I've been doing my best with Google for about 4 hours now and life just sucks trying to do this.
We have a public facing HTTP only website (Jekyll) so it is very fast and relatively secure (just serving static HTML files.) This is really a test and I want to do SSL offload on pfSense HAProxy but for now I just want pfSense working.
The nice thing is that with no DB back-end doing HA is ridiculously easy. Make VM1 and VM2. Edit files on VM1 and have a rsync job to VM2. Crazy how cool it is.
Here's where I'm beyond struggling.
We have a public /25 that is being routed through a /30.
Here is the test information:
If I were doing this using a VM like I usually do I'd 1:1 NAT the 2.1.1.2 to say 10.0.0.4. I'd create a port 80 front end and a backend going to 10.0.0.2 and 10.0.0.3. Really easy and this works no problem.
So I've been reading everything and here is what I did:
Step 1: Go to Firewall: Virtual IPs and on the Virtual IPs tab:
Type: IP Alias
Interface: WAN
IP Addresses: Type-> Single address, Address -> 2.1.1.2/32
Step 2: Go to Services HAProxy -> Frontend and make a listener
Status: Active
External address: Use Custom Address: 2.1.1.2 80
Backend pool: VMPool1
Type: HTTP/ HTTPS
Step 3: Go to Services HAProxy -> Backend and make a listener
Name: VMPool1
Serverlist: Mode-> Active, Name JekyllHA, Forwardto Address+Port, Address 10.0.0.2, Port 80, Weight 1
Mode-> Active, Name JekyllHA, Forwardto Address+Port, Address 10.0.0.3, Port 80, Weight 1
Balance: Round robin
Step 4: Go to Services HAProxy -> Settings
Enable HAProxy checked
This should be like the most basic config but when I go to http://2.1.1.2 I am getting the pfSense WebGUI.
Any idea how to fix this???? I'm lost.
We have a public facing HTTP only website (Jekyll) so it is very fast and relatively secure (just serving static HTML files.) This is really a test and I want to do SSL offload on pfSense HAProxy but for now I just want pfSense working.
The nice thing is that with no DB back-end doing HA is ridiculously easy. Make VM1 and VM2. Edit files on VM1 and have a rsync job to VM2. Crazy how cool it is.
Here's where I'm beyond struggling.
We have a public /25 that is being routed through a /30.
Here is the test information:
- Upstream gateway: 1.1.1.2
- pfSense WAN IP: 1.1.1.3
- WAN IPs being routed: 2.1.1.1/25
- VM1 (internal IP): 10.0.0.2
- VM2 (internal IP): 10.0.0.3
- Trying to setup HAproxy on the WAN IP: 2.1.1.2
If I were doing this using a VM like I usually do I'd 1:1 NAT the 2.1.1.2 to say 10.0.0.4. I'd create a port 80 front end and a backend going to 10.0.0.2 and 10.0.0.3. Really easy and this works no problem.
So I've been reading everything and here is what I did:
Step 1: Go to Firewall: Virtual IPs and on the Virtual IPs tab:
Type: IP Alias
Interface: WAN
IP Addresses: Type-> Single address, Address -> 2.1.1.2/32
Step 2: Go to Services HAProxy -> Frontend and make a listener
Status: Active
External address: Use Custom Address: 2.1.1.2 80
Backend pool: VMPool1
Type: HTTP/ HTTPS
Step 3: Go to Services HAProxy -> Backend and make a listener
Name: VMPool1
Serverlist: Mode-> Active, Name JekyllHA, Forwardto Address+Port, Address 10.0.0.2, Port 80, Weight 1
Mode-> Active, Name JekyllHA, Forwardto Address+Port, Address 10.0.0.3, Port 80, Weight 1
Balance: Round robin
Step 4: Go to Services HAProxy -> Settings
Enable HAProxy checked
This should be like the most basic config but when I go to http://2.1.1.2 I am getting the pfSense WebGUI.
Any idea how to fix this???? I'm lost.
Last edited:
