Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Web Proxy Filtering and Caching
(Moderator:
fabian
) »
problem with the load- balancing of HAProxy into OPNsense
« previous
next »
Print
Pages: [
1
]
Author
Topic: problem with the load- balancing of HAProxy into OPNsense (Read 3953 times)
agrozdanov
Newbie
Posts: 4
Karma: 0
problem with the load- balancing of HAProxy into OPNsense
«
on:
March 26, 2021, 02:55:19 am »
Good evening, Everyone
I hope, Everybody is safe and in good mood !
I was looking for a simillar issue but couldn't find a match so I apologize if I am repeating an issue. Also I have realised that the most available, even official OPNSense - HAProxy' manuals have the old interface shown which is giving even more trouble for the issue.
I am trying to implement HAProxy as an add-on on OPNSense- firewall.
In my DMZ I have two identical CentOS servers with identical web- pages (apache), and IPs - 192.168.100.50, and 192.168.100.100. The access to them from the wan over :80 is granted with a port- forwarding rule on the firewall.
Here's a link to the screenshots from opnsense -
https://matrixcollegeca0-my.sharepoint.com/:f:/g/personal/agrozdanov_matrixcollege_ca/Enf3i5QhXz1GqTf75f1Jy2EBTGHcRJr_NMqIPaeFhW7Vxw?e=MV8CNg
.
There, you will see also my port- forwarding, and firewall related rules.
I have assumed, I might need a "virtual" ip- address for the load- balancer itself - 192.168.100.10:443 so I have putted it into the Public Services- section of HAProxy. I did it, thinking about how I would've do it If I would've introduce the HA Proxy on a separated PC but I might be wrong ...
Also, I noticed that using anything else than 127.0.0.1 into Public Service - Listen Address will not allow the HAProxy service to start (see the left- top corner of the screenshots, and 06.png) even though the "Test syntax" is done without any errors....
If I use 127.0.0.1:443 into Public Service - Listen Address, and change the port- forwarding rule accordingly, I see on the web- browser the administrative- web interface of the firewall so I am pretty sure it supposed to have a way to "translate" it to an internal, virtual IP ...
Please, give a hand with this issue.
Thank you, and Best Regards,
Asen
Logged
lfirewall1243
Hero Member
Posts: 1386
Karma: 45
Re: problem with the load- balancing of HAProxy into OPNsense
«
Reply #1 on:
March 26, 2021, 11:05:34 am »
First you should set up a basic HAProxy config (wihout Load Balancing) and so on
-Change your WebUI Port of your FW
- You dont need a VIP for it
- Create an ALLOW Rule on WAN to WAN Adress (80/443)
- Setup your HAProxy Frontend, Backend and Real Servers
- Add firstly one Real Server to your Backend
- Disable SSL-Offloading if your apache Servers are doing SSL Stuff itself
-> Now you should be able to access your Webpage from the Outside
If thats running you can start to config your LoadBalancing
Note: And delete the NAT Portforwading on WAN - What is this for?
«
Last Edit: March 26, 2021, 11:09:08 am by lfirewall1243
»
Logged
(Unoffial Community) OPNsense Telegram Group:
https://t.me/joinchat/0o9JuLUXRFpiNmJk
PM for paid support
agrozdanov
Newbie
Posts: 4
Karma: 0
Re: problem with the load- balancing of HAProxy into OPNsense
«
Reply #2 on:
March 27, 2021, 04:58:35 pm »
Thank you very much for the prompt reply, @lfirewall1243.
Let me try it, and will revert to you back if some additional issues will be encountered.
Best,
Asen
Logged
agrozdanov
Newbie
Posts: 4
Karma: 0
Re: problem with the load- balancing of HAProxy into OPNsense
«
Reply #3 on:
April 01, 2021, 04:01:19 pm »
Good morning, @lfirewall1243.
I hope all is good with you !
I did all described, and it didn't work. Then, I have recreated it in another popular, free firewall, and it was working exactly as you have described it. I have checked the reason, and I have noticed, when I allow the ping on wan, it is not working with OPNSense. I saw a threat
https://forum.opnsense.org/index.php?topic=3763.0
where @franco was giving an explanation of that issue, and I think this is the reason because with the other installation, and recreation exactly the same situation, fw- rules, etc., the ping on wan is working, and I am able to achieve everything as you have explained.
To be honest, I didn't understand @franco's explanation how to fix the ping issue, so if you can help with this it will be very appreciated.
Thank you, and Best Regards,
Asen
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Web Proxy Filtering and Caching
(Moderator:
fabian
) »
problem with the load- balancing of HAProxy into OPNsense