OPNsense Forum

Archive => 18.7 Legacy Series => Topic started by: simonszu on November 29, 2018, 11:37:24 am

Title: Help with HAproxy TCP connections
Post by: simonszu on November 29, 2018, 11:37:24 am
I am trying to set up a HAproxy connection. While i was successful with a frontend-backend-combination for HTTP and HTTPS, i am currently struggling with a plain TCP connection, so that can use SSH over HAproxy (for git clone operations).
I have set up both frontend and backend to TCP and combined it with a role which checks for the appropriate host name. The frontend is configured to the right port. However, although a simple telnet to the public port is successful , a SSH connection fails. This also happens for a MySQL connection i also want to set up as a HAproxy TCP connection.

I am no HAproxy expert, so maybe it's just a little option i have overseen. Here's a link to the generated configuration: https://pastebin.com/8QAQQ2pA

I think it has something to do with the hostname-matching ACL, but i do not know for sure. Maybe someone else has an idea?
Title: Re: Help with HAproxy TCP connections
Post by: guest18661 on December 02, 2018, 07:23:55 pm
I don't think you need an ACL if there is only one backend and the port isn't overloaded. Just proxy any connection on 222 to your backend server. Should be able to leave off the ACL entirely as far as I know.
Title: Re: Help with HAproxy TCP connections
Post by: simonszu on December 12, 2018, 12:44:57 pm
I solved it without ACLs and a default backend. Now it works. Thanks for giving the hint that i don't need ACL at all :)