Setting Up A High-Availability Load Balancer With HAProxy/Pfsense 2.0.1

I/Overview




II/Intro

As lastest document.I give you how to config haproxy on Pfsense 2.0.1.Now I will intro to you how to Setting Up A High-Availability Load Balancer With HAProxy/Pfsense 2.0.1

III/Setting

1/Install haproxy on pfsense as http://conheotiensinh.blogspot.com/2011/12/config-haproxy-with-pfsense-version-201.html
2/Configuring CARP firewall failover

2.1/On both machines, add a firewall to allow all traffic on the SYNC interface:

a. Browse to Firewall | Rules.
b. Click the SYNC Interface tab.
c. Click the "plus" button to add a new firewall rule.
d. Set Protocol to any.

e. Save the changes.
f. Apply changes, if necessary.

2.2/On the backup-pfsense machine, we need to enable CARP synchronization and
configure it as a backup only:

a. Browse to Firewall | Virtual IPs .
b. Click the CARP Settings tab.
c. Check Synchronize Enabled.
d. Set Synchronize Interface to SYNC.


e. Save the changes.
f. We have now finished configuring the backup firewall.

2.3/On the primary-pfsense machine, we need to enable CARP synchronization and
configure it to act as the primary firewall:

a. Br owse to Firewall | Virtual IPs .
b. Click the CARP Settings tab.
c. Check Synchronize Enabled.
d. Set Synchronize Interface to SYNC.

e. Check Synchronize rules
f. Check Synchronize nat
g. Check Synchronize Virtual IPs
h. Set Synchronize to IP to the IP address of backup-pfsense
i. Set Remote System Password to the password of backup-pfsense
j Save the changes

2.4/We must now configure a virtual IP address for the WAN interface on the primary-pfsense machine:

a. Browse to Firewall | Virtual IPs .
b. Click the Virtual IPs tab.
c. Click the "plus" button to add a new virtual IP.
d. Set the Type to CARP.
e. Set the Interface to WAN.
f. Set the IP Address to the single WAN address that will be used throughout
your systems, regardless of whether the primary or backup firewall is in
effect.
g. Create a Virtual IP Password.
h. Leave the VHID Group set to 1.
i. Leave the Advertising Frequency at 0.
j. Add a Description


k.Save the changes
l.Apply changes, if necessary

3/config Sync HAProxy configuration

3.1/On the backup-pfsense machine we need check Sync HAProxy configuration to backup CARP members via XMLRPC.

3.2/On the primary-pfsense machine,we need check Sync HAProxy configuration to backup CARP members via XMLRPC and setting for sync config HaProxy

Now we can config haproxy in primary-Pfsense and it auto sync to backup -Pfsense

Thanks and Best Regards

quan.hoa@conheotiensinh.co.cc

Config HAPROXY with PFSENSE version 2.0.1

Merry Christmas and Happy New Year

I/Intro

As the previous Document about Haproxy , I have explained how to configure a command line .Now with version 2.0.1 pfsense support config haproxy lastest version(1.4.8) via web interface( config easier).although it can not configure advanced features of haproxy through the web interface.

II/Install

1/Install pfsense 2.0.1

2/Install haproxy (The package is available to install from System -> Packages)

3/After Install done We configure Haproxy(Services -> Haproxy)click tab Setting and configure as image

4/Config with ip info:192.168.44.150(Haproxy),192.168.44.130(apache),192.168.44.131(nginx)

III/Config Haproxy

1/config Frontend for haproxy

2/Config Backend for haproxy

a/config server A

b/config server B

3/Check status HAPROXY with URL:http://192.168.44.150/haproxy?stats

NOTE: You must add a firewall rule permitting access to frontend!

Thanks and Best Regards

quan.hoa@conheotiensinh.co.cc