Messages

1

19.7 Legacy Series / Re: Setting up HAProxy for basic port forward

« on: March 23, 2019, 07:51:27 am »

Thanks deZillium for the reply.

It's funny you said the term became obsolete about 13 years ago.  That's about when I was in school changing my career path.  Most of what I learned was in the IT dept of my high school working summers (96-98) and just being a general hobbyist since I was 8 (having a father who was a system engineer helped.)  This level of network config is new to me, but I was familiar with the general concepts, not the implementation.

1. The listen address 172.18.2.2 is a virtual IP I created tied to the WAN address (listed in the config I posted.)  From my research since I'm behind a dynamic IP, I couldn't assign the WAN IP address as the listen port as it could change without notice.  Breaking the proxy.

2. It was my understanding I needed to use HAProxy when using an external domain.  My ultimate goal was to be able to enter, as an example, homenet.me:8080 from outside the LAN to be able to make adjustments to the controller while at work.

Thanks again for your input.  I value your expertise and willingness to help.

2

19.7 Legacy Series / Setting up HAProxy for basic port forward

« on: March 21, 2019, 09:43:10 am »

Hello all,

I'm a long time (somewhat) advanced computer/network hobbyist.  Until recently, I've always used off the shelf router/firewall/WAP all in ones (most recently Asus.)  With the desire to escalate my hobby to the next level (and the fact I'm no longer trusting the all-in-ones) I'm upgrading my network.  The first stage is the OPNSense router.  This, I have installed on an appliance running a Core i7-7500U.  (I've repurposed the Asus as my WAP with the ultimate goal of changing over to Unifi and having 3 vlans.)

With the old Asus, it was easy to setup both DDNS and port forward.  Since this is a homelab type setup, I have some IoT devices that I want to remote access.  (This time of year, my sprinkler controller.)  I've been using my server as a test bed for configuration (Webmin, port 10000, not going to leave it open when I figure out how to make this work) and using my cell phone on 4g for the WAN access test.  Also using class b network, 172.18.x.x/21  Server is 172.18.2.1, static.

When I try to access it from my phone, I jet get a timeout on the connection.  What am I missing?  I've read who knows what and searched to the ends of the web, and I'm lost.

I also bought a domain on namecheap (ex. homenet.me) and have DDNS setup and working.  Following are the settings:

Namecheap:
A + Dynamic -            Host: *    Value: 67.182.x.x                                        TTL: Automatic
Cname Record -          Host: *    Value: homenet.me                                     TTL: Automatic
URL Redirect Record - Host: @    Value: http://www.homenet.me/ Unmasked

I've opened port 10000 in the firewall using the following and verified open using Gibson Research Shields Up
Interface: WAN
TCP/IP Version: IPv4
Protocol: TCP/UDP
Source: Any
Source port range: Any
Destination: WAN
Destination port range:10000-10000
Redirect target IP: server (using an alias I have working within the lan)
Redirect target port: 10000

Also created a Virtual IP as this is on a dynamic ip WAN:
Mode: IP Alias
Interface: Wan
Address: 172.18.2.2
Everything else is default config.

In HAProxy:  (Unless specified, the other settings are default values.)
Real server:
Name: ServerWebmin
Description: Webmin
FQDN or IP: 172.18.2.1
Port: 10000
Mode: Active

Backend Pools:
Name: ServerWebmin_Backend
Mode: HTTP
Servers: ServerWebmin

Conditions:
Name: ServerWebmin_Condition
Condition Type: Path Starts With
Path Prefix: /*

Rules:
Name: ServerWebmin_Rule
Select Condition: ServerWebmin_Condition

Public Service:
Name: ServerWebmin_Public
Listen Address: 172.18.2.2:10000
Default Backend Pool: ServerWebmin_Backend
Select Rules: ServerWebmin_Rule

Thanks in advance.