Physical Configuration Assitance

Hi All,
I hope someone here could point me in the right direction being new to HAProxy. I have seen lots of configuration tutorials and guides on the actual config file which is fine and clear but may I ask how exactly would one go about setting up HAProxy on a physical ubuntu server then connecting it to the physical network if you only have a single IP subnet range of addresses? As hardly is there a guide showing this physical setup especially if you have a single IP address subnet.

Would anyone know how to do this with a single IP address subnet using a dedicated Ubuntu server as the HAproxy?

From the little I have seen there are guides on HAProxy inside pFsense and using transparent bridging but we are not wanting to use pFsense but rather a simple ubuntu server that has 2 physical network cards. (well there is four in there but two should be enough). the process of just assigning IP addresses to each interface and then connecting the ingress to the ISP circuit and then the egress interface to a switch does not work using IP addresses from the same/single subnet so would anyone have any direct experience on how best to do this?


If you insist on using a single IP subnet, then use a single IP interface/NIC.

If you want to use multiple NIC’s, use multiple subnets. Just like a firewall may be connected to a WAN, DMZ and a LAN segment, you can do the same on a load-balancer. A firewall cannot be connected to the same subnet on WAN, LAN and DMZ either.

Think about a proper design, based on your requirements.

Hi luastr,

Thanks for the feedback but kindly slow down on all the pre-assumptions. Not sure what you truly mean by "insist’ as public IP addresses are often provided by ISP’s and out of the control of most individuals/groups so kindly slow down with the pre-assumptions. as people often work with what they get.

Additionally, if you would have spent a little care time reading what I wrote I did inform you that the (I quote: “…the process of just assigning IP addresses to each interface…does not work**…” thus indicating we are aware that such a design does not work! So we are fully aware of network designs etc.
If you have any Out-of the-box creative/resourceful input (part of the treasures of Open Source) then do share if not kindly desist from pre-assumptions.

Thus, we cannot create subnets with the provided ISP IP addressing so if anyone has any resourceful ideas do kindly share them…


“does not work” is a rather incomplete description of the limitations you are facing.

You are saying your are fully aware of the network design, so why don’t you share it with us, so we don’t have to make assumptions?

Once again thanks for yours but, like I said slow down a little, as first its pre-assumption, now its doctoring/supplanting of notions/concepts (I quote: “… limitations you are facing …” as not sure where you got that concept from out of my original question as I am not facing “limitations” but rather trying to figure out how others seem to be by-passing something that did not add up for me (see last paragraph descriptive below).

Also, the notion of “Design” selectively mentioned by you was actually “introduced” by yourself into the discussion it was not mentioned as part of my original question nor relative. A little re-read of my question should make that apparent.

However, since you mentioned “Design” it is actually me seeing a number of diagrams online that initially prompted the query as I see a lot of diagrams and videos referencing (even visually) a Front-End and a Back-End and placing varied IP addressing ( sometimes different subnets and other times addresses in even the same subnets on their logical visual representations/diagrams of supposed physical networks so things were not clear ) on the Front-End and Back-Endwhile illustrating their file config with physical diagrams which appears fine and dandy in the guide or video but somehow PHYSICALLY did not fit as for traffic of any kind to come in and go out of a physical box you need two physical interfaces at a minimum and on a WAN they also need some form of public addressing which in those same online guides and tutorials (if you are observant you will see the same thing) were often omitted as the diagrams and even guides seemed to omit this. Hence why I wondered what the magic was for them achieving it. But I guess there is no magic…unless (like firewalls being placed into transparent bridging mode) you know something otherwise as you did also write this (I quote; “… then use a single IP interface/NIC. …” which seems you probably figured a way around it…so would you like to share your work-around!

I can tell you that I don’t appreciate the tone you are using, you will have to tune it down a notch, if you expect somebody to work with you here constructively.

Hi LukasStribus,

let me ask "…Excuse Me…What is this…absurdity? Have you read your own replies?

“…I can tell you that I don’t appreciate the tone you are using, you will have to tune it down a notch, if you expect somebody to work with you here constructively…”

The victimizer blaming the victim…really!

Fortunately this is a public discussion board where others objectively reading can follow the thread of the discussion themselves. As there was a simple original question that met a rather rude response and when the rude response was politely called to question and asked to slow down and avoid pre-assumptions in your hubris you resorted to trying to roll two fallacies into one (ad-hominem and TuQuoque) something that anyone objective following the thread of this discussion can easily see.

But let us put all that aside and let me “clearly” clarify one reality that may not rub your hubris well! note: I am not trying to be obnoxious but merely telling it as it is to you:

Joining a discussion group to ask a question does not in any way or shape imply that an individual simply asking a question must be tolerant of tyrannical/dictate behavior by you.

Your last entry can be easily construed as a “threat” based on the fact that you (once again) pre-asssume (the very thing that you were called to question on in your first answer) that others joining this group for some strange reason best known to you MUST be “submissive” to your whim and dictate and for a further strange reason seemingly “please” you in what they feedback. Where that flipped reasoning is coming from I wonder.

What you fail to understand is that every human being has free will and does not need to tolerate your idiosyncracy or emotional/mental inadequacies of being (take away the action there will be no reaction so to speak…hopefully your brain can comprehend that truth).

Whether YOU answer my question or not is unimportant as LIFE GOES ON so always bear that in mind before you issue childish “threats” to people you do not know (or even to those you do know) that simply come on to this forum to ask a basic question.

By me (like anyone else that may do) simply asking a question here on the forum does not mean I (or anyone else) owe you any form of “servitude” or docility nor does it mean I have to tolerate your irrationality/state of emotional unrest as after all I did not even ask YOU in particular to answer my question that was YOUR choice: rather than answering peoples questions like a internet “troll” if you do not have a sensible answer to a question why do you then bother in the first place to respond to it? Beats me!

Friend/foe whatever best suits you, your emotional/mental inadequacies need to stay with you do not spread them to others…forum or no forum life goes on…Phew!
Fare ye well!

I will stop this crap now.