To start I am new to HA proxy but I do have a working setup. I am facing an issue where I don’t know if its a specific pfsense issue or another.
Let’s start with what’s working
I have 2 interfaces: LAN and DMZ. My servers sitting on the DMZ ([192.168.15.0/24] with the DMZ address on the firewall of [192.168.15.1]. My HA proxy is configured so that 192.168.15.1:443 is listening and making the connections to the backend. I want all my servers sitting in the DMZ to only see DMZ connections being made to the. This works without issue.
What’s not working.
I have a remote LAN 10.147.20.0/24 which contains other servers. This site is reachable over a S2S WireGuard connection. I once again have HA proxy set up where 192.168.15.1 should be reaching out 10.147.20.83 server backend to bring up my zabbix system landing page. I cannot understand why this isn’t working. At first, I thought this was a routing problem but I am able to successfully ping/ssh to the 10.147.20.83 server from any of my DMZ servers. So that rules out firewall rules and routing. Next, I ssh to my pfsense and try to ping my remote server. That fails. Weird. Then I tried to SSH from my pfsense to the remote server. That fails. Then I tried to traceroute to the remote server and that fails.
When I ping from my pfsense to the 10.147.20.83 but this time sourcing from my DMZ interface it works.
ping -S 192.168.15.1 10.147.20.83
PING 10.147.20.83 (10.147.20.83) from 192.168.15.1: 56 data bytes
64 bytes from 10.147.20.83: icmp_seq=0 ttl=63 time=130.842 ms
64 bytes from 10.147.20.83: icmp_seq=1 ttl=63 time=124.843 ms
So far I’m thinking that HA proxy won’t work unless there are directly connected LAN segments on the firewall to send traffic to. Any ideas?
Yes - DNS is set up to point to my PFsense DMZ interface - 192.168.15.1
Yes - Firewall rules currently have a permit any/any