Has anyone configured HAProxy for use with two Barracuda Email Gateways? We have two gateways in a cluster and would like to either LB or HA the two devices. Im having issues figuring out a good way to do this. The problem is all traffic related to 25/443/587 hit the public IP pointed to the barracuda. Not sure how this would be done using HAProxy. Any help would be highly appreciated!
Im trying to figure out a way to forward the client’s IP to the barracuda. This is needed in order to determine traffic /whitelisting etc.
This might work, but I haven’t tested it…
use tcp mode, set the forwardfor option, and then using the send-proxy with the backend servers. on the barracuda, you’ll want to (i think) use the trusted forwarder option, using the ha proxy ip.
from there you’ll move the public ip to haproxy instead of the barracuda cluster…
I don’t think you can use XFF headers outside of HTTP traffic and for send-proxy to work the Barracuda cluster would need to support it(Like Postfix does.).
As such my recommendation would be to move the whitelist to the HAProxy server using ACL’s or Firewall rules as this will be by far the easiest choice.
Other options include tproxy but that is a pain or maybe LVS if HAProxy isn’t a must…
Its possible that the barracuda appliance may…as I believe its nothing more than spam assassin and postfix under the hood. A call to barracuda support might be helpful…