Weird HA issue
-
Weird HA Proxy issue
Greetings,
To start i am new to HA proxy but I don have a working set up. I am facing an issue where I don't know if its a specific pfsense issue.
Lets start with whats working
I have 2 interfaces: LAN and DMZ. My servers sitting on the DMZ (192.168.15.0/24) with the DMZ address on the firewall of 192.168.15.1. My HA proxy is configured so that 192.168.15.1.:443 is listening and making the connections to the backend. I want all my servers sitting in the DMZ to only see DMZ connections. This works without issue.
Whats not working. I have a remote LAN (10.147.20.0/24) which houses servers. I once again have HA proxy set up where 192.168.15.1 should be reaching out to my 10.147.20.83 server backend to bring up my monitoring system. I cannot understand why this isn't working. At first, I thought this was a routing problem but I am able to successfully ping/ssh to the 10.147.20.83 server from any of my DMZ servers. So that rules out firewall rules and routing. Next, I ssh to my pfsense and try to ping my remote server. That fails. Weird. Then I tried to SSH from my pfsense to the remote server. That fails. Then I tried to traceroute to the remote server and that fails. My conclusion is that traffic generated from the PFsense itself is not working or routing.
So far I'm thinking that HA proxy won't work unless there are directly connected LAN segments on the firewall to send traffic to. Any ideas?
Yes - DNS is set up to point to my PFsense 192.168.15.1
Yes - Firewall rules currently have a permit any/any
From server sitting in DMZ
traceroute to 10.147.20.83 (10.147.20.83), 30 hops max, 60 byte packets
1 pfsense.fw1 (192.168.15.1) 3.186 ms 3.137 ms 3.115 ms
2 * * *
3 10.147.20.83 (10.147.20.83) 57.767 ms 57.748 ms 61.555 ms
From pfsense
traceroute 10.147.20.83
traceroute to 10.147.20.83 (10.147.20.83), 64 hops max, 40 byte packets
1 * *
*
2 * * *
/root: netstat -rn
Routing tables
Internet:
Destination Gateway Flags Netif Expire
10.10.10.1link#8 UH lo0
10.147.20.0/24172.28.0.1UGS tun_wg0