HAProxy with several public IP's

Peque

Hi Forum
I've have been struggling a bit with a HAproxy - which I got up and running as expected at work.
This setup does only have one public IP

Now I would like to use the same option at home where I have a /29 Public IP range
But I would only like the HAProxy to answer for one of those public IP - since there mailservers etc which need their own internal certificate

My Public IP's goes from X.X.X.98 -X.X.X.102 - and I only want the HAproxy to answer for the IP at X.X.X.102 - but I'm in doubt on how I only set this IP to answer for my HAProxy.

How to configure the rule here - that points at the firewall itself - only for this one public IP

kiokoman

@peque
when you create a frontend you have
listen address, here you select only the x.102

Peque

@kiokoman
Doooh offcourse :-( My mistake i was struggling on howto in the firewall rules, since I'm using all of them - for different services.

So my guess was more on creating the set of rules that sets the incomming traffic - on since others services allso uses port 80/443 for accessing webmail etc.

Peque

@kiokoman
THanks for the answer - allthough I'm not getting the External proxy running
As described I have 5public Ip's on my PFsense

And I want the proxy only handling for one of the public Interfaces.
So I did some test - but I cannot make it work on the public IP ( I actually created an internal proxy allso - which are running perfect - but only internal)

Since I'm allso using https on some other public IP - (Mailservers etc) then I do not get on how to make the firewall rules for making this work
In the setup with portforwards - its all working as intended - but no proxy enabled
I'm in doubt regarding this firewall rule on my WAN interface:
![WAN RULE]
The NAT ports are disabled at this point

Its added as going to the firewall itself - and in frontend are the publicIP address set for HAproxy
!The HAProxy Frontend

But I cannot see any trafic - and the proxy fails from external access - but internal are working as intended, so I must do something wrong somewhere, since its not working from public area
Can someone see if and where my mistake is ) I mean both public and internal are configured the same way. I've tried going through the setup many times - but without any luck - so any idaes etc are mostly welcome

kiokoman

@peque
I don't see anything strange from here but it works for me
maybe you have some rules or nat rules that interfere
ignore the bad request, that site accept only https but i was too lazy to configure it for this test

noplan

is default port of pfs box changed from 443 to something else ?
brNP

Peque

@noplan
yes its set for another port.
My thoughts regarding this issue

I have other https Server running on the other public IP's - so could it be something in this ( Allthough the DNS just point to a IP ) but it'll look like some of those settings are conflicting or something.
The internal Proxy are running great and like the view of the green certificate