vlan rule problem with haproxy



  • Hello,

    I have a pfsense with 2 network interfaces (WAN, LAN).
    On the LAN, I have configured several VLANs.
    I also installed HaProxy on the pfsense.

    In one of my VLANs, I created a VM and installed grafana which listens on port 3000.
    At the level of HAPROXY, everything works and when I enter my domain name, I arrive on the Grafana interface.

    Now I am trying to apply a rule to limit access to a few IPs, but none of the rules I create are working. I still have access to the interface.

    The only thing that could have blocked it was a floatting rule. But I am unable to authorize IP.

    Does the fact that HaProxy is on the Pfsense cause a problem?


  • LAYER 8 Global Moderator

    So your access this from other vlan or your lan, not the wan? Why are you using haproxy for internal access?

    Why not just resolve whatever fqdn to your local IP?

    Your going to have to give a some details if you want to block what your actually accessing and from where? What IP? Where is the client?



  • Hello,

    here is a diagram of what I want to do

    alt text

    I take some capture of my rules and I post this to you



  • Here are the rules on the WAN interface:
    alt text

    That of the OPT40 interface (VLAN40):
    alt text

    And HaProxy frontends:
    alt text


  • LAYER 8 Global Moderator

    Well where is your acl in your frontend limiting access to your source IP?

    Not suer what that rule on vlan40 is expected to do? They are not access that IP are they? There is no hits on that rule, they would be accessing your haproxy wan IP..



  • Hello,

    Sorry to answer that now.
    With ACLs, cala works. I don't know HaProxy well yet (I was doing this with Nginx), I thought we had to do this with PfSense rules.

    Thank you so much.


Log in to reply