Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    [Solved] HaProxy not working/port Issue

    Cache/Proxy
    3
    23
    1224
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • manjotsc
      manjotsc last edited by manjotsc

      Error I am getting is :

      This site can’t be reached gm.manjot.net refused to connect.

      Screenshot_2020-03-12 pfSense manjot net - Firewall Rules WAN.png

      Screenshot_2020-03-12 pfSense manjot net - Services HAProxy Settings.png

      Screenshot_2020-03-12 pfSense manjot net - Services HAProxy Backend Edit.png

      Screenshot_2020-03-12 pfSense manjot net - Services HAProxy Frontend Edit.png

      1 Reply Last reply Reply Quote 0
      • Derelict
        Derelict LAYER 8 Netgate last edited by

        In this case it might be better if you posted the automatic haproxy config at the bottom of the settings page instead of screen shots.

        Looking at that might also be a good way for you to see where the mistake is.

        manjotsc 1 Reply Last reply Reply Quote 0
        • manjotsc
          manjotsc @Derelict last edited by

          @Derelict

          # Automaticaly generated, dont edit manually.
# Generated on: 2020-03-12 20:02
global
	maxconn			1000
	stats socket /tmp/haproxy.socket level admin 
	uid			80
	gid			80
	nbproc			1
	hard-stop-after		15m
	chroot				/tmp/haproxy_chroot
	daemon
	tune.ssl.default-dh-param	2048
	server-state-file /tmp/haproxy_server_state

listen HAProxyLocalStats
	bind 127.0.0.1:2200 name localstats
	mode http
	stats enable
	stats admin if TRUE
	stats show-legends
	stats uri /haproxy/haproxy_stats.php?haproxystats=1
	timeout client 5000
	timeout connect 5000
	timeout server 5000

frontend DebianServers
	bind			147.253.151.155:443 name 147.253.151.155:443   ssl crt-list /var/etc/haproxy/DebianServers.crt_list  
	mode			http
	log			global
	option			http-keep-alive
	timeout client		30000
	acl			auth	var(txn.txnhost) -m str -i auth.manjot.net
	acl			aclcrt_DebianServers	var(txn.txnhost) -m reg -i ^([^\.]*)\.manjot\.net(:([0-9]){1,5})?$
	acl			aclcrt_DebianServers	var(txn.txnhost) -m reg -i ^manjot\.net(:([0-9]){1,5})?$
	acl			aclcrt_DebianServers	var(txn.txnhost) -m reg -i ^auth\.manjot\.net(:([0-9]){1,5})?$
	acl			aclcrt_DebianServers	var(txn.txnhost) -m reg -i ^www\.auth\.manjot\.net(:([0-9]){1,5})?$
	http-request set-var(txn.txnhost) hdr(host)
	use_backend Debian-Servers_ipvANY  if  auth aclcrt_DebianServers
	use_backend Debian-Servers_ipvANY  if   aclcrt_DebianServers

backend Debian-Servers_ipvANY
	mode			http
	id			102
	log			global
	timeout connect		30000
	timeout server		30000
	retries			3
	option			httpchk OPTIONS / 
	server			auth 192.168.40.73:443 id 103 ssl check inter 1000  verify none crt /var/etc/haproxy/server_clientcert_5d2d8e0f67246.pem
          P 1 Reply Last reply Reply Quote 0
          • P
            PiBa @manjotsc last edited by PiBa

            @manjotsc
            Not sure what you are doing but something is wrong ;)..

            When i send a curl request:
            curl -k https://gm.manjot.net/
            I get 2 totally different responses.. One is a list of 5 icons, the other says something about a 'speedtestcustom' .. It looks like you are balancing traffic between 2 servers that dont contain the same website..? Though that does not show in config above.. ??

            p.s. the certificate for auth.manjot.net is not valid for the the website gm.manjot.net..
            Pehaps you got multiple primary frontends on the same IP:port.? that cannot be.. use shared-frontends if you only have 1 ip to server multiple websites.

            manjotsc 1 Reply Last reply Reply Quote 0
            • manjotsc
              manjotsc @PiBa last edited by

              @PiBa auth.manjot.net, speed.manjot.net are other two webservers I am running, but when I go to gm.manjot.net, it keep going to these two servers.

              P 2 Replies Last reply Reply Quote 0
              • P
                PiBa @manjotsc last edited by

                @manjotsc
                Is haproxy the only process listening on the :443 port ? And what does the 'complete' config look like? The config above only contains 1 server line so haproxy wouldnt be causing the switching between 2 websites. Not using multiple 'primary' frontends right?

                1 Reply Last reply Reply Quote 0
                • P
                  PiBa @manjotsc last edited by

                  @manjotsc
                  Also is traffic even passing through haproxy at all? Or do you have a 'old' nat rule that directs traffic to the servers bypassing haproxy completely.?. Can you check that the request counters on the haproxy stats page do increase when requests are made.?

                  manjotsc 2 Replies Last reply Reply Quote 0
                  • manjotsc
                    manjotsc @PiBa last edited by

                    @PiBa I am running those two server on Virtualmin, and I have port 443 open for those two ip 192.168.40.73 and 192.168.40.74, maybe there is proxy already setup in virtualmin.

                    1 Reply Last reply Reply Quote 0
                    • manjotsc
                      manjotsc @PiBa last edited by

                      @PiBa Annotation 2020-03-13 232839.png

                      1 Reply Last reply Reply Quote 0
                      • manjotsc
                        manjotsc last edited by manjotsc

                        @Derelict @PiBa I am getting connection refused for auth.manjot.net, I remove port forward for virtalmin server, I added a rule for 443 for firewall (pfsense) on wan side to use haproxy instead.

                        # Automaticaly generated, dont edit manually.
# Generated on: 2020-03-14 00:02
global
	maxconn			1000
	stats socket /tmp/haproxy.socket level admin 
	uid			80
	gid			80
	nbproc			1
	hard-stop-after		15m
	chroot				/tmp/haproxy_chroot
	daemon
	tune.ssl.default-dh-param	2048
	server-state-file /tmp/haproxy_server_state

listen HAProxyLocalStats
	bind 127.0.0.1:2200 name localstats
	mode http
	stats enable
	stats admin if TRUE
	stats show-legends
	stats uri /haproxy/haproxy_stats.php?haproxystats=1
	timeout client 5000
	timeout connect 5000
	timeout server 5000

frontend FrontEndProxy
	bind			147.253.151.155:443 name 147.253.151.155:443   ssl crt-list /var/etc/haproxy/FrontEndProxy.crt_list  
	mode			http
	log			global
	option			http-keep-alive
	timeout client		30000
	acl			auth	var(txn.txnhost) -m str -i auth.manjot.net
	acl			aclcrt_FrontEndProxy	var(txn.txnhost) -m reg -i ^([^\.]*)\.manjot\.net(:([0-9]){1,5})?$
	acl			aclcrt_FrontEndProxy	var(txn.txnhost) -m reg -i ^manjot\.net(:([0-9]){1,5})?$
	acl			aclcrt_FrontEndProxy	var(txn.txnhost) -m reg -i ^auth\.manjot\.net(:([0-9]){1,5})?$
	acl			aclcrt_FrontEndProxy	var(txn.txnhost) -m reg -i ^www\.auth\.manjot\.net(:([0-9]){1,5})?$
	http-request set-var(txn.txnhost) hdr(host)
	use_backend Auth_ipvANY  if  auth aclcrt_FrontEndProxy

backend Auth_ipvANY
	mode			http
	id			102
	log			global
	timeout connect		30000
	timeout server		30000
	retries			3
	option			httpchk OPTIONS / 
	server			auth 192.168.40.73:443 id 103 ssl check inter 1000  verify none crt /var/etc/haproxy/server_clientcert_5d2d8e0f67246.pem

                        Annotation 2020-03-14 001010.png

                        ----------------- 204.48.94.205 is my data plan public ip
                        When I try to visit auth.manjot.net in firewall it's hitting all ip address.

                        Annotation 2020-03-14 001304.png

                        P 1 Reply Last reply Reply Quote 0
                        • P
                          PiBa @manjotsc last edited by

                          @manjotsc
                          Looks to me like you still have a NAT rule in place that takes the traffic? And haproxy stats show that its FrontEndProxy has handled 0 sessions total (since it started.). So it is not receiving any traffic yet..

                          manjotsc 1 Reply Last reply Reply Quote 0
                          • manjotsc
                            manjotsc @PiBa last edited by

                            @PiBa where can I locate that nat rule.

                            P 1 Reply Last reply Reply Quote 0
                            • P
                              PiBa @manjotsc last edited by

                              @manjotsc
                              in the menu: firewall/nat/portforward ?

                              manjotsc 1 Reply Last reply Reply Quote 0
                              • manjotsc
                                manjotsc @PiBa last edited by

                                @PiBa Here's what I got

                                Screenshot_2020-03-15 pfSense manjot net - Firewall NAT Port Forward.png

                                P 1 Reply Last reply Reply Quote 0
                                • P
                                  PiBa @manjotsc last edited by

                                  @manjotsc
                                  Not sure if any of those port-alias's contain 443 also. But it seems to look alright. If this is indeed the 'active' ruleset.

                                  manjotsc 1 Reply Last reply Reply Quote 0
                                  • manjotsc
                                    manjotsc @PiBa last edited by

                                    @PiBa port-alias don't contain 443, but still not working..

                                    P 1 Reply Last reply Reply Quote 0
                                    • P
                                      PiBa @manjotsc last edited by

                                      @manjotsc can you run the command on ssh: pfctl -sn and show the output?

                                      manjotsc 1 Reply Last reply Reply Quote 0
                                      • manjotsc
                                        manjotsc @PiBa last edited by manjotsc

                                        @PiBa

                                        no nat proto carp all
nat-anchor "natearly/*" all
nat-anchor "natrules/*" all
nat on igb0 inet from <PlayStation> to any -> 147.253.151.155 port 1024:65535
nat on igb0 inet from 127.0.0.0/8 to any port = isakmp -> 147.253.151.155 static-port
nat on igb0 inet from 127.0.0.0/8 to any -> 147.253.151.155 port 1024:65535
nat on igb0 inet from <tonatsubnets> to any port = isakmp -> 147.253.151.155 static-port
nat on igb0 inet6 from <tonatsubnets> to any port = isakmp -> (igb0) round-robin static-port
nat on igb0 inet from <tonatsubnets> to any -> 147.253.151.155 port 1024:65535
nat on igb0 inet6 from <tonatsubnets> to any -> (igb0) port 1024:65535 round-robin
no nat on igb1 inet proto tcp from (igb1) to 192.168.40.4 port = 8385
no nat on igb1 inet proto tcp from (igb1) to 192.168.40.4 port = 8022
no nat on igb1 inet proto tcp from (igb1) to 192.168.40.4 port = 8027
no nat on igb1 inet proto tcp from (igb1) to 192.168.40.4 port = 8384
no nat on igb1 inet proto tcp from (igb1) to 192.168.40.4 port = 8383
no nat on igb1 inet proto udp from (igb1) to 192.168.40.4 port = 8385
no nat on igb1 inet proto udp from (igb1) to 192.168.40.4 port = 8022
no nat on igb1 inet proto udp from (igb1) to 192.168.40.4 port = 8027
no nat on igb1 inet proto udp from (igb1) to 192.168.40.4 port = 8384
no nat on igb1 inet proto udp from (igb1) to 192.168.40.4 port = 8383
nat on igb1 inet proto tcp from 192.168.40.0/24 to 192.168.40.4 port = 8385 -> 192.168.40.1 port 1024:65535
nat on igb1 inet proto tcp from 192.168.40.0/24 to 192.168.40.4 port = 8022 -> 192.168.40.1 port 1024:65535
nat on igb1 inet proto tcp from 192.168.40.0/24 to 192.168.40.4 port = 8027 -> 192.168.40.1 port 1024:65535
nat on igb1 inet proto tcp from 192.168.40.0/24 to 192.168.40.4 port = 8384 -> 192.168.40.1 port 1024:65535
nat on igb1 inet proto tcp from 192.168.40.0/24 to 192.168.40.4 port = 8383 -> 192.168.40.1 port 1024:65535
nat on igb1 inet proto udp from 192.168.40.0/24 to 192.168.40.4 port = 8385 -> 192.168.40.1 port 1024:65535
nat on igb1 inet proto udp from 192.168.40.0/24 to 192.168.40.4 port = 8022 -> 192.168.40.1 port 1024:65535
nat on igb1 inet proto udp from 192.168.40.0/24 to 192.168.40.4 port = 8027 -> 192.168.40.1 port 1024:65535
nat on igb1 inet proto udp from 192.168.40.0/24 to 192.168.40.4 port = 8384 -> 192.168.40.1 port 1024:65535
nat on igb1 inet proto udp from 192.168.40.0/24 to 192.168.40.4 port = 8383 -> 192.168.40.1 port 1024:65535
no nat on igb1 inet proto tcp from (igb1) to 192.168.40.2 port = 4075
nat on igb1 inet proto tcp from 192.168.40.0/24 to 192.168.40.2 port = 4075 -> 192.168.40.1 port 1024:65535
no nat on igb1 inet proto tcp from (igb1) to 192.168.40.3 port = 10823
nat on igb1 inet proto tcp from 192.168.40.0/24 to 192.168.40.3 port = 10823 -> 192.168.40.1 port 1024:65535
no nat on igb1 inet proto udp from (igb1) to 192.168.40.3 port = 10823
nat on igb1 inet proto udp from 192.168.40.0/24 to 192.168.40.3 port = 10823 -> 192.168.40.1 port 1024:65535
no nat on igb1 inet proto udp from (igb1) to 192.168.40.3 port = 27017
nat on igb1 inet proto udp from 192.168.40.0/24 to 192.168.40.3 port = 27017 -> 192.168.40.1 port 1024:65535
no nat on igb1 inet proto udp from (igb1) to 192.168.40.42 port = 3658
no nat on igb1 inet proto udp from (igb1) to 192.168.40.42 port = 3659
no nat on igb1 inet proto udp from (igb1) to 192.168.40.42 port = 3660
no nat on igb1 inet proto udp from (igb1) to 192.168.40.42 port = 3661
no nat on igb1 inet proto udp from (igb1) to 192.168.40.42 port = 3662
no nat on igb1 inet proto udp from (igb1) to 192.168.40.42 port = 3663
no nat on igb1 inet proto udp from (igb1) to 192.168.40.42 port = 3664
no nat on igb1 inet proto udp from (igb1) to 192.168.40.42 port = 3665
no nat on igb1 inet proto udp from (igb1) to 192.168.40.42 port = 3667
no nat on igb1 inet proto udp from (igb1) to 192.168.40.42 port = x11
no nat on igb1 inet proto udp from (igb1) to 192.168.40.42 port = x11-ssh
no nat on igb1 inet proto udp from (igb1) to 192.168.40.42 port = afs3-fileserver
no nat on igb1 inet proto udp from (igb1) to 192.168.40.42 port = 6180
nat on igb1 inet proto udp from 192.168.40.0/24 to 192.168.40.42 port = 3658 -> 192.168.40.1 port 1024:65535
nat on igb1 inet proto udp from 192.168.40.0/24 to 192.168.40.42 port = 3659 -> 192.168.40.1 port 1024:65535
nat on igb1 inet proto udp from 192.168.40.0/24 to 192.168.40.42 port = 3660 -> 192.168.40.1 port 1024:65535
nat on igb1 inet proto udp from 192.168.40.0/24 to 192.168.40.42 port = 3661 -> 192.168.40.1 port 1024:65535
nat on igb1 inet proto udp from 192.168.40.0/24 to 192.168.40.42 port = 3662 -> 192.168.40.1 port 1024:65535
nat on igb1 inet proto udp from 192.168.40.0/24 to 192.168.40.42 port = 3663 -> 192.168.40.1 port 1024:65535
nat on igb1 inet proto udp from 192.168.40.0/24 to 192.168.40.42 port = 3664 -> 192.168.40.1 port 1024:65535
nat on igb1 inet proto udp from 192.168.40.0/24 to 192.168.40.42 port = 3665 -> 192.168.40.1 port 1024:65535
nat on igb1 inet proto udp from 192.168.40.0/24 to 192.168.40.42 port = 3667 -> 192.168.40.1 port 1024:65535
nat on igb1 inet proto udp from 192.168.40.0/24 to 192.168.40.42 port = x11 -> 192.168.40.1 port 1024:65535
nat on igb1 inet proto udp from 192.168.40.0/24 to 192.168.40.42 port = x11-ssh -> 192.168.40.1 port 1024:65535
nat on igb1 inet proto udp from 192.168.40.0/24 to 192.168.40.42 port = afs3-fileserver -> 192.168.40.1 port 1024:65535
nat on igb1 inet proto udp from 192.168.40.0/24 to 192.168.40.42 port = 6180 -> 192.168.40.1 port 1024:65535
no nat on igb1 inet proto tcp from (igb1) to 192.168.40.3 port = http
no nat on igb1 inet proto tcp from (igb1) to 192.168.40.3 port = https
no nat on igb1 inet proto tcp from (igb1) to 192.168.40.3 port = 13000
no nat on igb1 inet proto tcp from (igb1) to 192.168.40.3 port = 13005
no nat on igb1 inet proto tcp from (igb1) to 192.168.40.3 port = 13200
no nat on igb1 inet proto tcp from (igb1) to 192.168.40.3 port = 14000
no nat on igb1 inet proto tcp from (igb1) to 192.168.40.3 port = sua
no nat on igb1 inet proto tcp from (igb1) to 192.168.40.3 port = 14008
no nat on igb1 inet proto tcp from (igb1) to 192.168.40.3 port = 14020
no nat on igb1 inet proto tcp from (igb1) to 192.168.40.3 port = 14021
no nat on igb1 inet proto tcp from (igb1) to 192.168.40.3 port = 14022
no nat on igb1 inet proto tcp from (igb1) to 192.168.40.3 port = 14023
no nat on igb1 inet proto tcp from (igb1) to 192.168.40.3 port = 14024
nat on igb1 inet proto tcp from 192.168.40.0/24 to 192.168.40.3 port = http -> 192.168.40.1 port 1024:65535
nat on igb1 inet proto tcp from 192.168.40.0/24 to 192.168.40.3 port = https -> 192.168.40.1 port 1024:65535
nat on igb1 inet proto tcp from 192.168.40.0/24 to 192.168.40.3 port = 13000 -> 192.168.40.1 port 1024:65535
nat on igb1 inet proto tcp from 192.168.40.0/24 to 192.168.40.3 port = 13005 -> 192.168.40.1 port 1024:65535
nat on igb1 inet proto tcp from 192.168.40.0/24 to 192.168.40.3 port = 13200 -> 192.168.40.1 port 1024:65535
nat on igb1 inet proto tcp from 192.168.40.0/24 to 192.168.40.3 port = 14000 -> 192.168.40.1 port 1024:65535
nat on igb1 inet proto tcp from 192.168.40.0/24 to 192.168.40.3 port = sua -> 192.168.40.1 port 1024:65535
nat on igb1 inet proto tcp from 192.168.40.0/24 to 192.168.40.3 port = 14008 -> 192.168.40.1 port 1024:65535
nat on igb1 inet proto tcp from 192.168.40.0/24 to 192.168.40.3 port = 14020 -> 192.168.40.1 port 1024:65535
nat on igb1 inet proto tcp from 192.168.40.0/24 to 192.168.40.3 port = 14021 -> 192.168.40.1 port 1024:65535
nat on igb1 inet proto tcp from 192.168.40.0/24 to 192.168.40.3 port = 14022 -> 192.168.40.1 port 1024:65535
nat on igb1 inet proto tcp from 192.168.40.0/24 to 192.168.40.3 port = 14023 -> 192.168.40.1 port 1024:65535
nat on igb1 inet proto tcp from 192.168.40.0/24 to 192.168.40.3 port = 14024 -> 192.168.40.1 port 1024:65535
no nat on igb1 inet proto udp from (igb1) to 192.168.40.3 port = 3075
nat on igb1 inet proto udp from 192.168.40.0/24 to 192.168.40.3 port = 3075 -> 192.168.40.1 port 1024:65535
no nat on igb1 inet proto tcp from (igb1) to 192.168.40.87 port = 9999
nat on igb1 inet proto tcp from 192.168.40.0/24 to 192.168.40.87 port = 9999 -> 192.168.40.1 port 1024:65535
no nat on igb1 inet proto tcp from (igb1) to 192.168.40.87 port = 9998
nat on igb1 inet proto tcp from 192.168.40.0/24 to 192.168.40.87 port = 9998 -> 192.168.40.1 port 1024:65535
no rdr proto carp all
rdr-anchor "relayd/*" all
rdr-anchor "tftp-proxy/*" all
rdr on igb0 inet proto tcp from any to 147.253.151.155 port = 8385 -> 192.168.40.4
rdr on igb0 inet proto tcp from any to 147.253.151.155 port = 8022 -> 192.168.40.4
rdr on igb0 inet proto tcp from any to 147.253.151.155 port = 8027 -> 192.168.40.4
rdr on igb0 inet proto tcp from any to 147.253.151.155 port = 8384 -> 192.168.40.4
rdr on igb0 inet proto tcp from any to 147.253.151.155 port = 8383 -> 192.168.40.4
rdr on igb0 inet proto udp from any to 147.253.151.155 port = 8385 -> 192.168.40.4
rdr on igb0 inet proto udp from any to 147.253.151.155 port = 8022 -> 192.168.40.4
rdr on igb0 inet proto udp from any to 147.253.151.155 port = 8027 -> 192.168.40.4
rdr on igb0 inet proto udp from any to 147.253.151.155 port = 8384 -> 192.168.40.4
rdr on igb0 inet proto udp from any to 147.253.151.155 port = 8383 -> 192.168.40.4
rdr on igb1 inet proto tcp from any to 147.253.151.155 port = 8385 -> 192.168.40.4
rdr on igb1 inet proto tcp from any to 147.253.151.155 port = 8022 -> 192.168.40.4
rdr on igb1 inet proto tcp from any to 147.253.151.155 port = 8027 -> 192.168.40.4
rdr on igb1 inet proto tcp from any to 147.253.151.155 port = 8384 -> 192.168.40.4
rdr on igb1 inet proto tcp from any to 147.253.151.155 port = 8383 -> 192.168.40.4
rdr on igb1 inet proto udp from any to 147.253.151.155 port = 8385 -> 192.168.40.4
rdr on igb1 inet proto udp from any to 147.253.151.155 port = 8022 -> 192.168.40.4
rdr on igb1 inet proto udp from any to 147.253.151.155 port = 8027 -> 192.168.40.4
rdr on igb1 inet proto udp from any to 147.253.151.155 port = 8384 -> 192.168.40.4
rdr on igb1 inet proto udp from any to 147.253.151.155 port = 8383 -> 192.168.40.4
rdr on igb2 inet proto tcp from any to 147.253.151.155 port = 8385 -> 192.168.40.4
rdr on igb2 inet proto tcp from any to 147.253.151.155 port = 8022 -> 192.168.40.4
rdr on igb2 inet proto tcp from any to 147.253.151.155 port = 8027 -> 192.168.40.4
rdr on igb2 inet proto tcp from any to 147.253.151.155 port = 8384 -> 192.168.40.4
rdr on igb2 inet proto tcp from any to 147.253.151.155 port = 8383 -> 192.168.40.4
rdr on igb2 inet proto udp from any to 147.253.151.155 port = 8385 -> 192.168.40.4
rdr on igb2 inet proto udp from any to 147.253.151.155 port = 8022 -> 192.168.40.4
rdr on igb2 inet proto udp from any to 147.253.151.155 port = 8027 -> 192.168.40.4
rdr on igb2 inet proto udp from any to 147.253.151.155 port = 8384 -> 192.168.40.4
rdr on igb2 inet proto udp from any to 147.253.151.155 port = 8383 -> 192.168.40.4
                                        manjotsc 1 Reply Last reply Reply Quote 0
                                        • manjotsc
                                          manjotsc @manjotsc last edited by manjotsc

                                          @manjotsc

                                          rdr on igb1.14 inet proto tcp from any to 147.253.151.155 port = 8385 -> 192.168.40.4
rdr on igb1.14 inet proto tcp from any to 147.253.151.155 port = 8022 -> 192.168.40.4
rdr on igb1.14 inet proto tcp from any to 147.253.151.155 port = 8027 -> 192.168.40.4
rdr on igb1.14 inet proto tcp from any to 147.253.151.155 port = 8384 -> 192.168.40.4
rdr on igb1.14 inet proto tcp from any to 147.253.151.155 port = 8383 -> 192.168.40.4
rdr on igb1.14 inet proto udp from any to 147.253.151.155 port = 8385 -> 192.168.40.4
rdr on igb1.14 inet proto udp from any to 147.253.151.155 port = 8022 -> 192.168.40.4
rdr on igb1.14 inet proto udp from any to 147.253.151.155 port = 8027 -> 192.168.40.4
rdr on igb1.14 inet proto udp from any to 147.253.151.155 port = 8384 -> 192.168.40.4
rdr on igb1.14 inet proto udp from any to 147.253.151.155 port = 8383 -> 192.168.40.4
rdr on openvpn inet proto tcp from any to 147.253.151.155 port = 8385 -> 192.168.40.4
rdr on openvpn inet proto tcp from any to 147.253.151.155 port = 8022 -> 192.168.40.4
rdr on openvpn inet proto tcp from any to 147.253.151.155 port = 8027 -> 192.168.40.4
rdr on openvpn inet proto tcp from any to 147.253.151.155 port = 8384 -> 192.168.40.4
rdr on openvpn inet proto tcp from any to 147.253.151.155 port = 8383 -> 192.168.40.4
rdr on openvpn inet proto udp from any to 147.253.151.155 port = 8385 -> 192.168.40.4
rdr on openvpn inet proto udp from any to 147.253.151.155 port = 8022 -> 192.168.40.4
rdr on openvpn inet proto udp from any to 147.253.151.155 port = 8027 -> 192.168.40.4
rdr on openvpn inet proto udp from any to 147.253.151.155 port = 8384 -> 192.168.40.4
rdr on openvpn inet proto udp from any to 147.253.151.155 port = 8383 -> 192.168.40.4
rdr on igb0 inet proto udp from any to 147.253.151.155 port = 3658 -> <PlayStation> round-robin
rdr on igb0 inet proto udp from any to 147.253.151.155 port 4000:4050 -> <PlayStation> round-robin
rdr on igb0 inet proto udp from any to 147.253.151.155 port = 9103 -> <PlayStation> round-robin
rdr on igb1 inet proto udp from any to 147.253.151.155 port = 3658 -> <PlayStation> round-robin
rdr on igb1 inet proto udp from any to 147.253.151.155 port 4000:4050 -> <PlayStation> round-robin
rdr on igb1 inet proto udp from any to 147.253.151.155 port = 9103 -> <PlayStation> round-robin
rdr on igb2 inet proto udp from any to 147.253.151.155 port = 3658 -> <PlayStation> round-robin
rdr on igb2 inet proto udp from any to 147.253.151.155 port 4000:4050 -> <PlayStation> round-robin
rdr on igb2 inet proto udp from any to 147.253.151.155 port = 9103 -> <PlayStation> round-robin
rdr on igb1.14 inet proto udp from any to 147.253.151.155 port = 3658 -> <PlayStation> round-robin
rdr on igb1.14 inet proto udp from any to 147.253.151.155 port 4000:4050 -> <PlayStation> round-robin
rdr on igb1.14 inet proto udp from any to 147.253.151.155 port = 9103 -> <PlayStation> round-robin
rdr on openvpn inet proto udp from any to 147.253.151.155 port = 3658 -> <PlayStation> round-robin
rdr on openvpn inet proto udp from any to 147.253.151.155 port 4000:4050 -> <PlayStation> round-robin
rdr on openvpn inet proto udp from any to 147.253.151.155 port = 9103 -> <PlayStation> round-robin
rdr on igb0 inet proto tcp from any to 147.253.151.155 port = http -> <PlayStation> round-robin
rdr on igb0 inet proto tcp from any to 147.253.151.155 port = https -> <PlayStation> round-robin
rdr on igb1 inet proto tcp from any to 147.253.151.155 port = http -> <PlayStation> round-robin
rdr on igb1 inet proto tcp from any to 147.253.151.155 port = https -> <PlayStation> round-robin
rdr on igb2 inet proto tcp from any to 147.253.151.155 port = http -> <PlayStation> round-robin
rdr on igb2 inet proto tcp from any to 147.253.151.155 port = https -> <PlayStation> round-robin
rdr on igb1.14 inet proto tcp from any to 147.253.151.155 port = http -> <PlayStation> round-robin
rdr on igb1.14 inet proto tcp from any to 147.253.151.155 port = https -> <PlayStation> round-robin
rdr on openvpn inet proto tcp from any to 147.253.151.155 port = http -> <PlayStation> round-robin
rdr on openvpn inet proto tcp from any to 147.253.151.155 port = https -> <PlayStation> round-robin
rdr on igb0 inet proto tcp from any to 147.253.151.155 port = 4075 -> 192.168.40.2
rdr on igb1 inet proto tcp from any to 147.253.151.155 port = 4075 -> 192.168.40.2
rdr on igb2 inet proto tcp from any to 147.253.151.155 port = 4075 -> 192.168.40.2
rdr on igb1.14 inet proto tcp from any to 147.253.151.155 port = 4075 -> 192.168.40.2
rdr on openvpn inet proto tcp from any to 147.253.151.155 port = 4075 -> 192.168.40.2
rdr on igb0 inet proto tcp from any to 147.253.151.155 port = 10823 -> 192.168.40.3
rdr on igb1 inet proto tcp from any to 147.253.151.155 port = 10823 -> 192.168.40.3
rdr on igb2 inet proto tcp from any to 147.253.151.155 port = 10823 -> 192.168.40.3
rdr on igb1.14 inet proto tcp from any to 147.253.151.155 port = 10823 -> 192.168.40.3
rdr on openvpn inet proto tcp from any to 147.253.151.155 port = 10823 -> 192.168.40.3
rdr on igb0 inet proto udp from any to 147.253.151.155 port = 10823 -> 192.168.40.3
rdr on igb1 inet proto udp from any to 147.253.151.155 port = 10823 -> 192.168.40.3
rdr on igb2 inet proto udp from any to 147.253.151.155 port = 10823 -> 192.168.40.3
rdr on igb1.14 inet proto udp from any to 147.253.151.155 port = 10823 -> 192.168.40.3
rdr on openvpn inet proto udp from any to 147.253.151.155 port = 10823 -> 192.168.40.3
rdr on igb0 inet proto udp from any to 147.253.151.155 port = 3074 -> <PlayStation> round-robin
rdr on igb1 inet proto udp from any to 147.253.151.155 port = 3074 -> <PlayStation> round-robin
rdr on igb2 inet proto udp from any to 147.253.151.155 port = 3074 -> <PlayStation> round-robin
rdr on igb1.14 inet proto udp from any to 147.253.151.155 port = 3074 -> <PlayStation> round-robin
rdr on openvpn inet proto udp from any to 147.253.151.155 port = 3074 -> <PlayStation> round-robin
rdr on igb0 inet proto udp from any to 147.253.151.155 port = 27017 -> 192.168.40.3
rdr on igb1 inet proto udp from any to 147.253.151.155 port = 27017 -> 192.168.40.3
rdr on igb2 inet proto udp from any to 147.253.151.155 port = 27017 -> 192.168.40.3
rdr on igb1.14 inet proto udp from any to 147.253.151.155 port = 27017 -> 192.168.40.3
rdr on openvpn inet proto udp from any to 147.253.151.155 port = 27017 -> 192.168.40.3
rdr on igb0 proto tcp from any to any port = http -> <PlayStation> round-robin
rdr on igb0 proto tcp from any to any port = https -> <PlayStation> round-robin
rdr on igb0 proto tcp from any to any port = 1935 -> <PlayStation> round-robin
rdr on igb0 proto tcp from any to any port = 3478 -> <PlayStation> round-robin
rdr on igb0 proto tcp from any to any port = 3480 -> <PlayStation> round-robin
rdr on igb0 proto tcp from any to any port = 3479 -> <PlayStation> round-robin
rdr on igb1 inet proto tcp from any to 147.253.151.128/25 port = http -> <PlayStation> round-robin
rdr on igb1 inet proto tcp from any to 147.253.151.128/25 port = https -> <PlayStation> round-robin
rdr on igb1 inet proto tcp from any to 147.253.151.128/25 port = 1935 -> <PlayStation> round-robin
rdr on igb1 inet proto tcp from any to 147.253.151.128/25 port = 3478 -> <PlayStation> round-robin
rdr on igb1 inet proto tcp from any to 147.253.151.128/25 port = 3480 -> <PlayStation> round-robin
rdr on igb1 inet proto tcp from any to 147.253.151.128/25 port = 3479 -> <PlayStation> round-robin
rdr on igb2 inet proto tcp from any to 147.253.151.128/25 port = http -> <PlayStation> round-robin
rdr on igb2 inet proto tcp from any to 147.253.151.128/25 port = https -> <PlayStation> round-robin
rdr on igb2 inet proto tcp from any to 147.253.151.128/25 port = 1935 -> <PlayStation> round-robin
rdr on igb2 inet proto tcp from any to 147.253.151.128/25 port = 3478 -> <PlayStation> round-robin
rdr on igb2 inet proto tcp from any to 147.253.151.128/25 port = 3480 -> <PlayStation> round-robin
rdr on igb2 inet proto tcp from any to 147.253.151.128/25 port = 3479 -> <PlayStation> round-robin
rdr on igb1.14 inet proto tcp from any to 147.253.151.128/25 port = http -> <PlayStation> round-robin
rdr on igb1.14 inet proto tcp from any to 147.253.151.128/25 port = https -> <PlayStation> round-robin
rdr on igb1.14 inet proto tcp from any to 147.253.151.128/25 port = 1935 -> <PlayStation> round-robin
rdr on igb1.14 inet proto tcp from any to 147.253.151.128/25 port = 3478 -> <PlayStation> round-robin
rdr on igb1.14 inet proto tcp from any to 147.253.151.128/25 port = 3480 -> <PlayStation> round-robin
rdr on igb1.14 inet proto tcp from any to 147.253.151.128/25 port = 3479 -> <PlayStation> round-robin
rdr on openvpn inet proto tcp from any to 147.253.151.128/25 port = http -> <PlayStation> round-robin
rdr on openvpn inet proto tcp from any to 147.253.151.128/25 port = https -> <PlayStation> round-robin
rdr on openvpn inet proto tcp from any to 147.253.151.128/25 port = 1935 -> <PlayStation> round-robin
rdr on openvpn inet proto tcp from any to 147.253.151.128/25 port = 3478 -> <PlayStation> round-robin
rdr on openvpn inet proto tcp from any to 147.253.151.128/25 port = 3480 -> <PlayStation> round-robin
rdr on openvpn inet proto tcp from any to 147.253.151.128/25 port = 3479 -> <PlayStation> round-robin
rdr on igb0 proto udp from any to any port = 3478 -> <PlayStation> round-robin
rdr on igb0 proto udp from any to any port = 3479 -> <PlayStation> round-robin
rdr on igb1 inet proto udp from any to 147.253.151.128/25 port = 3478 -> <PlayStation> round-robin
rdr on igb1 inet proto udp from any to 147.253.151.128/25 port = 3479 -> <PlayStation> round-robin
rdr on igb2 inet proto udp from any to 147.253.151.128/25 port = 3478 -> <PlayStation> round-robin
rdr on igb2 inet proto udp from any to 147.253.151.128/25 port = 3479 -> <PlayStation> round-robin
rdr on igb1.14 inet proto udp from any to 147.253.151.128/25 port = 3478 -> <PlayStation> round-robin
rdr on igb1.14 inet proto udp from any to 147.253.151.128/25 port = 3479 -> <PlayStation> round-robin
rdr on openvpn inet proto udp from any to 147.253.151.128/25 port = 3478 -> <PlayStation> round-robin
rdr on openvpn inet proto udp from any to 147.253.151.128/25 port = 3479 -> <PlayStation> round-robin
rdr on igb0 inet proto udp from any to 147.253.151.155 port = 3658 -> 192.168.40.42
rdr on igb0 inet proto udp from any to 147.253.151.155 port = 3659 -> 192.168.40.42
rdr on igb0 inet proto udp from any to 147.253.151.155 port = 3660 -> 192.168.40.42
rdr on igb0 inet proto udp from any to 147.253.151.155 port = 3661 -> 192.168.40.42
rdr on igb0 inet proto udp from any to 147.253.151.155 port = 3662 -> 192.168.40.42
rdr on igb0 inet proto udp from any to 147.253.151.155 port = 3663 -> 192.168.40.42
rdr on igb0 inet proto udp from any to 147.253.151.155 port = 3664 -> 192.168.40.42
rdr on igb0 inet proto udp from any to 147.253.151.155 port = 3665 -> 192.168.40.42
rdr on igb0 inet proto udp from any to 147.253.151.155 port = 3667 -> 192.168.40.42
rdr on igb0 inet proto udp from any to 147.253.151.155 port = x11 -> 192.168.40.42
rdr on igb0 inet proto udp from any to 147.253.151.155 port = x11-ssh -> 192.168.40.42
rdr on igb0 inet proto udp from any to 147.253.151.155 port = afs3-fileserver -> 192.168.40.42
rdr on igb0 inet proto udp from any to 147.253.151.155 port = 6180 -> 192.168.40.42
rdr on igb1 inet proto udp from any to 147.253.151.155 port = 3658 -> 192.168.40.42
rdr on igb1 inet proto udp from any to 147.253.151.155 port = 3659 -> 192.168.40.42
rdr on igb1 inet proto udp from any to 147.253.151.155 port = 3660 -> 192.168.40.42
rdr on igb1 inet proto udp from any to 147.253.151.155 port = 3661 -> 192.168.40.42
rdr on igb1 inet proto udp from any to 147.253.151.155 port = 3662 -> 192.168.40.42
rdr on igb1 inet proto udp from any to 147.253.151.155 port = 3663 -> 192.168.40.42
rdr on igb1 inet proto udp from any to 147.253.151.155 port = 3664 -> 192.168.40.42
rdr on igb1 inet proto udp from any to 147.253.151.155 port = 3665 -> 192.168.40.42
rdr on igb1 inet proto udp from any to 147.253.151.155 port = 3667 -> 192.168.40.42
rdr on igb1 inet proto udp from any to 147.253.151.155 port = x11 -> 192.168.40.42
rdr on igb1 inet proto udp from any to 147.253.151.155 port = x11-ssh -> 192.168.40.42
rdr on igb1 inet proto udp from any to 147.253.151.155 port = afs3-fileserver -> 192.168.40.42
rdr on igb1 inet proto udp from any to 147.253.151.155 port = 6180 -> 192.168.40.42
rdr on igb2 inet proto udp from any to 147.253.151.155 port = 3658 -> 192.168.40.42
rdr on igb2 inet proto udp from any to 147.253.151.155 port = 3659 -> 192.168.40.42
rdr on igb2 inet proto udp from any to 147.253.151.155 port = 3660 -> 192.168.40.42
rdr on igb2 inet proto udp from any to 147.253.151.155 port = 3661 -> 192.168.40.42
rdr on igb2 inet proto udp from any to 147.253.151.155 port = 3662 -> 192.168.40.42
rdr on igb2 inet proto udp from any to 147.253.151.155 port = 3663 -> 192.168.40.42
rdr on igb2 inet proto udp from any to 147.253.151.155 port = 3664 -> 192.168.40.42
rdr on igb2 inet proto udp from any to 147.253.151.155 port = 3665 -> 192.168.40.42
rdr on igb2 inet proto udp from any to 147.253.151.155 port = 3667 -> 192.168.40.42
rdr on igb2 inet proto udp from any to 147.253.151.155 port = x11 -> 192.168.40.42
rdr on igb2 inet proto udp from any to 147.253.151.155 port = x11-ssh -> 192.168.40.42
rdr on igb2 inet proto udp from any to 147.253.151.155 port = afs3-fileserver -> 192.168.40.42
rdr on igb2 inet proto udp from any to 147.253.151.155 port = 6180 -> 192.168.40.42
rdr on igb1.14 inet proto udp from any to 147.253.151.155 port = 3658 -> 192.168.40.42
rdr on igb1.14 inet proto udp from any to 147.253.151.155 port = 3659 -> 192.168.40.42
rdr on igb1.14 inet proto udp from any to 147.253.151.155 port = 3660 -> 192.168.40.42
rdr on igb1.14 inet proto udp from any to 147.253.151.155 port = 3661 -> 192.168.40.42
rdr on igb1.14 inet proto udp from any to 147.253.151.155 port = 3662 -> 192.168.40.42
rdr on igb1.14 inet proto udp from any to 147.253.151.155 port = 3663 -> 192.168.40.42
rdr on igb1.14 inet proto udp from any to 147.253.151.155 port = 3664 -> 192.168.40.42
rdr on igb1.14 inet proto udp from any to 147.253.151.155 port = 3665 -> 192.168.40.42
rdr on igb1.14 inet proto udp from any to 147.253.151.155 port = 3667 -> 192.168.40.42
rdr on igb1.14 inet proto udp from any to 147.253.151.155 port = x11 -> 192.168.40.42
rdr on igb1.14 inet proto udp from any to 147.253.151.155 port = x11-ssh -> 192.168.40.42
rdr on igb1.14 inet proto udp from any to 147.253.151.155 port = afs3-fileserver -> 192.168.40.42
rdr on igb1.14 inet proto udp from any to 147.253.151.155 port = 6180 -> 192.168.40.42
rdr on openvpn inet proto udp from any to 147.253.151.155 port = 3658 -> 192.168.40.42
rdr on openvpn inet proto udp from any to 147.253.151.155 port = 3659 -> 192.168.40.42
rdr on openvpn inet proto udp from any to 147.253.151.155 port = 3660 -> 192.168.40.42
rdr on openvpn inet proto udp from any to 147.253.151.155 port = 3661 -> 192.168.40.42
rdr on openvpn inet proto udp from any to 147.253.151.155 port = 3662 -> 192.168.40.42
rdr on openvpn inet proto udp from any to 147.253.151.155 port = 3663 -> 192.168.40.42
rdr on openvpn inet proto udp from any to 147.253.151.155 port = 3664 -> 192.168.40.42
rdr on openvpn inet proto udp from any to 147.253.151.155 port = 3665 -> 192.168.40.42
rdr on openvpn inet proto udp from any to 147.253.151.155 port = 3667 -> 192.168.40.42
rdr on openvpn inet proto udp from any to 147.253.151.155 port = x11 -> 192.168.40.42
rdr on openvpn inet proto udp from any to 147.253.151.155 port = x11-ssh -> 192.168.40.42
rdr on openvpn inet proto udp from any to 147.253.151.155 port = afs3-fileserver -> 192.168.40.42
rdr on openvpn inet proto udp from any to 147.253.151.155 port = 6180 -> 192.168.40.42
rdr on igb0 inet proto tcp from any to 147.253.151.155 port = http -> 192.168.40.3
rdr on igb0 inet proto tcp from any to 147.253.151.155 port = https -> 192.168.40.3
rdr on igb0 inet proto tcp from any to 147.253.151.155 port = 13000 -> 192.168.40.3
rdr on igb0 inet proto tcp from any to 147.253.151.155 port = 13005 -> 192.168.40.3
rdr on igb0 inet proto tcp from any to 147.253.151.155 port = 13200 -> 192.168.40.3
rdr on igb0 inet proto tcp from any to 147.253.151.155 port = 14000 -> 192.168.40.3
rdr on igb0 inet proto tcp from any to 147.253.151.155 port = sua -> 192.168.40.3
rdr on igb0 inet proto tcp from any to 147.253.151.155 port = 14008 -> 192.168.40.3
rdr on igb0 inet proto tcp from any to 147.253.151.155 port = 14020 -> 192.168.40.3
rdr on igb0 inet proto tcp from any to 147.253.151.155 port = 14021 -> 192.168.40.3
rdr on igb0 inet proto tcp from any to 147.253.151.155 port = 14022 -> 192.168.40.3
rdr on igb0 inet proto tcp from any to 147.253.151.155 port = 14023 -> 192.168.40.3
rdr on igb0 inet proto tcp from any to 147.253.151.155 port = 14024 -> 192.168.40.3
rdr on igb1 inet proto tcp from any to 147.253.151.155 port = http -> 192.168.40.3
rdr on igb1 inet proto tcp from any to 147.253.151.155 port = https -> 192.168.40.3
rdr on igb1 inet proto tcp from any to 147.253.151.155 port = 13000 -> 192.168.40.3
rdr on igb1 inet proto tcp from any to 147.253.151.155 port = 13005 -> 192.168.40.3
rdr on igb1 inet proto tcp from any to 147.253.151.155 port = 13200 -> 192.168.40.3
rdr on igb1 inet proto tcp from any to 147.253.151.155 port = 14000 -> 192.168.40.3
rdr on igb1 inet proto tcp from any to 147.253.151.155 port = sua -> 192.168.40.3
rdr on igb1 inet proto tcp from any to 147.253.151.155 port = 14008 -> 192.168.40.3
rdr on igb1 inet proto tcp from any to 147.253.151.155 port = 14020 -> 192.168.40.3
rdr on igb1 inet proto tcp from any to 147.253.151.155 port = 14021 -> 192.168.40.3
rdr on igb1 inet proto tcp from any to 147.253.151.155 port = 14022 -> 192.168.40.3
rdr on igb1 inet proto tcp from any to 147.253.151.155 port = 14023 -> 192.168.40.3
rdr on igb1 inet proto tcp from any to 147.253.151.155 port = 14024 -> 192.168.40.3
rdr on igb2 inet proto tcp from any to 147.253.151.155 port = http -> 192.168.40.3
rdr on igb2 inet proto tcp from any to 147.253.151.155 port = https -> 192.168.40.3
rdr on igb2 inet proto tcp from any to 147.253.151.155 port = 13000 -> 192.168.40.3
rdr on igb2 inet proto tcp from any to 147.253.151.155 port = 13005 -> 192.168.40.3
rdr on igb2 inet proto tcp from any to 147.253.151.155 port = 13200 -> 192.168.40.3
rdr on igb2 inet proto tcp from any to 147.253.151.155 port = 14000 -> 192.168.40.3
rdr on igb2 inet proto tcp from any to 147.253.151.155 port = sua -> 192.168.40.3
rdr on igb2 inet proto tcp from any to 147.253.151.155 port = 14008 -> 192.168.40.3
rdr on igb2 inet proto tcp from any to 147.253.151.155 port = 14020 -> 192.168.40.3
rdr on igb2 inet proto tcp from any to 147.253.151.155 port = 14021 -> 192.168.40.3
rdr on igb2 inet proto tcp from any to 147.253.151.155 port = 14022 -> 192.168.40.3
rdr on igb2 inet proto tcp from any to 147.253.151.155 port = 14023 -> 192.168.40.3
rdr on igb2 inet proto tcp from any to 147.253.151.155 port = 14024 -> 192.168.40.3
rdr on igb1.14 inet proto tcp from any to 147.253.151.155 port = http -> 192.168.40.3
rdr on igb1.14 inet proto tcp from any to 147.253.151.155 port = https -> 192.168.40.3
rdr on igb1.14 inet proto tcp from any to 147.253.151.155 port = 13000 -> 192.168.40.3
rdr on igb1.14 inet proto tcp from any to 147.253.151.155 port = 13005 -> 192.168.40.3
rdr on igb1.14 inet proto tcp from any to 147.253.151.155 port = 13200 -> 192.168.40.3
rdr on igb1.14 inet proto tcp from any to 147.253.151.155 port = 14000 -> 192.168.40.3
rdr on igb1.14 inet proto tcp from any to 147.253.151.155 port = sua -> 192.168.40.3
rdr on igb1.14 inet proto tcp from any to 147.253.151.155 port = 14008 -> 192.168.40.3
rdr on igb1.14 inet proto tcp from any to 147.253.151.155 port = 14020 -> 192.168.40.3
rdr on igb1.14 inet proto tcp from any to 147.253.151.155 port = 14021 -> 192.168.40.3
rdr on igb1.14 inet proto tcp from any to 147.253.151.155 port = 14022 -> 192.168.40.3
rdr on igb1.14 inet proto tcp from any to 147.253.151.155 port = 14023 -> 192.168.40.3
rdr on igb1.14 inet proto tcp from any to 147.253.151.155 port = 14024 -> 192.168.40.3
rdr on openvpn inet proto tcp from any to 147.253.151.155 port = http -> 192.168.40.3
rdr on openvpn inet proto tcp from any to 147.253.151.155 port = https -> 192.168.40.3
rdr on openvpn inet proto tcp from any to 147.253.151.155 port = 13000 -> 192.168.40.3
rdr on openvpn inet proto tcp from any to 147.253.151.155 port = 13005 -> 192.168.40.3
rdr on openvpn inet proto tcp from any to 147.253.151.155 port = 13200 -> 192.168.40.3
rdr on openvpn inet proto tcp from any to 147.253.151.155 port = 14000 -> 192.168.40.3
rdr on openvpn inet proto tcp from any to 147.253.151.155 port = sua -> 192.168.40.3
rdr on openvpn inet proto tcp from any to 147.253.151.155 port = 14008 -> 192.168.40.3
rdr on openvpn inet proto tcp from any to 147.253.151.155 port = 14020 -> 192.168.40.3
rdr on openvpn inet proto tcp from any to 147.253.151.155 port = 14021 -> 192.168.40.3
rdr on openvpn inet proto tcp from any to 147.253.151.155 port = 14022 -> 192.168.40.3
rdr on openvpn inet proto tcp from any to 147.253.151.155 port = 14023 -> 192.168.40.3
rdr on openvpn inet proto tcp from any to 147.253.151.155 port = 14024 -> 192.168.40.3
rdr on igb0 inet proto udp from any to 147.253.151.155 port = 3075 -> 192.168.40.3
rdr on igb1 inet proto udp from any to 147.253.151.155 port = 3075 -> 192.168.40.3
rdr on igb2 inet proto udp from any to 147.253.151.155 port = 3075 -> 192.168.40.3
rdr on igb1.14 inet proto udp from any to 147.253.151.155 port = 3075 -> 192.168.40.3
rdr on openvpn inet proto udp from any to 147.253.151.155 port = 3075 -> 192.168.40.3
rdr on igb0 inet proto tcp from any to 147.253.151.155 port = 9999 -> 192.168.40.87
rdr on igb1 inet proto tcp from any to 147.253.151.155 port = 9999 -> 192.168.40.87
rdr on igb2 inet proto tcp from any to 147.253.151.155 port = 9999 -> 192.168.40.87
rdr on igb1.14 inet proto tcp from any to 147.253.151.155 port = 9999 -> 192.168.40.87
rdr on openvpn inet proto tcp from any to 147.253.151.155 port = 9999 -> 192.168.40.87
rdr on igb0 inet proto tcp from any to 147.253.151.155 port = 9998 -> 192.168.40.87
rdr on igb1 inet proto tcp from any to 147.253.151.155 port = 9998 -> 192.168.40.87
rdr on igb2 inet proto tcp from any to 147.253.151.155 port = 9998 -> 192.168.40.87
rdr on igb1.14 inet proto tcp from any to 147.253.151.155 port = 9998 -> 192.168.40.87
rdr on openvpn inet proto tcp from any to 147.253.151.155 port = 9998 -> 192.168.40.87
rdr on igb0 inet proto udp from any to 147.253.151.155 port = 40010 -> 192.168.45.1
rdr on igb1 inet proto udp from any to 147.253.151.155 port = 40010 -> 192.168.45.1
rdr on igb2 inet proto udp from any to 147.253.151.155 port = 40010 -> 192.168.45.1
rdr on igb1.14 inet proto udp from any to 147.253.151.155 port = 40010 -> 192.168.45.1
rdr on openvpn inet proto udp from any to 147.253.151.155 port = 40010 -> 192.168.45.1
rdr on igb0 inet proto tcp from any to 147.253.151.155 port = 40000 -> 192.168.44.1
rdr on igb1 inet proto tcp from any to 147.253.151.155 port = 40000 -> 192.168.44.1
rdr on igb2 inet proto tcp from any to 147.253.151.155 port = 40000 -> 192.168.44.1
rdr on igb1.14 inet proto tcp from any to 147.253.151.155 port = 40000 -> 192.168.44.1
rdr on openvpn inet proto tcp from any to 147.253.151.155 port = 40000 -> 192.168.44.1
rdr pass on igb1 inet proto tcp from any to 172.16.1.1 port = http -> 127.0.0.1 port 8081
rdr pass on igb2 inet proto tcp from any to 172.16.1.1 port = http -> 127.0.0.1 port 8081
rdr pass on igb1.14 inet proto tcp from any to 172.16.1.1 port = http -> 127.0.0.1 port 8081
rdr pass on openvpn inet proto tcp from any to 172.16.1.1 port = http -> 127.0.0.1 port 8081
rdr pass on igb1 inet proto tcp from any to 172.16.1.1 port = https -> 127.0.0.1 port 8443
rdr pass on igb2 inet proto tcp from any to 172.16.1.1 port = https -> 127.0.0.1 port 8443
rdr pass on igb1.14 inet proto tcp from any to 172.16.1.1 port = https -> 127.0.0.1 port 8443
rdr pass on openvpn inet proto tcp from any to 172.16.1.1 port = https -> 127.0.0.1 port 8443
rdr-anchor "miniupnpd" all
                                          P 1 Reply Last reply Reply Quote 0
                                          • P
                                            PiBa @manjotsc last edited by

                                            @manjotsc
                                            There are a few candidates in there that are forwarding https traffic from your public ip..:

                                            rdr on igb0 inet proto tcp from any to 147.253.151.155 port = https -> <PlayStation> round-robin
rdr on igb0 proto tcp from any to any port = https -> <PlayStation> round-robin
rdr on igb0 inet proto tcp from any to 147.253.151.155 port = https -> 192.168.40.3
                                            manjotsc 1 Reply Last reply Reply Quote 1
                                            • manjotsc
                                              manjotsc @PiBa last edited by manjotsc

                                              @PiBa Thanks, Port Situation is fixed now, but I am getting this error now, for my pfsense

                                              Annotation 2020-03-18 083133.jpg

                                              Annotation 2020-03-18 083250.jpg

                                              # Automaticaly generated, dont edit manually.
# Generated on: 2020-03-18 08:29
global
	maxconn			1000
	stats socket /tmp/haproxy.socket level admin 
	uid			80
	gid			80
	nbproc			1
	hard-stop-after		15m
	chroot				/tmp/haproxy_chroot
	daemon
	tune.ssl.default-dh-param	2048
	server-state-file /tmp/haproxy_server_state

listen HAProxyLocalStats
	bind 127.0.0.1:2200 name localstats
	mode http
	stats enable
	stats admin if TRUE
	stats show-legends
	stats uri /haproxy/haproxy_stats.php?haproxystats=1
	timeout client 5000
	timeout connect 5000
	timeout server 5000

frontend FrontEndProxy
	bind			147.253.151.155:443 name 147.253.151.155:443   ssl crt-list /var/etc/haproxy/FrontEndProxy.crt_list  
	mode			http
	log			global
	option			http-keep-alive
	timeout client		30000
	acl			auth	var(txn.txnhost) -m str -i auth.manjot.net
	acl			speed	var(txn.txnhost) -m str -i speed.manjot.net
	acl			pfsense	var(txn.txnhost) -m str -i pfsense.manjot.net
	acl			aclcrt_FrontEndProxy	var(txn.txnhost) -m reg -i ^([^\.]*)\.manjot\.net(:([0-9]){1,5})?$
	acl			aclcrt_FrontEndProxy	var(txn.txnhost) -m reg -i ^manjot\.net(:([0-9]){1,5})?$
	acl			aclcrt_FrontEndProxy	var(txn.txnhost) -m reg -i ^auth\.manjot\.net(:([0-9]){1,5})?$
	acl			aclcrt_FrontEndProxy	var(txn.txnhost) -m reg -i ^www\.auth\.manjot\.net(:([0-9]){1,5})?$
	acl			aclcrt_FrontEndProxy	var(txn.txnhost) -m reg -i ^speed\.manjot\.net(:([0-9]){1,5})?$
	acl			aclcrt_FrontEndProxy	var(txn.txnhost) -m reg -i ^ntopng\.manjot\.net(:([0-9]){1,5})?$
	acl			aclcrt_FrontEndProxy	var(txn.txnhost) -m reg -i ^pfsense\.manjot\.net(:([0-9]){1,5})?$
	http-request set-var(txn.txnhost) hdr(host)
	use_backend Auth_ipvANY  if  auth aclcrt_FrontEndProxy
	use_backend Speed_ipvANY  if  speed aclcrt_FrontEndProxy
	use_backend PfSense_ipvANY  if  pfsense aclcrt_FrontEndProxy

backend Auth_ipvANY
	mode			http
	id			102
	log			global
	timeout connect		30000
	timeout server		30000
	retries			3
	option			httpchk OPTIONS / 
	server			auth 192.168.40.73:443 id 103 ssl check inter 1000  verify none crt /var/etc/haproxy/server_clientcert_5d2d8e0f67246.pem 

backend Speed_ipvANY
	mode			http
	id			106
	log			global
	timeout connect		30000
	timeout server		30000
	retries			3
	option			httpchk OPTIONS / 
	server			speed 192.168.40.74:443 id 103 ssl check inter 1000  verify none crt /var/etc/haproxy/server_clientcert_5daf9c80e7570.pem 

backend PfSense_ipvANY
	mode			http
	id			104
	log			global
	timeout connect		30000
	timeout server		30000
	retries			3
	option			httpchk OPTIONS / 
	server			pfsense 192.168.40.1:4077 id 105 ssl check inter 1000  verify none crt /var/etc/haproxy/server_clientcert_5daf809d44c6d.pem
                                              P 1 Reply Last reply Reply Quote 0
                                              • P
                                                PiBa @manjotsc last edited by

                                                @manjotsc
                                                83ffb267-65ba-4330-9c42-b6c2f756a32e-image.png
                                                The 'not allowed' message usually tels that a wrong method was used in the request. In this case change the OPTIONS to HEAD. And it should become 'green'.

                                                manjotsc 1 Reply Last reply Reply Quote 1
                                                • manjotsc
                                                  manjotsc @PiBa last edited by

                                                  @PiBa Thank you very much, for all the support you provided.

                                                  1 Reply Last reply Reply Quote 0
                                                  • First post
                                                    Last post

                                                  Products

                                                  • Platform Overview
                                                  • TNSR
                                                  • pfSense
                                                  • Appliances

                                                  Services

                                                  • Training
                                                  • Professional Services

                                                  Support

                                                  • Subscription Plans
                                                  • Contact Support
                                                  • Product Lifecycle
                                                  • Documentation

                                                  News

                                                  • Media Coverage
                                                  • Press
                                                  • Events

                                                  Resources

                                                  • Blog
                                                  • FAQ
                                                  • Find a Partner
                                                  • Resource Library
                                                  • Security Information

                                                  Company

                                                  • About Us
                                                  • Careers
                                                  • Partners
                                                  • Contact Us
                                                  • Legal
                                                  Our Mission

                                                  We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                                                  Subscribe to our Newsletter

                                                  Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                                                  © 2021 Rubicon Communications, LLC | Privacy Policy