After 2.4.0 HAproxy nolonger works with ACL's



  • Hi,

    I have the following setup with SSL offloading setup on HAProxy

    Listening on WAN address

    They are going to:

    • 192.168.90.15:443

    • 192.168.90.15:73434

    • 192.168.90.15:33622

    I have a wildcard SSL cert on my server and have it set so when source IP is from my network and wanting to go to site2 or site3 then let them go.

    Site1 has no acls so if anyone points to site1 they can go there no problem. THAT is the only thing that is working. The site2 or site3 with ACLS to only allow traffic from inside the network is not working. It was working prior to the update. Any ideas why?


  • Banned

    Perhaps because the site "with ACLS to only allow traffic from inside the network" should listen on LAN (on another internal interface) and not be "listening on WAN address".



  • under normal circumstances I would say yes but because it is resolving a DNS entry that resolves to 1 IP address and gets routed based on some rules I cannot have a "split-dns" situation with pfsense. It would be nice to have pfsense give back two different ip addresses to 1 dns entry depending on the subnet but that isnt the case lol.


Log in to reply