OPNsense Forum
Archive => 19.7 Legacy Series => Topic started by: maweber on November 15, 2019, 01:33:15 am
-
Hi folks
I need to mask LAN-HAproxy traffic with my WAN IP.
it seems I cannot get an outbound NAT for HAproxy working.
The conditions are never met for the Outbound-NAT to hook in.
I used: Outbound NAT
- Interface: WAN
- Source: The complete 10.24.0.0/16
- Dest: WAN (HAproxy port)
- Translate IP: Interface
... still the http server sees my LAN IP.
As soon as I route the traffic via a masked outside GW loopback, the Outbound-NAT works (useless, just to illustrate).
Somebody knows a solution?
What kind of hidden shortcut is in place here?
Thanks
-
Is there a reason for this? Usually you work with ,X-Forwarded-For Header?
-
There is!
X-Forwarded-For carries the Original sender, but that sender is wrong.
Or how do you mean "work"?
Like make conditions for a broken SRC?
The problem is not with HAproxy, but that the outbound-NAT of OPNsense does not work with HAproxy.
It is usually not a problem with normal webservers, but in my case the software (Seafile) fails with the wrong SRC.