN ip of pfsense machine.

      I want to use pfsense with haproxy to have a nice web interface (instead of CLI) to manage reverse proxies and the pfsense latest integration with letsencrypt for CA.

      I have only this question: how i need to configure the WAN interface on pfsense? I have all now on a 10.0.10.0/24 network (all the servers, so the interface lan side of the firewall, all the servers and VMs with web services).
      Is right to configure only a LAN interface in PfSense with a 10.0.10.0/24 ip and deactivate the WAN interface? And set HAProxy frontends to listen only to LAN interface?

      I Ask becouse after some configuration (basic acme plugin working with 2 subdomain and 2 haproxy frontend running to 2 backend) i lost connection to https webgui and i had to reset pfsense machine completely...
      Thanks a lot

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.