HAProxy Config and Firewall Rule

[High3lander]

I have a big problem with HAProxy, and i need your help

I would like to manage several domains on a server behind the firewall with the HAProxy. Either my firewall rules are incorrect, or I have errors in the configuration of the HAProxy.

I forward the traffic from port 80 to 3456 and from 443 to port 3457. I switched the firewall to 4433. Lets encrypt does the server jitsi meet with httpd. therefore do not need in firewall.

I read up on the topic in several hours in the forum and tested a lot. Nothing led to the result.

I also don't know whether I need a NAT rule or just need to adjust the WAN rule.

My WAN rule is
Source WAN - Port 80 - Destination This Firewall - Port 3456 for HAProxy Public
Source WAN - Port 443 - Destination This Firewall - Port 3457 for HAProxy Public

Question also, how are the settings in Firewall - Settings - Advanced for NAT?

My Config HAProxy

#
# Automatically generated configuration.
# Do not edit this file manually.
#

global
    # NOTE: Could be a security issue, but required for some feature.
    uid                         80
    gid                         80
    chroot                      /var/haproxy
    daemon
    stats                       socket /var/run/haproxy.socket group proxy mode 775 level admin
    nbproc                      1
    nbthread                    1
    maxconn                     5
    tune.ssl.default-dh-param   2048
    spread-checks               0
    tune.chksize                16384
    tune.bufsize                16384
    tune.lua.maxmem             0
    log /var/run/log local0 info

defaults
    log     global
    option redispatch -1
    maxconn 20
    timeout client 30s
    timeout connect 30s
    timeout server 30s
    retries 3
    default-server init-addr last,libc

# autogenerated entries for ACLs


# autogenerated entries for config in backends/frontends

# autogenerated entries for stats



# Frontend: Jitsi_Public_https (Jitsi_Public_https)
frontend Jitsi_Public_https
    bind 127.0.0.1:3456 name 127.0.0.1:3456
    bind 127.0.0.1:443 name 127.0.0.1:443
    mode http
    option http-keep-alive
    default_backend Jitsi_back
    option forwardfor
    # tuning options
    timeout client 30s

    # logging options
    # ACL: Jitsi_Cond
    acl acl_600fb578589215.86852135 hdr_sub(host) -i name.name.domain (anonymized the domain)

    # ACTION: Jitsi_Rule
    http-request allow if acl_600fb578589215.86852135

# Frontend: Jitsi_Public (Jitsi_Public)
frontend Jitsi_Public
    bind 127.0.0.1:3457 name 127.0.0.1:3457
    bind 127.0.0.1:80 name 127.0.0.1:80
    mode http
    option http-keep-alive
    default_backend Jitsi_back
    option forwardfor
    # tuning options
    timeout client 30s

    # logging options
    # ACL: Jitsi_Cond
    acl acl_600fb578589215.86852135 hdr_sub(host) -i name.name.domain (anonymized the domain)

    # ACTION: Jitsi_Rule
    http-request allow if acl_600fb578589215.86852135

# Backend: Jitsi_back (Jitsi_back)
backend Jitsi_back
    # health checking is DISABLED
    mode http
    balance source
    # stickiness
    stick-table type ip size 50k expire 30m 
    stick on src
    # tuning options
    timeout connect 30s
    timeout server 30s
    # ACL: Jitsi_Cond
    acl acl_600fb578589215.86852135 hdr_sub(host) -i name.name.domain (anonymized the domain)

    # ACTION: Jitsi_Rule
    http-request allow if acl_600fb578589215.86852135
    http-reuse safe
    server Jitsi_real 192.168.99.67:80


Can you help me locate the problem?