Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    HAProxy with several public IP's

    HA/CARP/VIPs
    3
    7
    501
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      Peque last edited by

      Hi Forum
      I've have been struggling a bit with a HAproxy - which I got up and running as expected at work.
      This setup does only have one public IP

      Now I would like to use the same option at home where I have a /29 Public IP range
      But I would only like the HAProxy to answer for one of those public IP - since there mailservers etc which need their own internal certificate

      My Public IP's goes from X.X.X.98 -X.X.X.102 - and I only want the HAproxy to answer for the IP at X.X.X.102 - but I'm in doubt on how I only set this IP to answer for my HAProxy.

      How to configure the rule here - that points at the firewall itself - only for this one public IP

      kiokoman 1 Reply Last reply Reply Quote 0
      • kiokoman
        kiokoman LAYER 8 @Peque last edited by

        @peque
        when you create a frontend you have
        listen address, here you select only the x.102
        Immagine.jpg

        ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
        Please do not use chat/PM to ask for help
        we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
        Don't forget to Upvote with the 👍 button for any post you find to be helpful.

        P 1 Reply Last reply Reply Quote 1
        • P
          Peque @kiokoman last edited by

          @kiokoman
          Doooh offcourse :-( My mistake i was struggling on howto in the firewall rules, since I'm using all of them - for different services.

          So my guess was more on creating the set of rules that sets the incomming traffic - on since others services allso uses port 80/443 for accessing webmail etc.

          P 1 Reply Last reply Reply Quote 0
          • P
            Peque @Peque last edited by Peque

            @kiokoman
            THanks for the answer - allthough I'm not getting the External proxy running
            As described I have 5public Ip's on my PFsense

            And I want the proxy only handling for one of the public Interfaces.
            So I did some test - but I cannot make it work on the public IP ( I actually created an internal proxy allso - which are running perfect - but only internal)

            Since I'm allso using https on some other public IP - (Mailservers etc) then I do not get on how to make the firewall rules for making this work
            In the setup with portforwards - its all working as intended - but no proxy enabled
            I'm in doubt regarding this firewall rule on my WAN interface:
            ![WAN RULE]ec5c9179-845a-4240-8e53-901b14b3c740-image.png
            The NAT ports are disabled at this point

            Its added as going to the firewall itself - and in frontend are the publicIP address set for HAproxy
            !The HAProxy Frontend b8963666-83d1-4255-a172-6568bcee79fc-image.png

            But I cannot see any trafic - and the proxy fails from external access - but internal are working as intended, so I must do something wrong somewhere, since its not working from public area
            Can someone see if and where my mistake is ) I mean both public and internal are configured the same way. I've tried going through the setup many times - but without any luck - so any idaes etc are mostly welcome

            kiokoman 1 Reply Last reply Reply Quote 0
            • kiokoman
              kiokoman LAYER 8 @Peque last edited by

              @peque
              I don't see anything strange from here but it works for me
              maybe you have some rules or nat rules that interfere
              ignore the bad request, that site accept only https but i was too lazy to configure it for this test

              Immagine.jpg

              ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
              Please do not use chat/PM to ask for help
              we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
              Don't forget to Upvote with the 👍 button for any post you find to be helpful.

              noplan 1 Reply Last reply Reply Quote 0
              • noplan
                noplan @kiokoman last edited by

                is default port of pfs box changed from 443 to something else ?
                brNP

                P 1 Reply Last reply Reply Quote 0
                • P
                  Peque @noplan last edited by

                  @noplan
                  yes its set for another port.
                  My thoughts regarding this issue

                  I have other https Server running on the other public IP's - so could it be something in this ( Allthough the DNS just point to a IP ) but it'll look like some of those settings are conflicting or something.
                  The internal Proxy are running great and like the view of the green certificate

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post