I have a question about correct setup of HAPROXY. I have following situation:
INTERNET ----> FW -----> HAPROXY ----> BACKEND SERVER
HAPROXY have to interfaces, Outside 172.16.1.1 and inside 192.168.1.1.
DNS Records are pointing to OUTSIDE interfaces there is an KEEPALIVED address.
Everything works except access to published site from backend server (from backend server i am not able to display it own website, that problem will be on all host in same subnet). request it going over the router
to outside interface and then back to inside. How to solve this situation?
I can point DNS to inside interface but then one interface is used as incomming and outgoing interface.
Can someone help me?
So in other words, you have a NATing FW in front of haproxy, and when your DNS records point to the WAN side of the NAT (the public IP), then you cannot reach the haproxy service from inside.
This is a NAT problem and needs to be fixed there. Depending on the NAT gateway/FW, this may or may not be fixable. It has nothing to do with haproxy though.
No missed something in my decription.
- wan IP is nated by FW. to ETH0 172.16.1.1
- internal IP is ETH1 192.168.1.1
- app lan IP is ETH2 192.168.200.1
application server have 192.168.200.10 and is accesible over HAPROXY over all network excelt 192.168.200.0/24
PUBLIC DNS are pointing to FW this is OK
INTERNAL DNS are pointing to internal IP (ETH1)
with that setup it is working from all subnets exclude subnt where server is located (192.168.200.0/24)
This is an IP routing issue then. Who is routing between the 192.168.1.0/24 and the 192.168.200.0/24 network and are the routes properly setup on both sides? Pointing where exactly?