Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Problem with HAProxy transparent mode

    Firewalling
    2
    4
    474
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      Luck Besozzi
      last edited by

      Hi,

      I need to activate Transpartent Mode on HAProxy because I need to see the public IP of customers browsing my websites.
      However, by activating it all the other sites that are not on the public IP managed by the haproxy stop working.

      How can I solve?

      Thanks

      1 Reply Last reply Reply Quote 0
      • L
        Luck Besozzi
        last edited by

        Hi,

        anyone can help me?

        V 1 Reply Last reply Reply Quote 0
        • V
          viragomann @Luck Besozzi
          last edited by viragomann

          @luck-besozzi
          This by design.
          Read the warning hint at Transparent ClientIP:

          WARNING Activating this option will load rules in IPFW and might interfere with CaptivePortal and possibly other services due to the way server return traffic must be 'captured' with a automatically created fwd rule. This also breaks directly accessing the (web)server on the ports configured above. Also a automatic sloppy pf rule is made to allow HAProxy to server traffic.
          Workaround exists only by configuring a second port or IP on the destination server for direct access of the website.
          Having this option enabled also means that a client on the same subnet as the server wont be able to connect.

          L 1 Reply Last reply Reply Quote 1
          • L
            Luck Besozzi @viragomann
            last edited by

            @viragomann
            So we set up another Front / Backend for sites that were not previously managed by haproxy.
            Everything works fine except the websocket connection.
            The strange thing is that the websocket connection no longer works even on the other local virtual machines on the LAN (which are not web servers).

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.