• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Multi Public IP on single interface with HA Proxy

Scheduled Pinned Locked Moved Cache/Proxy
7 Posts 2 Posters 2.1k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • C
    Curious
    last edited by Jul 9, 2017, 9:23 AM Jul 9, 2017, 9:18 AM

    Hi All,

    trying to replace ISA with HAProxy and am so far having no luck.

    I continuously get the following error when trying to save my shared frontend.

    "The following input errors were detected:

    • is not a valid source IP address or alias."

    I've essentially copied my interface setup from ISA to PFsense on an OPT1 interface.

    My OPT1 interface is the following.

    IP address: 10.xx.xx.2/24
    Gateway:  10.xx.xx.1/24

    VIP Alias assigned to that interface:
    203.xx.xx.56
    203.xx.xx.57
    203.xx.xx.58
    203.xx.xx.59

    I've also tried the following VIP config leaving the OPT1 interface settings the same

    CARP:
    Interface - OPT1
    Address - 10.xx.xx.2/24

    VIP:
    203.xx.xx.56/24 assigned to 10.xx.xx.2 CARP interface
    203.xx.xx.57/24 assigned to 10.xx.xx.2 CARP interface
    203.xx.xx.58/24 assigned to 10.xx.xx.2 CARP interface
    203.xx.xx.59/24 assigned to 10.xx.xx.2 CARP interface

    No matter what HAProxy will not save the shared frontend after ticking the box and selecting the parent frontend

    1 Reply Last reply Reply Quote 0
    • M
      marcelloc
      last edited by Jul 9, 2017, 1:29 PM

      Assign 203.xx.xx.56 to opt1 interface and other 203.x addresses as virtual ips on the same interface.

      Then configure haproxy on opt1 setting internal web serves as 10.x.x.x

      Treinamentos de Elite: http://sys-squad.com

      Help a community developer! ;D

      1 Reply Last reply Reply Quote 0
      • C
        Curious
        last edited by Jul 9, 2017, 3:01 PM Jul 9, 2017, 2:57 PM

        @marcelloc:

        Assign 203.xx.xx.56 to opt1 interface and other 203.x addresses as virtual ips on the same interface.

        Then configure haproxy on opt1 setting internal web serves as 10.x.x.x

        Don't think I can assign 203.xx.xx.xx to the interface directly as those WAN IPs come in from an upstream DMZ.

        This may not be 100% accurate but traffic flow is like this public -> 203.x -> 10.x.x.1 -> 10.x.x.2 -> 203.x

        1 Reply Last reply Reply Quote 0
        • M
          marcelloc
          last edited by Jul 9, 2017, 3:18 PM

          If you don't have the 203 on the box, Configure haproxy without setting config on 203.x. Configure all with you 10.x network.

          Do the upstream DMZ has nat configured from 203 to 10?

          Treinamentos de Elite: http://sys-squad.com

          Help a community developer! ;D

          1 Reply Last reply Reply Quote 0
          • C
            Curious
            last edited by Jul 9, 2017, 3:55 PM Jul 9, 2017, 3:46 PM

            @marcelloc:

            If you don't have the 203 on the box, Configure haproxy without setting config on 203.x. Configure all with you 10.x network.

            So don't make any VIPs at all, just set the interface up with it's IP and the gateway IP?
            I did think of this but I didn't know if HAProxy would be okay, I thought the WAN IPs would have to be defined somewhere.

            @marcelloc:

            Do the upstream DMZ has nat configured from 203 to 10?

            I imagine it (upstream) has NAT otherwise the public traffic wouldn't make it past the private address space, right? Yes upstream definitely has NAT.
            I'll be okay to leave pfSense NAT as automatic because it's only replying to incoming connections and not establishing external connections on its' own.

            So config should look like this?

            Interface: OPT1
            IP Address: 10.1.1.2
            Gateway:    10.1.1.1

            HAProxy Frontend
            Listen on: OPT1 Address

            1 Reply Last reply Reply Quote 0
            • C
              Curious
              last edited by Jul 9, 2017, 4:29 PM

              Argh still can't get this to work.

              I'm 100% sure traffic is hitting HAProxy it's just not being passed to the backend.

              1 Reply Last reply Reply Quote 0
              • M
                marcelloc
                last edited by Jul 9, 2017, 6:16 PM

                @Curious:

                Argh still can't get this to work.

                I'm 100% sure traffic is hitting HAProxy it's just not being passed to the backend.

                Make sure you have firewall rules permitting incoming traffic and also check if haproxy see your webserver as online.

                Treinamentos de Elite: http://sys-squad.com

                Help a community developer! ;D

                1 Reply Last reply Reply Quote 0
                1 out of 7
                • First post
                  1/7
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                  This community forum collects and processes your personal information.
                  consent.not_received