Stumped: cant get standard haproxy to work in VM pfsense, works ok in HW

  • We have several  pfsense 1.2.3 boxes with haproxy 0.29 working in production since a year with no issues.  Each is a pair in failover type mode.

    Now we are trying to setup a staging environtment which replicates the production, using vSphere 5.

    We downloaded the vmware appliance, which happens to be the same 1.2.3 version of pfsense (althought the included haproxy is slightly newer at 0.32).

    We reproduced the production setup in the staging one, except we only have one in staging, so no failover/carp pair.

    But haproxy just doesnt work for some reason.

    Here is what we have:

    1. Virtual IPs (set as carp, but no carp settings added, and sync not enabled).
      Virtual IP address Type Description (vhid 3) [CARP]

    2. FW rule to let it in.
      Proto   Source  Port   Destination   Port            Gateway Schedule
      TCP  *         *       *                 80 (HTTP)   *

    3. NAT

    4. HAProxy listener (aka frontend)
      Name             Description                                      Address             Type Server pool
      http-skl-pub Public Load Balancer HTTP  http http-lb-1_80

    5. server pool (aka servers)
      Name Status Listener
      http-lb-1_80 active http-skl-pub

    In the server pool are the following servers:

    Name Address Port Weight Backup
    proxy1 8080 100
    proxy2 8080 100

    I can wget from any server on the LAN ok.
    I see the head health checks coming in on every second, so that seems ok.

    I tried enabling proxystats, but they dont work at all, i.e. just times out.
    wget and ping time out.

    From the WAN, I can even wget to the boxes, only the VIP does nothing - like it doesnt exist or is being blocked.  There dont seem to be any logging in pfsense for this kind of thing (at least nothing in the web gui log pages under "syste logs"), and we dont have any syslog servers.

    Any ideas?

  • Can you check if haproxy is running?

  • Not sure how to check if haproxy is running, but I can see it hitting the apache every second with its heartbead "head" requiest.

Log in to reply