4. [Solved] HaProxy not working/port Issue

[Solved] HaProxy not working/port Issue


  • Error I am getting is :

    This site can’t be reached gm.manjot.net refused to connect.

    Screenshot_2020-03-12 pfSense manjot net - Firewall Rules WAN.png

    Screenshot_2020-03-12 pfSense manjot net - Services HAProxy Settings.png

    Screenshot_2020-03-12 pfSense manjot net - Services HAProxy Backend Edit.png

    Screenshot_2020-03-12 pfSense manjot net - Services HAProxy Frontend Edit.png

    0
  • LAYER 8 Netgate

    In this case it might be better if you posted the automatic haproxy config at the bottom of the settings page instead of screen shots.

    Looking at that might also be a good way for you to see where the mistake is.

    0 1 Reply

  • @Derelict

    # Automaticaly generated, dont edit manually.
# Generated on: 2020-03-12 20:02
global
	maxconn			1000
	stats socket /tmp/haproxy.socket level admin 
	uid			80
	gid			80
	nbproc			1
	hard-stop-after		15m
	chroot				/tmp/haproxy_chroot
	daemon
	tune.ssl.default-dh-param	2048
	server-state-file /tmp/haproxy_server_state

listen HAProxyLocalStats
	bind 127.0.0.1:2200 name localstats
	mode http
	stats enable
	stats admin if TRUE
	stats show-legends
	stats uri /haproxy/haproxy_stats.php?haproxystats=1
	timeout client 5000
	timeout connect 5000
	timeout server 5000

frontend DebianServers
	bind			147.253.151.155:443 name 147.253.151.155:443   ssl crt-list /var/etc/haproxy/DebianServers.crt_list  
	mode			http
	log			global
	option			http-keep-alive
	timeout client		30000
	acl			auth	var(txn.txnhost) -m str -i auth.manjot.net
	acl			aclcrt_DebianServers	var(txn.txnhost) -m reg -i ^([^\.]*)\.manjot\.net(:([0-9]){1,5})?$
	acl			aclcrt_DebianServers	var(txn.txnhost) -m reg -i ^manjot\.net(:([0-9]){1,5})?$
	acl			aclcrt_DebianServers	var(txn.txnhost) -m reg -i ^auth\.manjot\.net(:([0-9]){1,5})?$
	acl			aclcrt_DebianServers	var(txn.txnhost) -m reg -i ^www\.auth\.manjot\.net(:([0-9]){1,5})?$
	http-request set-var(txn.txnhost) hdr(host)
	use_backend Debian-Servers_ipvANY  if  auth aclcrt_DebianServers
	use_backend Debian-Servers_ipvANY  if   aclcrt_DebianServers

backend Debian-Servers_ipvANY
	mode			http
	id			102
	log			global
	timeout connect		30000
	timeout server		30000
	retries			3
	option			httpchk OPTIONS / 
	server			auth 192.168.40.73:443 id 103 ssl check inter 1000  verify none crt /var/etc/haproxy/server_clientcert_5d2d8e0f67246.pem
    0
    P
     1 Reply
  • P

    @manjotsc
    Not sure what you are doing but something is wrong ;)..

    When i send a curl request:
    curl -k https://gm.manjot.net/
    I get 2 totally different responses.. One is a list of 5 icons, the other says something about a 'speedtestcustom' .. It looks like you are balancing traffic between 2 servers that dont contain the same website..? Though that does not show in config above.. ??

    p.s. the certificate for auth.manjot.net is not valid for the the website gm.manjot.net..
    Pehaps you got multiple primary frontends on the same IP:port.? that cannot be.. use shared-frontends if you only have 1 ip to server multiple websites.

    0 1 Reply

  • @PiBa auth.manjot.net, speed.manjot.net are other two webservers I am running, but when I go to gm.manjot.net, it keep going to these two servers.

    0
    P
     2 Replies
  • P

    @manjotsc
    Is haproxy the only process listening on the :443 port ? And what does the 'complete' config look like? The config above only contains 1 server line so haproxy wouldnt be causing the switching between 2 websites. Not using multiple 'primary' frontends right?

    0
  • P

    @manjotsc
    Also is traffic even passing through haproxy at all? Or do you have a 'old' nat rule that directs traffic to the servers bypassing haproxy completely.?. Can you check that the request counters on the haproxy stats page do increase when requests are made.?

    0 2 Replies

  • @PiBa I am running those two server on Virtualmin, and I have port 443 open for those two ip 192.168.40.73 and 192.168.40.74, maybe there is proxy already setup in virtualmin.

    0

  • @PiBa Annotation 2020-03-13 232839.png

    0

  • @Derelict @PiBa I am getting connection refused for auth.manjot.net, I remove port forward for virtalmin server, I added a rule for 443 for firewall (pfsense) on wan side to use haproxy instead.

    # Automaticaly generated, dont edit manually.
# Generated on: 2020-03-14 00:02
global
	maxconn			1000
	stats socket /tmp/haproxy.socket level admin 
	uid			80
	gid			80
	nbproc			1
	hard-stop-after		15m
	chroot				/tmp/haproxy_chroot
	daemon
	tune.ssl.default-dh-param	2048
	server-state-file /tmp/haproxy_server_state

listen HAProxyLocalStats
	bind 127.0.0.1:2200 name localstats
	mode http
	stats enable
	stats admin if TRUE
	stats show-legends
	stats uri /haproxy/haproxy_stats.php?haproxystats=1
	timeout client 5000
	timeout connect 5000
	timeout server 5000

frontend FrontEndProxy
	bind			147.253.151.155:443 name 147.253.151.155:443   ssl crt-list /var/etc/haproxy/FrontEndProxy.crt_list  
	mode			http
	log			global
	option			http-keep-alive
	timeout client		30000
	acl			auth	var(txn.txnhost) -m str -i auth.manjot.net
	acl			aclcrt_FrontEndProxy	var(txn.txnhost) -m reg -i ^([^\.]*)\.manjot\.net(:([0-9]){1,5})?$
	acl			aclcrt_FrontEndProxy	var(txn.txnhost) -m reg -i ^manjot\.net(:([0-9]){1,5})?$
	acl			aclcrt_FrontEndProxy	var(txn.txnhost) -m reg -i ^auth\.manjot\.net(:([0-9]){1,5})?$
	acl			aclcrt_FrontEndProxy	var(txn.txnhost) -m reg -i ^www\.auth\.manjot\.net(:([0-9]){1,5})?$
	http-request set-var(txn.txnhost) hdr(host)
	use_backend Auth_ipvANY  if  auth aclcrt_FrontEndProxy

backend Auth_ipvANY
	mode			http
	id			102
	log			global
	timeout connect		30000
	timeout server		30000
	retries			3
	option			httpchk OPTIONS / 
	server			auth 192.168.40.73:443 id 103 ssl check inter 1000  verify none crt /var/etc/haproxy/server_clientcert_5d2d8e0f67246.pem

    Annotation 2020-03-14 001010.png

    ----------------- 204.48.94.205 is my data plan public ip
    When I try to visit auth.manjot.net in firewall it's hitting all ip address.

    Annotation 2020-03-14 001304.png

    0
    P
     1 Reply
  • P

    @manjotsc
    Looks to me like you still have a NAT rule in place that takes the traffic? And haproxy stats show that its FrontEndProxy has handled 0 sessions total (since it started.). So it is not receiving any traffic yet..

    0 1 Reply

  • @PiBa where can I locate that nat rule.

    0
    P
     1 Reply
  • P

    @manjotsc
    in the menu: firewall/nat/portforward ?

    0 1 Reply

  • @PiBa Here's what I got

    Screenshot_2020-03-15 pfSense manjot net - Firewall NAT Port Forward.png

    0
    P
     1 Reply
  • P

    @manjotsc
    Not sure if any of those port-alias's contain 443 also. But it seems to look alright. If this is indeed the 'active' ruleset.

    0 1 Reply

  • @PiBa port-alias don't contain 443, but still not working..

    0
    P
     1 Reply
  • P

    @manjotsc can you run the command on ssh: pfctl -sn and show the output?

    0 1 Reply

  • @PiBa

    no nat proto carp all
nat-anchor "natearly/*" all
nat-anchor "natrules/*" all
nat on igb0 inet from <PlayStation> to any -> 147.253.151.155 port 1024:65535
nat on igb0 inet from 127.0.0.0/8 to any port = isakmp -> 147.253.151.155 static-port
nat on igb0 inet from 127.0.0.0/8 to any -> 147.253.151.155 port 1024:65535
nat on igb0 inet from <tonatsubnets> to any port = isakmp -> 147.253.151.155 static-port
nat on igb0 inet6 from <tonatsubnets> to any port = isakmp -> (igb0) round-robin static-port
nat on igb0 inet from <tonatsubnets> to any -> 147.253.151.155 port 1024:65535
nat on igb0 inet6 from <tonatsubnets> to any -> (igb0) port 1024:65535 round-robin
no nat on igb1 inet proto tcp from (igb1) to 192.168.40.4 port = 8385
no nat on igb1 inet proto tcp from (igb1) to 192.168.40.4 port = 8022
no nat on igb1 inet proto tcp from (igb1) to 192.168.40.4 port = 8027
no nat on igb1 inet proto tcp from (igb1) to 192.168.40.4 port = 8384
no nat on igb1 inet proto tcp from (igb1) to 192.168.40.4 port = 8383
no nat on igb1 inet proto udp from (igb1) to 192.168.40.4 port = 8385
no nat on igb1 inet proto udp from (igb1) to 192.168.40.4 port = 8022
no nat on igb1 inet proto udp from (igb1) to 192.168.40.4 port = 8027
no nat on igb1 inet proto udp from (igb1) to 192.168.40.4 port = 8384
no nat on igb1 inet proto udp from (igb1) to 192.168.40.4 port = 8383
nat on igb1 inet proto tcp from 192.168.40.0/24 to 192.168.40.4 port = 8385 -> 192.168.40.1 port 1024:65535
nat on igb1 inet proto tcp from 192.168.40.0/24 to 192.168.40.4 port = 8022 -> 192.168.40.1 port 1024:65535
nat on igb1 inet proto tcp from 192.168.40.0/24 to 192.168.40.4 port = 8027 -> 192.168.40.1 port 1024:65535
nat on igb1 inet proto tcp from 192.168.40.0/24 to 192.168.40.4 port = 8384 -> 192.168.40.1 port 1024:65535
nat on igb1 inet proto tcp from 192.168.40.0/24 to 192.168.40.4 port = 8383 -> 192.168.40.1 port 1024:65535
nat on igb1 inet proto udp from 192.168.40.0/24 to 192.168.40.4 port = 8385 -> 192.168.40.1 port 1024:65535
nat on igb1 inet proto udp from 192.168.40.0/24 to 192.168.40.4 port = 8022 -> 192.168.40.1 port 1024:65535
nat on igb1 inet proto udp from 192.168.40.0/24 to 192.168.40.4 port = 8027 -> 192.168.40.1 port 1024:65535
nat on igb1 inet proto udp from 192.168.40.0/24 to 192.168.40.4 port = 8384 -> 192.168.40.1 port 1024:65535
nat on igb1 inet proto udp from 192.168.40.0/24 to 192.168.40.4 port = 8383 -> 192.168.40.1 port 1024:65535
no nat on igb1 inet proto tcp from (igb1) to 192.168.40.2 port = 4075
nat on igb1 inet proto tcp from 192.168.40.0/24 to 192.168.40.2 port = 4075 -> 192.168.40.1 port 1024:65535
no nat on igb1 inet proto tcp from (igb1) to 192.168.40.3 port = 10823
nat on igb1 inet proto tcp from 192.168.40.0/24 to 192.168.40.3 port = 10823 -> 192.168.40.1 port 1024:65535
no nat on igb1 inet proto udp from (igb1) to 192.168.40.3 port = 10823
nat on igb1 inet proto udp from 192.168.40.0/24 to 192.168.40.3 port = 10823 -> 192.168.40.1 port 1024:65535
no nat on igb1 inet proto udp from (igb1) to 192.168.40.3 port = 27017
nat on igb1 inet proto udp from 192.168.40.0/24 to 192.168.40.3 port = 27017 -> 192.168.40.1 port 1024:65535
no nat on igb1 inet proto udp from (igb1) to 192.168.40.42 port = 3658
no nat on igb1 inet proto udp from (igb1) to 192.168.40.42 port = 3659
no nat on igb1 inet proto udp from (igb1) to 192.168.40.42 port = 3660
no nat on igb1 inet proto udp from (igb1) to 192.168.40.42 port = 3661
no nat on igb1 inet proto udp from (igb1) to 192.168.40.42 port = 3662
no nat on igb1 inet proto udp from (igb1) to 192.168.40.42 port = 3663
no nat on igb1 inet proto udp from (igb1) to 192.168.40.42 port = 3664
no nat on igb1 inet proto udp from (igb1) to 192.168.40.42 port = 3665
no nat on igb1 inet proto udp from (igb1) to 192.168.40.42 port = 3667
no nat on igb1 inet proto udp from (igb1) to 192.168.40.42 port = x11
no nat on igb1 inet proto udp from (igb1) to 192.168.40.42 port = x11-ssh
no nat on igb1 inet proto udp from (igb1) to 192.168.40.42 port = afs3-fileserver
no nat on igb1 inet proto udp from (igb1) to 192.168.40.42 port = 6180
nat on igb1 inet proto udp from 192.168.40.0/24 to 192.168.40.42 port = 3658 -> 192.168.40.1 port 1024:65535
nat on igb1 inet proto udp from 192.168.40.0/24 to 192.168.40.42 port = 3659 -> 192.168.40.1 port 1024:65535
nat on igb1 inet proto udp from 192.168.40.0/24 to 192.168.40.42 port = 3660 -> 192.168.40.1 port 1024:65535
nat on igb1 inet proto udp from 192.168.40.0/24 to 192.168.40.42 port = 3661 -> 192.168.40.1 port 1024:65535
nat on igb1 inet proto udp from 192.168.40.0/24 to 192.168.40.42 port = 3662 -> 192.168.40.1 port 1024:65535
nat on igb1 inet proto udp from 192.168.40.0/24 to 192.168.40.42 port = 3663 -> 192.168.40.1 port 1024:65535
nat on igb1 inet proto udp from 192.168.40.0/24 to 192.168.40.42 port = 3664 -> 192.168.40.1 port 1024:65535
nat on igb1 inet proto udp from 192.168.40.0/24 to 192.168.40.42 port = 3665 -> 192.168.40.1 port 1024:65535
nat on igb1 inet proto udp from 192.168.40.0/24 to 192.168.40.42 port = 3667 -> 192.168.40.1 port 1024:65535
nat on igb1 inet proto udp from 192.168.40.0/24 to 192.168.40.42 port = x11 -> 192.168.40.1 port 1024:65535
nat on igb1 inet proto udp from 192.168.40.0/24 to 192.168.40.42 port = x11-ssh -> 192.168.40.1 port 1024:65535
nat on igb1 inet proto udp from 192.168.40.0/24 to 192.168.40.42 port = afs3-fileserver -> 192.168.40.1 port 1024:65535
nat on igb1 inet proto udp from 192.168.40.0/24 to 192.168.40.42 port = 6180 -> 192.168.40.1 port 1024:65535
no nat on igb1 inet proto tcp from (igb1) to 192.168.40.3 port = http
no nat on igb1 inet proto tcp from (igb1) to 192.168.40.3 port = https
no nat on igb1 inet proto tcp from (igb1) to 192.168.40.3 port = 13000
no nat on igb1 inet proto tcp from (igb1) to 192.168.40.3 port = 13005
no nat on igb1 inet proto tcp from (igb1) to 192.168.40.3 port = 13200
no nat on igb1 inet proto tcp from (igb1) to 192.168.40.3 port = 14000
no nat on igb1 inet proto tcp from (igb1) to 192.168.40.3 port = sua
no nat on igb1 inet proto tcp from (igb1) to 192.168.40.3 port = 14008
no nat on igb1 inet proto tcp from (igb1) to 192.168.40.3 port = 14020
no nat on igb1 inet proto tcp from (igb1) to 192.168.40.3 port = 14021
no nat on igb1 inet proto tcp from (igb1) to 192.168.40.3 port = 14022
no nat on igb1 inet proto tcp from (igb1) to 192.168.40.3 port = 14023
no nat on igb1 inet proto tcp from (igb1) to 192.168.40.3 port = 14024
nat on igb1 inet proto tcp from 192.168.40.0/24 to 192.168.40.3 port = http -> 192.168.40.1 port 1024:65535
nat on igb1 inet proto tcp from 192.168.40.0/24 to 192.168.40.3 port = https -> 192.168.40.1 port 1024:65535
nat on igb1 inet proto tcp from 192.168.40.0/24 to 192.168.40.3 port = 13000 -> 192.168.40.1 port 1024:65535
nat on igb1 inet proto tcp from 192.168.40.0/24 to 192.168.40.3 port = 13005 -> 192.168.40.1 port 1024:65535
nat on igb1 inet proto tcp from 192.168.40.0/24 to 192.168.40.3 port = 13200 -> 192.168.40.1 port 1024:65535
nat on igb1 inet proto tcp from 192.168.40.0/24 to 192.168.40.3 port = 14000 -> 192.168.40.1 port 1024:65535
nat on igb1 inet proto tcp from 192.168.40.0/24 to 192.168.40.3 port = sua -> 192.168.40.1 port 1024:65535
nat on igb1 inet proto tcp from 192.168.40.0/24 to 192.168.40.3 port = 14008 -> 192.168.40.1 port 1024:65535
nat on igb1 inet proto tcp from 192.168.40.0/24 to 192.168.40.3 port = 14020 -> 192.168.40.1 port 1024:65535
nat on igb1 inet proto tcp from 192.168.40.0/24 to 192.168.40.3 port = 14021 -> 192.168.40.1 port 1024:65535
nat on igb1 inet proto tcp from 192.168.40.0/24 to 192.168.40.3 port = 14022 -> 192.168.40.1 port 1024:65535
nat on igb1 inet proto tcp from 192.168.40.0/24 to 192.168.40.3 port = 14023 -> 192.168.40.1 port 1024:65535
nat on igb1 inet proto tcp from 192.168.40.0/24 to 192.168.40.3 port = 14024 -> 192.168.40.1 port 1024:65535
no nat on igb1 inet proto udp from (igb1) to 192.168.40.3 port = 3075
nat on igb1 inet proto udp from 192.168.40.0/24 to 192.168.40.3 port = 3075 -> 192.168.40.1 port 1024:65535
no nat on igb1 inet proto tcp from (igb1) to 192.168.40.87 port = 9999
nat on igb1 inet proto tcp from 192.168.40.0/24 to 192.168.40.87 port = 9999 -> 192.168.40.1 port 1024:65535
no nat on igb1 inet proto tcp from (igb1) to 192.168.40.87 port = 9998
nat on igb1 inet proto tcp from 192.168.40.0/24 to 192.168.40.87 port = 9998 -> 192.168.40.1 port 1024:65535
no rdr proto carp all
rdr-anchor "relayd/*" all
rdr-anchor "tftp-proxy/*" all
rdr on igb0 inet proto tcp from any to 147.253.151.155 port = 8385 -> 192.168.40.4
rdr on igb0 inet proto tcp from any to 147.253.151.155 port = 8022 -> 192.168.40.4
rdr on igb0 inet proto tcp from any to 147.253.151.155 port = 8027 -> 192.168.40.4
rdr on igb0 inet proto tcp from any to 147.253.151.155 port = 8384 -> 192.168.40.4
rdr on igb0 inet proto tcp from any to 147.253.151.155 port = 8383 -> 192.168.40.4
rdr on igb0 inet proto udp from any to 147.253.151.155 port = 8385 -> 192.168.40.4
rdr on igb0 inet proto udp from any to 147.253.151.155 port = 8022 -> 192.168.40.4
rdr on igb0 inet proto udp from any to 147.253.151.155 port = 8027 -> 192.168.40.4
rdr on igb0 inet proto udp from any to 147.253.151.155 port = 8384 -> 192.168.40.4
rdr on igb0 inet proto udp from any to 147.253.151.155 port = 8383 -> 192.168.40.4
rdr on igb1 inet proto tcp from any to 147.253.151.155 port = 8385 -> 192.168.40.4
rdr on igb1 inet proto tcp from any to 147.253.151.155 port = 8022 -> 192.168.40.4
rdr on igb1 inet proto tcp from any to 147.253.151.155 port = 8027 -> 192.168.40.4
rdr on igb1 inet proto tcp from any to 147.253.151.155 port = 8384 -> 192.168.40.4
rdr on igb1 inet proto tcp from any to 147.253.151.155 port = 8383 -> 192.168.40.4
rdr on igb1 inet proto udp from any to 147.253.151.155 port = 8385 -> 192.168.40.4
rdr on igb1 inet proto udp from any to 147.253.151.155 port = 8022 -> 192.168.40.4
rdr on igb1 inet proto udp from any to 147.253.151.155 port = 8027 -> 192.168.40.4
rdr on igb1 inet proto udp from any to 147.253.151.155 port = 8384 -> 192.168.40.4
rdr on igb1 inet proto udp from any to 147.253.151.155 port = 8383 -> 192.168.40.4
rdr on igb2 inet proto tcp from any to 147.253.151.155 port = 8385 -> 192.168.40.4
rdr on igb2 inet proto tcp from any to 147.253.151.155 port = 8022 -> 192.168.40.4
rdr on igb2 inet proto tcp from any to 147.253.151.155 port = 8027 -> 192.168.40.4
rdr on igb2 inet proto tcp from any to 147.253.151.155 port = 8384 -> 192.168.40.4
rdr on igb2 inet proto tcp from any to 147.253.151.155 port = 8383 -> 192.168.40.4
rdr on igb2 inet proto udp from any to 147.253.151.155 port = 8385 -> 192.168.40.4
rdr on igb2 inet proto udp from any to 147.253.151.155 port = 8022 -> 192.168.40.4
rdr on igb2 inet proto udp from any to 147.253.151.155 port = 8027 -> 192.168.40.4
rdr on igb2 inet proto udp from any to 147.253.151.155 port = 8384 -> 192.168.40.4
rdr on igb2 inet proto udp from any to 147.253.151.155 port = 8383 -> 192.168.40.4
    0 1 Reply

  • @manjotsc

    rdr on igb1.14 inet proto tcp from any to 147.253.151.155 port = 8385 -> 192.168.40.4
rdr on igb1.14 inet proto tcp from any to 147.253.151.155 port = 8022 -> 192.168.40.4
rdr on igb1.14 inet proto tcp from any to 147.253.151.155 port = 8027 -> 192.168.40.4
rdr on igb1.14 inet proto tcp from any to 147.253.151.155 port = 8384 -> 192.168.40.4
rdr on igb1.14 inet proto tcp from any to 147.253.151.155 port = 8383 -> 192.168.40.4
rdr on igb1.14 inet proto udp from any to 147.253.151.155 port = 8385 -> 192.168.40.4
rdr on igb1.14 inet proto udp from any to 147.253.151.155 port = 8022 -> 192.168.40.4
rdr on igb1.14 inet proto udp from any to 147.253.151.155 port = 8027 -> 192.168.40.4
rdr on igb1.14 inet proto udp from any to 147.253.151.155 port = 8384 -> 192.168.40.4
rdr on igb1.14 inet proto udp from any to 147.253.151.155 port = 8383 -> 192.168.40.4
rdr on openvpn inet proto tcp from any to 147.253.151.155 port = 8385 -> 192.168.40.4
rdr on openvpn inet proto tcp from any to 147.253.151.155 port = 8022 -> 192.168.40.4
rdr on openvpn inet proto tcp from any to 147.253.151.155 port = 8027 -> 192.168.40.4
rdr on openvpn inet proto tcp from any to 147.253.151.155 port = 8384 -> 192.168.40.4
rdr on openvpn inet proto tcp from any to 147.253.151.155 port = 8383 -> 192.168.40.4
rdr on openvpn inet proto udp from any to 147.253.151.155 port = 8385 -> 192.168.40.4
rdr on openvpn inet proto udp from any to 147.253.151.155 port = 8022 -> 192.168.40.4
rdr on openvpn inet proto udp from any to 147.253.151.155 port = 8027 -> 192.168.40.4
rdr on openvpn inet proto udp from any to 147.253.151.155 port = 8384 -> 192.168.40.4
rdr on openvpn inet proto udp from any to 147.253.151.155 port = 8383 -> 192.168.40.4
rdr on igb0 inet proto udp from any to 147.253.151.155 port = 3658 -> <PlayStation> round-robin
rdr on igb0 inet proto udp from any to 147.253.151.155 port 4000:4050 -> <PlayStation> round-robin
rdr on igb0 inet proto udp from any to 147.253.151.155 port = 9103 -> <PlayStation> round-robin
rdr on igb1 inet proto udp from any to 147.253.151.155 port = 3658 -> <PlayStation> round-robin
rdr on igb1 inet proto udp from any to 147.253.151.155 port 4000:4050 -> <PlayStation> round-robin
rdr on igb1 inet proto udp from any to 147.253.151.155 port = 9103 -> <PlayStation> round-robin
rdr on igb2 inet proto udp from any to 147.253.151.155 port = 3658 -> <PlayStation> round-robin
rdr on igb2 inet proto udp from any to 147.253.151.155 port 4000:4050 -> <PlayStation> round-robin
rdr on igb2 inet proto udp from any to 147.253.151.155 port = 9103 -> <PlayStation> round-robin
rdr on igb1.14 inet proto udp from any to 147.253.151.155 port = 3658 -> <PlayStation> round-robin
rdr on igb1.14 inet proto udp from any to 147.253.151.155 port 4000:4050 -> <PlayStation> round-robin
rdr on igb1.14 inet proto udp from any to 147.253.151.155 port = 9103 -> <PlayStation> round-robin
rdr on openvpn inet proto udp from any to 147.253.151.155 port = 3658 -> <PlayStation> round-robin
rdr on openvpn inet proto udp from any to 147.253.151.155 port 4000:4050 -> <PlayStation> round-robin
rdr on openvpn inet proto udp from any to 147.253.151.155 port = 9103 -> <PlayStation> round-robin
rdr on igb0 inet proto tcp from any to 147.253.151.155 port = http -> <PlayStation> round-robin
rdr on igb0 inet proto tcp from any to 147.253.151.155 port = https -> <PlayStation> round-robin
rdr on igb1 inet proto tcp from any to 147.253.151.155 port = http -> <PlayStation> round-robin
rdr on igb1 inet proto tcp from any to 147.253.151.155 port = https -> <PlayStation> round-robin
rdr on igb2 inet proto tcp from any to 147.253.151.155 port = http -> <PlayStation> round-robin
rdr on igb2 inet proto tcp from any to 147.253.151.155 port = https -> <PlayStation> round-robin
rdr on igb1.14 inet proto tcp from any to 147.253.151.155 port = http -> <PlayStation> round-robin
rdr on igb1.14 inet proto tcp from any to 147.253.151.155 port = https -> <PlayStation> round-robin
rdr on openvpn inet proto tcp from any to 147.253.151.155 port = http -> <PlayStation> round-robin
rdr on openvpn inet proto tcp from any to 147.253.151.155 port = https -> <PlayStation> round-robin
rdr on igb0 inet proto tcp from any to 147.253.151.155 port = 4075 -> 192.168.40.2
rdr on igb1 inet proto tcp from any to 147.253.151.155 port = 4075 -> 192.168.40.2
rdr on igb2 inet proto tcp from any to 147.253.151.155 port = 4075 -> 192.168.40.2
rdr on igb1.14 inet proto tcp from any to 147.253.151.155 port = 4075 -> 192.168.40.2
rdr on openvpn inet proto tcp from any to 147.253.151.155 port = 4075 -> 192.168.40.2
rdr on igb0 inet proto tcp from any to 147.253.151.155 port = 10823 -> 192.168.40.3
rdr on igb1 inet proto tcp from any to 147.253.151.155 port = 10823 -> 192.168.40.3
rdr on igb2 inet proto tcp from any to 147.253.151.155 port = 10823 -> 192.168.40.3
rdr on igb1.14 inet proto tcp from any to 147.253.151.155 port = 10823 -> 192.168.40.3
rdr on openvpn inet proto tcp from any to 147.253.151.155 port = 10823 -> 192.168.40.3
rdr on igb0 inet proto udp from any to 147.253.151.155 port = 10823 -> 192.168.40.3
rdr on igb1 inet proto udp from any to 147.253.151.155 port = 10823 -> 192.168.40.3
rdr on igb2 inet proto udp from any to 147.253.151.155 port = 10823 -> 192.168.40.3
rdr on igb1.14 inet proto udp from any to 147.253.151.155 port = 10823 -> 192.168.40.3
rdr on openvpn inet proto udp from any to 147.253.151.155 port = 10823 -> 192.168.40.3
rdr on igb0 inet proto udp from any to 147.253.151.155 port = 3074 -> <PlayStation> round-robin
rdr on igb1 inet proto udp from any to 147.253.151.155 port = 3074 -> <PlayStation> round-robin
rdr on igb2 inet proto udp from any to 147.253.151.155 port = 3074 -> <PlayStation> round-robin
rdr on igb1.14 inet proto udp from any to 147.253.151.155 port = 3074 -> <PlayStation> round-robin
rdr on openvpn inet proto udp from any to 147.253.151.155 port = 3074 -> <PlayStation> round-robin
rdr on igb0 inet proto udp from any to 147.253.151.155 port = 27017 -> 192.168.40.3
rdr on igb1 inet proto udp from any to 147.253.151.155 port = 27017 -> 192.168.40.3
rdr on igb2 inet proto udp from any to 147.253.151.155 port = 27017 -> 192.168.40.3
rdr on igb1.14 inet proto udp from any to 147.253.151.155 port = 27017 -> 192.168.40.3
rdr on openvpn inet proto udp from any to 147.253.151.155 port = 27017 -> 192.168.40.3
rdr on igb0 proto tcp from any to any port = http -> <PlayStation> round-robin
rdr on igb0 proto tcp from any to any port = https -> <PlayStation> round-robin
rdr on igb0 proto tcp from any to any port = 1935 -> <PlayStation> round-robin
rdr on igb0 proto tcp from any to any port = 3478 -> <PlayStation> round-robin
rdr on igb0 proto tcp from any to any port = 3480 -> <PlayStation> round-robin
rdr on igb0 proto tcp from any to any port = 3479 -> <PlayStation> round-robin
rdr on igb1 inet proto tcp from any to 147.253.151.128/25 port = http -> <PlayStation> round-robin
rdr on igb1 inet proto tcp from any to 147.253.151.128/25 port = https -> <PlayStation> round-robin
rdr on igb1 inet proto tcp from any to 147.253.151.128/25 port = 1935 -> <PlayStation> round-robin
rdr on igb1 inet proto tcp from any to 147.253.151.128/25 port = 3478 -> <PlayStation> round-robin
rdr on igb1 inet proto tcp from any to 147.253.151.128/25 port = 3480 -> <PlayStation> round-robin
rdr on igb1 inet proto tcp from any to 147.253.151.128/25 port = 3479 -> <PlayStation> round-robin
rdr on igb2 inet proto tcp from any to 147.253.151.128/25 port = http -> <PlayStation> round-robin
rdr on igb2 inet proto tcp from any to 147.253.151.128/25 port = https -> <PlayStation> round-robin
rdr on igb2 inet proto tcp from any to 147.253.151.128/25 port = 1935 -> <PlayStation> round-robin
rdr on igb2 inet proto tcp from any to 147.253.151.128/25 port = 3478 -> <PlayStation> round-robin
rdr on igb2 inet proto tcp from any to 147.253.151.128/25 port = 3480 -> <PlayStation> round-robin
rdr on igb2 inet proto tcp from any to 147.253.151.128/25 port = 3479 -> <PlayStation> round-robin
rdr on igb1.14 inet proto tcp from any to 147.253.151.128/25 port = http -> <PlayStation> round-robin
rdr on igb1.14 inet proto tcp from any to 147.253.151.128/25 port = https -> <PlayStation> round-robin
rdr on igb1.14 inet proto tcp from any to 147.253.151.128/25 port = 1935 -> <PlayStation> round-robin
rdr on igb1.14 inet proto tcp from any to 147.253.151.128/25 port = 3478 -> <PlayStation> round-robin
rdr on igb1.14 inet proto tcp from any to 147.253.151.128/25 port = 3480 -> <PlayStation> round-robin
rdr on igb1.14 inet proto tcp from any to 147.253.151.128/25 port = 3479 -> <PlayStation> round-robin
rdr on openvpn inet proto tcp from any to 147.253.151.128/25 port = http -> <PlayStation> round-robin
rdr on openvpn inet proto tcp from any to 147.253.151.128/25 port = https -> <PlayStation> round-robin
rdr on openvpn inet proto tcp from any to 147.253.151.128/25 port = 1935 -> <PlayStation> round-robin
rdr on openvpn inet proto tcp from any to 147.253.151.128/25 port = 3478 -> <PlayStation> round-robin
rdr on openvpn inet proto tcp from any to 147.253.151.128/25 port = 3480 -> <PlayStation> round-robin
rdr on openvpn inet proto tcp from any to 147.253.151.128/25 port = 3479 -> <PlayStation> round-robin
rdr on igb0 proto udp from any to any port = 3478 -> <PlayStation> round-robin
rdr on igb0 proto udp from any to any port = 3479 -> <PlayStation> round-robin
rdr on igb1 inet proto udp from any to 147.253.151.128/25 port = 3478 -> <PlayStation> round-robin
rdr on igb1 inet proto udp from any to 147.253.151.128/25 port = 3479 -> <PlayStation> round-robin
rdr on igb2 inet proto udp from any to 147.253.151.128/25 port = 3478 -> <PlayStation> round-robin
rdr on igb2 inet proto udp from any to 147.253.151.128/25 port = 3479 -> <PlayStation> round-robin
rdr on igb1.14 inet proto udp from any to 147.253.151.128/25 port = 3478 -> <PlayStation> round-robin
rdr on igb1.14 inet proto udp from any to 147.253.151.128/25 port = 3479 -> <PlayStation> round-robin
rdr on openvpn inet proto udp from any to 147.253.151.128/25 port = 3478 -> <PlayStation> round-robin
rdr on openvpn inet proto udp from any to 147.253.151.128/25 port = 3479 -> <PlayStation> round-robin
rdr on igb0 inet proto udp from any to 147.253.151.155 port = 3658 -> 192.168.40.42
rdr on igb0 inet proto udp from any to 147.253.151.155 port = 3659 -> 192.168.40.42
rdr on igb0 inet proto udp from any to 147.253.151.155 port = 3660 -> 192.168.40.42
rdr on igb0 inet proto udp from any to 147.253.151.155 port = 3661 -> 192.168.40.42
rdr on igb0 inet proto udp from any to 147.253.151.155 port = 3662 -> 192.168.40.42
rdr on igb0 inet proto udp from any to 147.253.151.155 port = 3663 -> 192.168.40.42
rdr on igb0 inet proto udp from any to 147.253.151.155 port = 3664 -> 192.168.40.42
rdr on igb0 inet proto udp from any to 147.253.151.155 port = 3665 -> 192.168.40.42
rdr on igb0 inet proto udp from any to 147.253.151.155 port = 3667 -> 192.168.40.42
rdr on igb0 inet proto udp from any to 147.253.151.155 port = x11 -> 192.168.40.42
rdr on igb0 inet proto udp from any to 147.253.151.155 port = x11-ssh -> 192.168.40.42
rdr on igb0 inet proto udp from any to 147.253.151.155 port = afs3-fileserver -> 192.168.40.42
rdr on igb0 inet proto udp from any to 147.253.151.155 port = 6180 -> 192.168.40.42
rdr on igb1 inet proto udp from any to 147.253.151.155 port = 3658 -> 192.168.40.42
rdr on igb1 inet proto udp from any to 147.253.151.155 port = 3659 -> 192.168.40.42
rdr on igb1 inet proto udp from any to 147.253.151.155 port = 3660 -> 192.168.40.42
rdr on igb1 inet proto udp from any to 147.253.151.155 port = 3661 -> 192.168.40.42
rdr on igb1 inet proto udp from any to 147.253.151.155 port = 3662 -> 192.168.40.42
rdr on igb1 inet proto udp from any to 147.253.151.155 port = 3663 -> 192.168.40.42
rdr on igb1 inet proto udp from any to 147.253.151.155 port = 3664 -> 192.168.40.42
rdr on igb1 inet proto udp from any to 147.253.151.155 port = 3665 -> 192.168.40.42
rdr on igb1 inet proto udp from any to 147.253.151.155 port = 3667 -> 192.168.40.42
rdr on igb1 inet proto udp from any to 147.253.151.155 port = x11 -> 192.168.40.42
rdr on igb1 inet proto udp from any to 147.253.151.155 port = x11-ssh -> 192.168.40.42
rdr on igb1 inet proto udp from any to 147.253.151.155 port = afs3-fileserver -> 192.168.40.42
rdr on igb1 inet proto udp from any to 147.253.151.155 port = 6180 -> 192.168.40.42
rdr on igb2 inet proto udp from any to 147.253.151.155 port = 3658 -> 192.168.40.42
rdr on igb2 inet proto udp from any to 147.253.151.155 port = 3659 -> 192.168.40.42
rdr on igb2 inet proto udp from any to 147.253.151.155 port = 3660 -> 192.168.40.42
rdr on igb2 inet proto udp from any to 147.253.151.155 port = 3661 -> 192.168.40.42
rdr on igb2 inet proto udp from any to 147.253.151.155 port = 3662 -> 192.168.40.42
rdr on igb2 inet proto udp from any to 147.253.151.155 port = 3663 -> 192.168.40.42
rdr on igb2 inet proto udp from any to 147.253.151.155 port = 3664 -> 192.168.40.42
rdr on igb2 inet proto udp from any to 147.253.151.155 port = 3665 -> 192.168.40.42
rdr on igb2 inet proto udp from any to 147.253.151.155 port = 3667 -> 192.168.40.42
rdr on igb2 inet proto udp from any to 147.253.151.155 port = x11 -> 192.168.40.42
rdr on igb2 inet proto udp from any to 147.253.151.155 port = x11-ssh -> 192.168.40.42
rdr on igb2 inet proto udp from any to 147.253.151.155 port = afs3-fileserver -> 192.168.40.42
rdr on igb2 inet proto udp from any to 147.253.151.155 port = 6180 -> 192.168.40.42
rdr on igb1.14 inet proto udp from any to 147.253.151.155 port = 3658 -> 192.168.40.42
rdr on igb1.14 inet proto udp from any to 147.253.151.155 port = 3659 -> 192.168.40.42
rdr on igb1.14 inet proto udp from any to 147.253.151.155 port = 3660 -> 192.168.40.42
rdr on igb1.14 inet proto udp from any to 147.253.151.155 port = 3661 -> 192.168.40.42
rdr on igb1.14 inet proto udp from any to 147.253.151.155 port = 3662 -> 192.168.40.42
rdr on igb1.14 inet proto udp from any to 147.253.151.155 port = 3663 -> 192.168.40.42
rdr on igb1.14 inet proto udp from any to 147.253.151.155 port = 3664 -> 192.168.40.42
rdr on igb1.14 inet proto udp from any to 147.253.151.155 port = 3665 -> 192.168.40.42
rdr on igb1.14 inet proto udp from any to 147.253.151.155 port = 3667 -> 192.168.40.42
rdr on igb1.14 inet proto udp from any to 147.253.151.155 port = x11 -> 192.168.40.42
rdr on igb1.14 inet proto udp from any to 147.253.151.155 port = x11-ssh -> 192.168.40.42
rdr on igb1.14 inet proto udp from any to 147.253.151.155 port = afs3-fileserver -> 192.168.40.42
rdr on igb1.14 inet proto udp from any to 147.253.151.155 port = 6180 -> 192.168.40.42
rdr on openvpn inet proto udp from any to 147.253.151.155 port = 3658 -> 192.168.40.42
rdr on openvpn inet proto udp from any to 147.253.151.155 port = 3659 -> 192.168.40.42
rdr on openvpn inet proto udp from any to 147.253.151.155 port = 3660 -> 192.168.40.42
rdr on openvpn inet proto udp from any to 147.253.151.155 port = 3661 -> 192.168.40.42
rdr on openvpn inet proto udp from any to 147.253.151.155 port = 3662 -> 192.168.40.42
rdr on openvpn inet proto udp from any to 147.253.151.155 port = 3663 -> 192.168.40.42
rdr on openvpn inet proto udp from any to 147.253.151.155 port = 3664 -> 192.168.40.42
rdr on openvpn inet proto udp from any to 147.253.151.155 port = 3665 -> 192.168.40.42
rdr on openvpn inet proto udp from any to 147.253.151.155 port = 3667 -> 192.168.40.42
rdr on openvpn inet proto udp from any to 147.253.151.155 port = x11 -> 192.168.40.42
rdr on openvpn inet proto udp from any to 147.253.151.155 port = x11-ssh -> 192.168.40.42
rdr on openvpn inet proto udp from any to 147.253.151.155 port = afs3-fileserver -> 192.168.40.42
rdr on openvpn inet proto udp from any to 147.253.151.155 port = 6180 -> 192.168.40.42
rdr on igb0 inet proto tcp from any to 147.253.151.155 port = http -> 192.168.40.3
rdr on igb0 inet proto tcp from any to 147.253.151.155 port = https -> 192.168.40.3
rdr on igb0 inet proto tcp from any to 147.253.151.155 port = 13000 -> 192.168.40.3
rdr on igb0 inet proto tcp from any to 147.253.151.155 port = 13005 -> 192.168.40.3
rdr on igb0 inet proto tcp from any to 147.253.151.155 port = 13200 -> 192.168.40.3
rdr on igb0 inet proto tcp from any to 147.253.151.155 port = 14000 -> 192.168.40.3
rdr on igb0 inet proto tcp from any to 147.253.151.155 port = sua -> 192.168.40.3
rdr on igb0 inet proto tcp from any to 147.253.151.155 port = 14008 -> 192.168.40.3
rdr on igb0 inet proto tcp from any to 147.253.151.155 port = 14020 -> 192.168.40.3
rdr on igb0 inet proto tcp from any to 147.253.151.155 port = 14021 -> 192.168.40.3
rdr on igb0 inet proto tcp from any to 147.253.151.155 port = 14022 -> 192.168.40.3
rdr on igb0 inet proto tcp from any to 147.253.151.155 port = 14023 -> 192.168.40.3
rdr on igb0 inet proto tcp from any to 147.253.151.155 port = 14024 -> 192.168.40.3
rdr on igb1 inet proto tcp from any to 147.253.151.155 port = http -> 192.168.40.3
rdr on igb1 inet proto tcp from any to 147.253.151.155 port = https -> 192.168.40.3
rdr on igb1 inet proto tcp from any to 147.253.151.155 port = 13000 -> 192.168.40.3
rdr on igb1 inet proto tcp from any to 147.253.151.155 port = 13005 -> 192.168.40.3
rdr on igb1 inet proto tcp from any to 147.253.151.155 port = 13200 -> 192.168.40.3
rdr on igb1 inet proto tcp from any to 147.253.151.155 port = 14000 -> 192.168.40.3
rdr on igb1 inet proto tcp from any to 147.253.151.155 port = sua -> 192.168.40.3
rdr on igb1 inet proto tcp from any to 147.253.151.155 port = 14008 -> 192.168.40.3
rdr on igb1 inet proto tcp from any to 147.253.151.155 port = 14020 -> 192.168.40.3
rdr on igb1 inet proto tcp from any to 147.253.151.155 port = 14021 -> 192.168.40.3
rdr on igb1 inet proto tcp from any to 147.253.151.155 port = 14022 -> 192.168.40.3
rdr on igb1 inet proto tcp from any to 147.253.151.155 port = 14023 -> 192.168.40.3
rdr on igb1 inet proto tcp from any to 147.253.151.155 port = 14024 -> 192.168.40.3
rdr on igb2 inet proto tcp from any to 147.253.151.155 port = http -> 192.168.40.3
rdr on igb2 inet proto tcp from any to 147.253.151.155 port = https -> 192.168.40.3
rdr on igb2 inet proto tcp from any to 147.253.151.155 port = 13000 -> 192.168.40.3
rdr on igb2 inet proto tcp from any to 147.253.151.155 port = 13005 -> 192.168.40.3
rdr on igb2 inet proto tcp from any to 147.253.151.155 port = 13200 -> 192.168.40.3
rdr on igb2 inet proto tcp from any to 147.253.151.155 port = 14000 -> 192.168.40.3
rdr on igb2 inet proto tcp from any to 147.253.151.155 port = sua -> 192.168.40.3
rdr on igb2 inet proto tcp from any to 147.253.151.155 port = 14008 -> 192.168.40.3
rdr on igb2 inet proto tcp from any to 147.253.151.155 port = 14020 -> 192.168.40.3
rdr on igb2 inet proto tcp from any to 147.253.151.155 port = 14021 -> 192.168.40.3
rdr on igb2 inet proto tcp from any to 147.253.151.155 port = 14022 -> 192.168.40.3
rdr on igb2 inet proto tcp from any to 147.253.151.155 port = 14023 -> 192.168.40.3
rdr on igb2 inet proto tcp from any to 147.253.151.155 port = 14024 -> 192.168.40.3
rdr on igb1.14 inet proto tcp from any to 147.253.151.155 port = http -> 192.168.40.3
rdr on igb1.14 inet proto tcp from any to 147.253.151.155 port = https -> 192.168.40.3
rdr on igb1.14 inet proto tcp from any to 147.253.151.155 port = 13000 -> 192.168.40.3
rdr on igb1.14 inet proto tcp from any to 147.253.151.155 port = 13005 -> 192.168.40.3
rdr on igb1.14 inet proto tcp from any to 147.253.151.155 port = 13200 -> 192.168.40.3
rdr on igb1.14 inet proto tcp from any to 147.253.151.155 port = 14000 -> 192.168.40.3
rdr on igb1.14 inet proto tcp from any to 147.253.151.155 port = sua -> 192.168.40.3
rdr on igb1.14 inet proto tcp from any to 147.253.151.155 port = 14008 -> 192.168.40.3
rdr on igb1.14 inet proto tcp from any to 147.253.151.155 port = 14020 -> 192.168.40.3
rdr on igb1.14 inet proto tcp from any to 147.253.151.155 port = 14021 -> 192.168.40.3
rdr on igb1.14 inet proto tcp from any to 147.253.151.155 port = 14022 -> 192.168.40.3
rdr on igb1.14 inet proto tcp from any to 147.253.151.155 port = 14023 -> 192.168.40.3
rdr on igb1.14 inet proto tcp from any to 147.253.151.155 port = 14024 -> 192.168.40.3
rdr on openvpn inet proto tcp from any to 147.253.151.155 port = http -> 192.168.40.3
rdr on openvpn inet proto tcp from any to 147.253.151.155 port = https -> 192.168.40.3
rdr on openvpn inet proto tcp from any to 147.253.151.155 port = 13000 -> 192.168.40.3
rdr on openvpn inet proto tcp from any to 147.253.151.155 port = 13005 -> 192.168.40.3
rdr on openvpn inet proto tcp from any to 147.253.151.155 port = 13200 -> 192.168.40.3
rdr on openvpn inet proto tcp from any to 147.253.151.155 port = 14000 -> 192.168.40.3
rdr on openvpn inet proto tcp from any to 147.253.151.155 port = sua -> 192.168.40.3
rdr on openvpn inet proto tcp from any to 147.253.151.155 port = 14008 -> 192.168.40.3
rdr on openvpn inet proto tcp from any to 147.253.151.155 port = 14020 -> 192.168.40.3
rdr on openvpn inet proto tcp from any to 147.253.151.155 port = 14021 -> 192.168.40.3
rdr on openvpn inet proto tcp from any to 147.253.151.155 port = 14022 -> 192.168.40.3
rdr on openvpn inet proto tcp from any to 147.253.151.155 port = 14023 -> 192.168.40.3
rdr on openvpn inet proto tcp from any to 147.253.151.155 port = 14024 -> 192.168.40.3
rdr on igb0 inet proto udp from any to 147.253.151.155 port = 3075 -> 192.168.40.3
rdr on igb1 inet proto udp from any to 147.253.151.155 port = 3075 -> 192.168.40.3
rdr on igb2 inet proto udp from any to 147.253.151.155 port = 3075 -> 192.168.40.3
rdr on igb1.14 inet proto udp from any to 147.253.151.155 port = 3075 -> 192.168.40.3
rdr on openvpn inet proto udp from any to 147.253.151.155 port = 3075 -> 192.168.40.3
rdr on igb0 inet proto tcp from any to 147.253.151.155 port = 9999 -> 192.168.40.87
rdr on igb1 inet proto tcp from any to 147.253.151.155 port = 9999 -> 192.168.40.87
rdr on igb2 inet proto tcp from any to 147.253.151.155 port = 9999 -> 192.168.40.87
rdr on igb1.14 inet proto tcp from any to 147.253.151.155 port = 9999 -> 192.168.40.87
rdr on openvpn inet proto tcp from any to 147.253.151.155 port = 9999 -> 192.168.40.87
rdr on igb0 inet proto tcp from any to 147.253.151.155 port = 9998 -> 192.168.40.87
rdr on igb1 inet proto tcp from any to 147.253.151.155 port = 9998 -> 192.168.40.87
rdr on igb2 inet proto tcp from any to 147.253.151.155 port = 9998 -> 192.168.40.87
rdr on igb1.14 inet proto tcp from any to 147.253.151.155 port = 9998 -> 192.168.40.87
rdr on openvpn inet proto tcp from any to 147.253.151.155 port = 9998 -> 192.168.40.87
rdr on igb0 inet proto udp from any to 147.253.151.155 port = 40010 -> 192.168.45.1
rdr on igb1 inet proto udp from any to 147.253.151.155 port = 40010 -> 192.168.45.1
rdr on igb2 inet proto udp from any to 147.253.151.155 port = 40010 -> 192.168.45.1
rdr on igb1.14 inet proto udp from any to 147.253.151.155 port = 40010 -> 192.168.45.1
rdr on openvpn inet proto udp from any to 147.253.151.155 port = 40010 -> 192.168.45.1
rdr on igb0 inet proto tcp from any to 147.253.151.155 port = 40000 -> 192.168.44.1
rdr on igb1 inet proto tcp from any to 147.253.151.155 port = 40000 -> 192.168.44.1
rdr on igb2 inet proto tcp from any to 147.253.151.155 port = 40000 -> 192.168.44.1
rdr on igb1.14 inet proto tcp from any to 147.253.151.155 port = 40000 -> 192.168.44.1
rdr on openvpn inet proto tcp from any to 147.253.151.155 port = 40000 -> 192.168.44.1
rdr pass on igb1 inet proto tcp from any to 172.16.1.1 port = http -> 127.0.0.1 port 8081
rdr pass on igb2 inet proto tcp from any to 172.16.1.1 port = http -> 127.0.0.1 port 8081
rdr pass on igb1.14 inet proto tcp from any to 172.16.1.1 port = http -> 127.0.0.1 port 8081
rdr pass on openvpn inet proto tcp from any to 172.16.1.1 port = http -> 127.0.0.1 port 8081
rdr pass on igb1 inet proto tcp from any to 172.16.1.1 port = https -> 127.0.0.1 port 8443
rdr pass on igb2 inet proto tcp from any to 172.16.1.1 port = https -> 127.0.0.1 port 8443
rdr pass on igb1.14 inet proto tcp from any to 172.16.1.1 port = https -> 127.0.0.1 port 8443
rdr pass on openvpn inet proto tcp from any to 172.16.1.1 port = https -> 127.0.0.1 port 8443
rdr-anchor "miniupnpd" all
    0
    P
     1 Reply
  • P

    @manjotsc
    There are a few candidates in there that are forwarding https traffic from your public ip..:

    rdr on igb0 inet proto tcp from any to 147.253.151.155 port = https -> <PlayStation> round-robin
rdr on igb0 proto tcp from any to any port = https -> <PlayStation> round-robin
rdr on igb0 inet proto tcp from any to 147.253.151.155 port = https -> 192.168.40.3
    1 1 Reply

  • @PiBa Thanks, Port Situation is fixed now, but I am getting this error now, for my pfsense

    Annotation 2020-03-18 083133.jpg

    Annotation 2020-03-18 083250.jpg

    # Automaticaly generated, dont edit manually.
# Generated on: 2020-03-18 08:29
global
	maxconn			1000
	stats socket /tmp/haproxy.socket level admin 
	uid			80
	gid			80
	nbproc			1
	hard-stop-after		15m
	chroot				/tmp/haproxy_chroot
	daemon
	tune.ssl.default-dh-param	2048
	server-state-file /tmp/haproxy_server_state

listen HAProxyLocalStats
	bind 127.0.0.1:2200 name localstats
	mode http
	stats enable
	stats admin if TRUE
	stats show-legends
	stats uri /haproxy/haproxy_stats.php?haproxystats=1
	timeout client 5000
	timeout connect 5000
	timeout server 5000

frontend FrontEndProxy
	bind			147.253.151.155:443 name 147.253.151.155:443   ssl crt-list /var/etc/haproxy/FrontEndProxy.crt_list  
	mode			http
	log			global
	option			http-keep-alive
	timeout client		30000
	acl			auth	var(txn.txnhost) -m str -i auth.manjot.net
	acl			speed	var(txn.txnhost) -m str -i speed.manjot.net
	acl			pfsense	var(txn.txnhost) -m str -i pfsense.manjot.net
	acl			aclcrt_FrontEndProxy	var(txn.txnhost) -m reg -i ^([^\.]*)\.manjot\.net(:([0-9]){1,5})?$
	acl			aclcrt_FrontEndProxy	var(txn.txnhost) -m reg -i ^manjot\.net(:([0-9]){1,5})?$
	acl			aclcrt_FrontEndProxy	var(txn.txnhost) -m reg -i ^auth\.manjot\.net(:([0-9]){1,5})?$
	acl			aclcrt_FrontEndProxy	var(txn.txnhost) -m reg -i ^www\.auth\.manjot\.net(:([0-9]){1,5})?$
	acl			aclcrt_FrontEndProxy	var(txn.txnhost) -m reg -i ^speed\.manjot\.net(:([0-9]){1,5})?$
	acl			aclcrt_FrontEndProxy	var(txn.txnhost) -m reg -i ^ntopng\.manjot\.net(:([0-9]){1,5})?$
	acl			aclcrt_FrontEndProxy	var(txn.txnhost) -m reg -i ^pfsense\.manjot\.net(:([0-9]){1,5})?$
	http-request set-var(txn.txnhost) hdr(host)
	use_backend Auth_ipvANY  if  auth aclcrt_FrontEndProxy
	use_backend Speed_ipvANY  if  speed aclcrt_FrontEndProxy
	use_backend PfSense_ipvANY  if  pfsense aclcrt_FrontEndProxy

backend Auth_ipvANY
	mode			http
	id			102
	log			global
	timeout connect		30000
	timeout server		30000
	retries			3
	option			httpchk OPTIONS / 
	server			auth 192.168.40.73:443 id 103 ssl check inter 1000  verify none crt /var/etc/haproxy/server_clientcert_5d2d8e0f67246.pem 

backend Speed_ipvANY
	mode			http
	id			106
	log			global
	timeout connect		30000
	timeout server		30000
	retries			3
	option			httpchk OPTIONS / 
	server			speed 192.168.40.74:443 id 103 ssl check inter 1000  verify none crt /var/etc/haproxy/server_clientcert_5daf9c80e7570.pem 

backend PfSense_ipvANY
	mode			http
	id			104
	log			global
	timeout connect		30000
	timeout server		30000
	retries			3
	option			httpchk OPTIONS / 
	server			pfsense 192.168.40.1:4077 id 105 ssl check inter 1000  verify none crt /var/etc/haproxy/server_clientcert_5daf809d44c6d.pem
    0
    P
     1 Reply
  • P

    @manjotsc
    83ffb267-65ba-4330-9c42-b6c2f756a32e-image.png
    The 'not allowed' message usually tels that a wrong method was used in the request. In this case change the OPTIONS to HEAD. And it should become 'green'.

    1 1 Reply

  • @PiBa Thank you very much, for all the support you provided.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy