Unable to access web service with floating IP address assigned to my machine

Question

I have a machine for which I have assigned a floating IP address. That machine is also my load balancer. I can access my service easily using the IP address of load balancer.

However I am unable to access it using the floating IP address which was assigned to my load balancer machine.

sudo nano /etc/haproxy/haproxy.cfg

defaults
        log     global
        mode    http
        option  httplog
        option  dontlognull
        timeout connect 5000
        timeout client  50000
        timeout server  50000
        errorfile 400 /etc/haproxy/errors/400.http
        errorfile 403 /etc/haproxy/errors/403.http
        errorfile 408 /etc/haproxy/errors/408.http
        errorfile 500 /etc/haproxy/errors/500.http
        errorfile 502 /etc/haproxy/errors/502.http
        errorfile 503 /etc/haproxy/errors/503.http
        errorfile 504 /etc/haproxy/errors/504.http

#HAProxy for web servers
frontend web-frontend
  bind IPADDRESSOFLOADBALANCER:80
  mode http
  default_backend web-backend

backend web-backend
  balance roundrobin
  server web-server1 IPADD1:80 check
  server web-server2 IPADD2:80 check
  server web-server3 IPADD3:80 check
  server web-server4 IPADD4:80 check

Is there anything else I need to do apart from assigning the floating IP address. I am unable to access the service using floating IP address.

@c4f4t0r Yup that worked, but I didn't understand why it works? Also won't there be any security issue. Can't I specifically bind to 2 IP addresses? — Himanshuman, May 11 '22 at 05:57

score 1 · Answer 1 · answered May 12 '22 at 11:20

1

I don't think you can, most people just bind to one IP address or ALL of them. You would have to use a separate front end for each one using the same backend. But everyone just uses the * which works fine.

answered May 12 '22 at 11:20

Malcolm turnbull

827
6
6

score 0 · Answer 2 · answered May 12 '22 at 11:33

I was using Digtal Ocean platform to create my droplets. After assigned a floating IP to it from this page.

https://cloud.digitalocean.com/networking/floating_ips?i=0eb956

Now I need to get the private IP of my droplet using the command ip a

root@ubuntu-s-1vcpu-1gb-blr1-01:~# ip a
1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 52:a0:A:B:C:D brd ff:ff:ff:ff:ff:ff
inet PUBLICIP/20 brd E.F.G.H scope global eth0
valid_lft forever preferred_lft forever
inet *PRIVATEIP(X.X.X.X)*/16 brd X.X.I.J scope global eth0
valid_lft forever preferred_lft forever
inet6 2400:6180:ZZ:ZZ::ZZ:ZZZZ/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::50a0:9fff:fe54:add2/64 scope link
valid_lft forever preferred_lft forever
3: eth1: mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 9a:4b:a5:ZZ:ZZ:ZZ brd ff:ff:ff:ff:ff:ff
inet K.L.M.N/20 brd O.P.Q.R scope global eth1
valid_lft forever preferred_lft forever
inet6 fe80::984b:SSSS:TTTT:UUUU/64 scope link
valid_lft forever preferred_lft forever

I got the floating IP say, FLOATINGIPADDRESS

Floating IP works via Anchor IP present over eth0 interface. We can use the same private IP as any traffic sent over Floating IP will be sent to this private IP only i.e inet *X.X.X.X*/16 brd

Now I need HAProxy to bind to this private IP in my HAProxy cfg file.

sudo nano /etc/haproxy/haproxy.cfg

#HAProxy for web servers
frontend web-frontend
  bind PRIVATEIP(X.X.X.X):80
  bind LOADBALNCERIP:80
  mode http
  default_backend web-backend

backend web-backend

  http-request set-header X-Forwarded-Proto https if { ssl_fc } # For Proto
  http-request add-header X-Real-Ip %[src] # Custom header with src IP
  option forwardfor # X-forwarded-for

  balance roundrobin
  server web-server1 IP1:80 check
  server web-server2 IP2:80 check
  server web-server3 IP3:80 check
  server web-server4 IP4:80 check

listen stats
bind PRIVATEIP(X.X.X.X):8080
bind LOADBALNCERIP:8080
mode http
option forwardfor
option httpclose
stats enable
stats show-legends
stats refresh 5s
stats uri /stats
stats realm Haproxy\ Statistics
stats auth root:password            #Login User and Password for the monitoring
stats admin if TRUE
default_backend web-backend

if you check the output of netstat -tunap you will see that haproxy was listening only on your private ip — c4f4t0r, May 13 '22 at 09:04
what do you mean by "only"? it was also listening on public ip — Himanshuman, May 13 '22 at 10:46
in your original question, You had bind PRIVATEIP(X.X.X.X):80, Now you continue changing everything, you could take to the output of neststat command netstat -tunap | grep LISTEN and you will see what I mean :) — c4f4t0r, May 14 '22 at 08:39

Unable to access web service with floating IP address assigned to my machine

2 Answers2