Thank you A DMZ rule would be fine when forwarding via NAT. In this scenario I understood HAProxy running on IPFire takes over forwarding, so I need to declare INPUT rules rather than NATted FORWARDs.
The idea is based on this post:
I understand the idea to open ports on iPFire for HAProxy is not preferred that much as it may decrease security on it. However, on the other hand, doing this has also got it’s upsides
A DMZ rule would be fine when forwarding via NAT. In this scenario I understood HAProxy running on IPFire takes over forwarding, so I need to declare INPUT rules rather than NATted FORWARDs.