HAProxy with several public IP's
-
Hi Forum
I've have been struggling a bit with a HAproxy - which I got up and running as expected at work.
This setup does only have one public IPNow I would like to use the same option at home where I have a /29 Public IP range
But I would only like the HAProxy to answer for one of those public IP - since there mailservers etc which need their own internal certificateMy Public IP's goes from X.X.X.98 -X.X.X.102 - and I only want the HAproxy to answer for the IP at X.X.X.102 - but I'm in doubt on how I only set this IP to answer for my HAProxy.
How to configure the rule here - that points at the firewall itself - only for this one public IP
-
@peque
when you create a frontend you have
listen address, here you select only the x.102
-
@kiokoman
Doooh offcourse :-( My mistake i was struggling on howto in the firewall rules, since I'm using all of them - for different services.So my guess was more on creating the set of rules that sets the incomming traffic - on since others services allso uses port 80/443 for accessing webmail etc.
-
@kiokoman
THanks for the answer - allthough I'm not getting the External proxy running
As described I have 5public Ip's on my PFsenseAnd I want the proxy only handling for one of the public Interfaces.
So I did some test - but I cannot make it work on the public IP ( I actually created an internal proxy allso - which are running perfect - but only internal)Since I'm allso using https on some other public IP - (Mailservers etc) then I do not get on how to make the firewall rules for making this work
In the setup with portforwards - its all working as intended - but no proxy enabled
I'm in doubt regarding this firewall rule on my WAN interface:
![WAN RULE]
The NAT ports are disabled at this pointIts added as going to the firewall itself - and in frontend are the publicIP address set for HAproxy
!The HAProxy Frontend
But I cannot see any trafic - and the proxy fails from external access - but internal are working as intended, so I must do something wrong somewhere, since its not working from public area
Can someone see if and where my mistake is ) I mean both public and internal are configured the same way. I've tried going through the setup many times - but without any luck - so any idaes etc are mostly welcome -
@peque
I don't see anything strange from here but it works for me
maybe you have some rules or nat rules that interfere
ignore the bad request, that site accept only https but i was too lazy to configure it for this test
-
is default port of pfs box changed from 443 to something else ?
brNP -
@noplan
yes its set for another port.
My thoughts regarding this issueI have other https Server running on the other public IP's - so could it be something in this ( Allthough the DNS just point to a IP ) but it'll look like some of those settings are conflicting or something.
The internal Proxy are running great and like the view of the green certificate
