Backend ACLnot configuring

Hi All,

I created the following FE and BE in HAproxy (On Pfsense) for a set of VM`s:

frontend Exchange-FE-SMTP
bind External-IP-here:25 name External-IP-here:25 ssl crt-list /var/etc/haproxy_test/Exchange-FE-SMTP.crt_list
mode tcp
log global
timeout client 30000
default_backend ExchangeBE-withLB-SMTP_ipvANY

backend ExchangeBE-withLB-SMTP_ipvANY
mode tcp
id 108
log global
balance roundrobin
timeout connect 30000
timeout server 30000
retries 3
option httpchk OPTIONS /
use-server E2019Node1 if SMTP
use-server E2019Node2 if SMTP
server E2019Node1 10.10.10.201:25 id 101 check inter 1000
server E2019Node2 10.10.10.202:25 id 102 check inter 1000

But when i hit save I get the following message :

Errors found while starting haproxy
[ALERT] 225/161943 (4392) : parsing [/var/etc/haproxy_test/haproxy.cfg:111] : error detected while parsing switching rule : no such ACL : ‘SMTP’.
[ALERT] 225/161943 (4392) : parsing [/var/etc/haproxy_test/haproxy.cfg:112] : error detected while parsing switching rule : no such ACL : ‘SMTP’.
[ALERT] 225/161943 (4392) : Error(s) found in configuration file : /var/etc/haproxy_test/haproxy.cfg
[ALERT] 225/161943 (4392) : Fatal errors found in configuration.

I had a look at “/var/etc/haproxy_test/haproxy.cfg”. Its the lines I`ve pasted above, and noticed the ACL parameter is always missing (even though I’m defining it in the Backend config)

The ACL is not getting saved to the config file, which results in the back end servers not being used as intended.
Editing the /var/etc/haproxy/haproxy.cfg file gets overwritten by PF sense when the ‘Save’ button is clicked in the HAProxy/Backend GUI.

Am I doing something wrong here? I have created setups like this in the past and I’ve never run into anything like this.

Anyone? I still haven’t got this to work.

Hello,

The error message is quiet clear : no such ACL : ‘SMTP’.

In your BE section, you have a rules :

use-server E2019Node1 if SMTP
use-server E2019Node2 if SMTP

But the SMTP acl is not defined anywhere in your config file. You have to define SMTP acl then your rul should work.