Author Topic: NAT - change rule if internal server is down (Read 1427 times)

PelleH · « **on:** February 03, 2020, 11:27:26 pm »

Hi,
is there any function to have opnSense to change NAT rule if internal server is down?

For example if a NAT rule port 80 points to internal server 192.168.1.10 and that server are down I want the traffic to go to 192.168.1.11.
I want this function in the firewall to avoid an extra server to solve this.

/Pelle

hbc · « **Reply #1 on:** February 04, 2020, 10:25:51 am »

Use haproxy or nginx and reverse proxying for this. Then you do not need NAT, but terminate your HTTP-session on the firewall which will forward your request to the living system.

In haproxy it's pretty easy. Create a pool with 192.168.1.10 and 192.168.1.11, define one as active, the other as backup. Point your DNS record to your firewall and configure haproxy to listen on it.

Now it forwards your request to the living one, monitors both servers (you can define keep-alive method) and switch if the active one fails.

PelleH · « **Reply #2 on:** February 04, 2020, 08:04:57 pm »

Thanks. I was searching for a way to avoid an extra server (with haproxy).
If I should use this, is it possible to cluster this function, to avoid single point of failure?

/Pelle

hbc · « **Reply #3 on:** February 05, 2020, 04:28:21 pm »

If you run a 2nd OPNsense as carp cluster and same haproxy config, it will work. That's how I do it.

Just be aware that haproxy is not sync'ed with build-in ha-settings sync. You have to manually replicate your haproxy config.

Author Topic: NAT - change rule if internal server is down (Read 1427 times)

PelleH

NAT - change rule if internal server is down

hbc

Re: NAT - change rule if internal server is down

PelleH

Re: NAT - change rule if internal server is down

hbc

Re: NAT - change rule if internal server is down