Haproxy-devel external address option (pfsense 2.2)
-
Hello,
I'm running haproxy-devel (1.5.9 pkg v 0.15) under pfsense 2.2 as a http (80) frontend for 2 http backend servers.
I try to understand the difference between the following options:
- listening to the WAN interface and adding a firewall rule to TCP/80 / Wan Interface
- listening to the ANY interfaces and adding a firewall rule to TCP/80 / Wan interface
- listening to the localhost interface and adding a NAT rule plus a firewall rule to 127.0.0.1 - TCP/80
I think the first option is better (no NAT rule to add). But is there any recommendation on this?
Thanks.
Nicolas -
First option is best. It's the most specific, doesn't bind where it doesn't need to, and doesn't involve NAT.
-
Hi, thank you for your answer.
Nicolas
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.