1
22.7 Legacy Series / How to route HAproxy traffic via WAN2?
« on: August 31, 2022, 09:15:56 pm »
Hi folks,
I have the following setup:
An OPNsense 22.7 box with 2 different ISP connections: A copper line with 2/2 Mbps and a 4G connection with somewhat around 30/15 Mbps. Both have real IPv4 addresses, which I'm able to reach from outside (yes, also the 4G).
I have a HAproxy running, setup like in this tutorial https://forum.opnsense.org/index.php?topic=23339.0.
Until now I just had the copper line and all services were working fine. Right now I want to use the 4G connection primary for some webservices.
I configured MultiWAN and a gateway group and outgoing traffic from my machines are routed perfectly fine.
I also setup DynDNS (desec.io) with both ISP lines (got two different hostnames for that), also good.
I'm able to reach my webservice, running behing the HAproxy via both ISPs, so the incoming connections well as firewall rules seem to be fine.
But, the outgoing traffic from the HAproxy goes always via the copper line, which is the default gateway.
For the sake of having wireguard running trough the copperline, I'd like to leave the default GW as it is.
The question is now: how can I configure the outgoing traffic from HAproxy to route via WAN2 (the 4G connection)?
I taught the reply packets from OPNsense are always going to the interface where the request came in, but apparently with HAproxy that is not the case?
Thanks for any hints!
I have the following setup:
An OPNsense 22.7 box with 2 different ISP connections: A copper line with 2/2 Mbps and a 4G connection with somewhat around 30/15 Mbps. Both have real IPv4 addresses, which I'm able to reach from outside (yes, also the 4G).
I have a HAproxy running, setup like in this tutorial https://forum.opnsense.org/index.php?topic=23339.0.
Until now I just had the copper line and all services were working fine. Right now I want to use the 4G connection primary for some webservices.
I configured MultiWAN and a gateway group and outgoing traffic from my machines are routed perfectly fine.
I also setup DynDNS (desec.io) with both ISP lines (got two different hostnames for that), also good.
I'm able to reach my webservice, running behing the HAproxy via both ISPs, so the incoming connections well as firewall rules seem to be fine.
But, the outgoing traffic from the HAproxy goes always via the copper line, which is the default gateway.
For the sake of having wireguard running trough the copperline, I'd like to leave the default GW as it is.
The question is now: how can I configure the outgoing traffic from HAproxy to route via WAN2 (the 4G connection)?
I taught the reply packets from OPNsense are always going to the interface where the request came in, but apparently with HAproxy that is not the case?
Thanks for any hints!