HAProxy with several public IP's


  • Hi Forum
    I've have been struggling a bit with a HAproxy - which I got up and running as expected at work.
    This setup does only have one public IP

    Now I would like to use the same option at home where I have a /29 Public IP range
    But I would only like the HAProxy to answer for one of those public IP - since there mailservers etc which need their own internal certificate

    My Public IP's goes from X.X.X.98 -X.X.X.102 - and I only want the HAproxy to answer for the IP at X.X.X.102 - but I'm in doubt on how I only set this IP to answer for my HAProxy.

    How to configure the rule here - that points at the firewall itself - only for this one public IP

  • LAYER 8

    @peque
    when you create a frontend you have
    listen address, here you select only the x.102
    Immagine.jpg


  • @kiokoman
    Doooh offcourse :-( My mistake i was struggling on howto in the firewall rules, since I'm using all of them - for different services.

    So my guess was more on creating the set of rules that sets the incomming traffic - on since others services allso uses port 80/443 for accessing webmail etc.


  • @kiokoman
    THanks for the answer - allthough I'm not getting the External proxy running
    As described I have 5public Ip's on my PFsense

    And I want the proxy only handling for one of the public Interfaces.
    So I did some test - but I cannot make it work on the public IP ( I actually created an internal proxy allso - which are running perfect - but only internal)

    Since I'm allso using https on some other public IP - (Mailservers etc) then I do not get on how to make the firewall rules for making this work
    In the setup with portforwards - its all working as intended - but no proxy enabled
    I'm in doubt regarding this firewall rule on my WAN interface:
    ![WAN RULE]ec5c9179-845a-4240-8e53-901b14b3c740-image.png
    The NAT ports are disabled at this point

    Its added as going to the firewall itself - and in frontend are the publicIP address set for HAproxy
    !The HAProxy Frontend b8963666-83d1-4255-a172-6568bcee79fc-image.png

    But I cannot see any trafic - and the proxy fails from external access - but internal are working as intended, so I must do something wrong somewhere, since its not working from public area
    Can someone see if and where my mistake is ) I mean both public and internal are configured the same way. I've tried going through the setup many times - but without any luck - so any idaes etc are mostly welcome

  • LAYER 8

    @peque
    I don't see anything strange from here but it works for me
    maybe you have some rules or nat rules that interfere
    ignore the bad request, that site accept only https but i was too lazy to configure it for this test

    Immagine.jpg


  • is default port of pfs box changed from 443 to something else ?
    brNP


  • @noplan
    yes its set for another port.
    My thoughts regarding this issue

    I have other https Server running on the other public IP's - so could it be something in this ( Allthough the DNS just point to a IP ) but it'll look like some of those settings are conflicting or something.
    The internal Proxy are running great and like the view of the green certificate