NAT not working but HAProxy is.



  • Hi all,

    I have a pfsense installation v2.4.4, which has a single WAN with 8 additional IPv4 addresses on top of the normal IPv4 address for the WAN. It also has 4 LAN connections (These are VLANs configured to present as separate ethernet ports).

    All of this is running on a virtual machine. I have HAProxy installed and configured to load balance a Galera Cluster without issue, and had at one point setup HAProxy to forward ports from a single virtual IPv4 on the WAN to one of the clients connected to one of the LANs and this worked as expected, with the exception of the IP address presented by the client connecting to the forwarded port being replaced by the pfsense IPv4 address. This caused a few issues, so I deleted the rules from HAProxy and set up NAT based port forwarding to do the same job.

    I have applied the rules, restarted the pfsense server, and still the ports don't appear to be being forwarded.

    Images of NAT and firewall rules below.

    Running netstat -a via the command prompt doesn't show the ports being listened to at all, which would explain why they aren't open to anyone trying to connect, but that shouldn't be happening.

    I have been through the port forwarding diagnostics page with no success.

    netstat -a running via the command prompt page on the website doesn't return any of the ports selected being listened to for some reason. Which indicates that the ports aren't open or the firewall isn't being respected when it comes to setting up the WAN connection.

    Any ideas what I can do?

    NAT Rules;
    Current NAT Rules inside the firewall

    Firewall Rules;
    Current firewall rules

    HAProxy Frontend Rules;
    alt text

    HAProxy Backend Rules;
    alt text