After 2.4.0 HAproxy nolonger works with ACL's
-
Hi,
I have the following setup with SSL offloading setup on HAProxy
Listening on WAN address
-
Site1.mydomain.com:443
-
Site2.mydomain.com:443
-
Site3.mydomain.com:443
They are going to:
-
192.168.90.15:443
-
192.168.90.15:73434
-
192.168.90.15:33622
I have a wildcard SSL cert on my server and have it set so when source IP is from my network and wanting to go to site2 or site3 then let them go.
Site1 has no acls so if anyone points to site1 they can go there no problem. THAT is the only thing that is working. The site2 or site3 with ACLS to only allow traffic from inside the network is not working. It was working prior to the update. Any ideas why?
-
-
Perhaps because the site "with ACLS to only allow traffic from inside the network" should listen on LAN (on another internal interface) and not be "listening on WAN address".
-
under normal circumstances I would say yes but because it is resolving a DNS entry that resolves to 1 IP address and gets routed based on some rules I cannot have a "split-dns" situation with pfsense. It would be nice to have pfsense give back two different ip addresses to 1 dns entry depending on the subnet but that isnt the case lol.