Stumped: cant get standard haproxy to work in VM pfsense, works ok in HW



  • We have several  pfsense 1.2.3 boxes with haproxy 0.29 working in production since a year with no issues.  Each is a pair in failover type mode.

    Now we are trying to setup a staging environtment which replicates the production, using vSphere 5.

    We downloaded the vmware appliance, which happens to be the same 1.2.3 version of pfsense (althought the included haproxy is slightly newer at 0.32).

    We reproduced the production setup in the staging one, except we only have one in staging, so no failover/carp pair.

    But haproxy just doesnt work for some reason.

    Here is what we have:

    1. Virtual IPs (set as carp, but no carp settings added, and sync not enabled).
      Virtual IP address Type Description
      10.10.10.150/24 (vhid 3) [CARP] oursite.com

    2. FW rule to let it in.
      WAN
      Proto   Source  Port   Destination   Port            Gateway Schedule
      TCP  *         *       *                 80 (HTTP)   *

    3. NAT
      Nothing

    4. HAProxy listener (aka frontend)
      Name             Description                                      Address             Type Server pool
      http-skl-pub   skl.com Public Load Balancer HTTP       10.10.10.150:80  http http-lb-1_80

    5. server pool (aka servers)
      Name Status Listener
      http-lb-1_80 active http-skl-pub

    In the server pool are the following servers:

    Name Address Port Weight Backup
    proxy1 10.10.32.46 8080 100
    proxy2 10.10.32.50 8080 100

    I can wget 10.10.32.46:8080 from any server on the LAN ok.
    I see the head health checks coming in on 10.10.32.46 every second, so that seems ok.

    I tried enabling proxystats, but they dont work at all, i.e.
    10.10.10.150/proxystats just times out.
    wget and ping 10.10.10.150 time out.

    From the WAN, I can even wget to the 10.10.32.46 boxes, only the VIP does nothing - like it doesnt exist or is being blocked.  There dont seem to be any logging in pfsense for this kind of thing (at least nothing in the web gui log pages under "syste logs"), and we dont have any syslog servers.

    Any ideas?



  • Can you check if haproxy is running?



  • Not sure how to check if haproxy is running, but I can see it hitting the apache every second with its heartbead "head" requiest.


Log in to reply