Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
NAT - change rule if internal server is down
« previous
next »
Print
Pages: [
1
]
Author
Topic: NAT - change rule if internal server is down (Read 1428 times)
PelleH
Newbie
Posts: 2
Karma: 0
NAT - change rule if internal server is down
«
on:
February 03, 2020, 11:27:26 pm »
Hi,
is there any function to have opnSense to change NAT rule if internal server is down?
For example if a NAT rule port 80 points to internal server 192.168.1.10 and that server are down I want the traffic to go to 192.168.1.11.
I want this function in the firewall to avoid an extra server to solve this.
/Pelle
«
Last Edit: February 03, 2020, 11:29:58 pm by PelleH
»
Logged
hbc
Hero Member
Posts: 501
Karma: 47
Re: NAT - change rule if internal server is down
«
Reply #1 on:
February 04, 2020, 10:25:51 am »
Use haproxy or nginx and reverse proxying for this. Then you do not need NAT, but terminate your HTTP-session on the firewall which will forward your request to the living system.
In haproxy it's pretty easy. Create a pool with 192.168.1.10 and 192.168.1.11, define one as active, the other as backup. Point your DNS record to your firewall and configure haproxy to listen on it.
Now it forwards your request to the living one, monitors both servers (you can define keep-alive method) and switch if the active one fails.
Logged
Intel(R) Xeon(R) Silver 4116 CPU @ 2.10GHz (24 cores)
256 GB RAM, 300GB RAID1, 3x4 10G Chelsio T540-CO-SR
PelleH
Newbie
Posts: 2
Karma: 0
Re: NAT - change rule if internal server is down
«
Reply #2 on:
February 04, 2020, 08:04:57 pm »
Thanks. I was searching for a way to avoid an extra server (with haproxy).
If I should use this, is it possible to cluster this function, to avoid single point of failure?
/Pelle
Logged
hbc
Hero Member
Posts: 501
Karma: 47
Re: NAT - change rule if internal server is down
«
Reply #3 on:
February 05, 2020, 04:28:21 pm »
If you run a 2nd OPNsense as carp cluster and same haproxy config, it will work. That's how I do it.
Just be aware that haproxy is not sync'ed with build-in ha-settings sync. You have to manually replicate your haproxy config.
Logged
Intel(R) Xeon(R) Silver 4116 CPU @ 2.10GHz (24 cores)
256 GB RAM, 300GB RAID1, 3x4 10G Chelsio T540-CO-SR
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
NAT - change rule if internal server is down