Given what you have described, it seems to be either a HAproxy or server config issue. If the server can reach the internet, that solves default gateway issues, if you can reach the server from the LAN then that solves any networking issues. I would probably do a packet capture at the pfSense box and on the server to see where they stop. It can also tell you if there may be some kind of haproxy issue where the translation may not be what you expect. Robert ________________________________________ From: Richard Nilsson <rnilsson@rcn.com> Sent: Friday, January 31, 2020 8:49 AM To: users@ovirt.org Subject: [ovirt-users] Re: High level network advice request Thanks again Joseph, I do have specific noob question. I'm learning so much with this test deployment :) 'Amazing. I can't get to a test vm / webserver managed by Ovirt Engine from WAN, as I do with the Engine and other machines....I suspect that I am missing some pretty basic setup step with security but I don't know what to check next? So I use pfSense with haproxy add on, which is pretty great. Squid might be better, but haproxy was really easy for me to set-up without mastering config syntax... My pfSense is on a physical box at the gateway as a gateway server....so not a vm. I have a working vm on an ovirt node manged / created with engine. I set up the vm with fedora 31 server then added a lamp stack with mariadb & etc. I can access (from LAN only, not from WAN) the server test page and a text php info page that I made. I don't know what to adjust to debug the problem. I suspect security / firewall issues but not with the pfSense / haproxy reverse redirect, I think that's all fine. I use pfSense DNS Resolution in the LAN as split DNS. Other machines, including the hosted engine machine are accessible from WAN using URLs / FQDNs. My engine for testing is engine.metrodesignoffice.com The test server is mdowebserver.metrodesignoffice.com What should I look at next? I only installed one node so I can't sync new logical networks or vnet profiles as I understand (the single node can't be placed in maintenance mode, for obvious reasons?). _______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/Q2WNHYIUWVLGF3...