Haproxy-devel external address option (pfsense 2.2)
I'm running haproxy-devel (1.5.9 pkg v 0.15) under pfsense 2.2 as a http (80) frontend for 2 http backend servers.
I try to understand the difference between the following options:
- listening to the WAN interface and adding a firewall rule to TCP/80 / Wan Interface
- listening to the ANY interfaces and adding a firewall rule to TCP/80 / Wan interface
- listening to the localhost interface and adding a NAT rule plus a firewall rule to 127.0.0.1 - TCP/80
I think the first option is better (no NAT rule to add). But is there any recommendation on this?
First option is best. It's the most specific, doesn't bind where it doesn't need to, and doesn't involve NAT.
Hi, thank you for your answer.