Troubleshooting HAproxy Configuration

l080 · March 23, 2024, 5:47pm

Hi there,

I've installed HAproxy on my OpenWRT router (192.168.6.1) and have two servers with distinct IPs in this network. My goal is to configure HAproxy to redirect connections from 192.168.6.1 to one of these servers.

However, when I run tcpdump on the OpenWRT, I observe that packets are arriving but not being forwarded. The tcpdump output shows:

17:33:14.476087 eth1  In  IP control-rze-opi.lan.38422 > OpenWrt.lan.6443: Flags [F.], seq 1, ack 2, win 502, options [nop,nop,TS val 4193170201 ecr 843444950], length 0
17:33:14.476087 eth1.1 In  IP control-rze-opi.lan.38422 > OpenWrt.lan.6443: Flags [F.], seq 1, ack 2, win 502, options [nop,nop,TS val 4193170201 ecr 843444950], length 0
17:33:14.476087 br-lan In  IP control-rze-opi.lan.38422 > OpenWrt.lan.6443: Flags [F.], seq 1, ack 2, win 502, options [nop,nop,TS val 4193170201 ecr 843444950], length 0
17:33:14.476136 br-lan Out IP OpenWrt.lan.6443 > control-rze-opi.lan.38422: Flags [.], ack 2, win 1019, options [nop,nop,TS val 843444951 ecr 4193170201], length 0
17:33:14.476143 eth1.1 Out IP OpenWrt.lan.6443 > control-rze-opi.lan.38422: Flags [.], ack 2, win 1019, options [nop,nop,TS val 843444951 ecr 4193170201], length 0

haproxy.cfg

frontend k3s-frontend
    bind *:6443
    mode tcp
    option tcplog
    default_backend k3s-backend

backend k3s-backend
    mode tcp
    option tcp-check
    balance roundrobin
    default-server inter 10s downinter 5s
    server control-rze 192.168.6.223:6443 source 192.168.6.1:6443
    server control-rze-opi 192.168.6.216:6443 source 192.168.6.1:6443

I tried to set forwarding rules like:

Can anyone assist me in resolving this issue? Any insights or suggestions would be greatly appreciated.

l080 · March 24, 2024, 8:36am

ok, I found the issue. My firewall on the servers was blocking the access to port 6443.

There is still one thing which is confusing me and I don't understand.

While debugging, I changed the destination IP for port forwarding from the router's IP to one of the server's IP addresses. Surprisingly, this worked without changing any firewall settings on the server. Why did it work?

krazeh · March 24, 2024, 11:25am

At a guess, the server is either not running a firewall or it is and the port is already open.

system · April 3, 2024, 11:27am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.