OPNsense Forum

Archive => 19.7 Legacy Series => Topic started by: maweber on November 15, 2019, 01:33:15 am

Title: Loopback NAT/ Outbound NAT with HAproxy?
Post by: maweber on November 15, 2019, 01:33:15 am

Hi folks

I need to mask LAN-HAproxy traffic with my WAN IP.

it seems I cannot get an outbound NAT for HAproxy working.
The conditions are never met for the Outbound-NAT to hook in.

I used: Outbound NAT
- Interface: WAN
- Source: The complete 10.24.0.0/16
- Dest: WAN (HAproxy port)
- Translate IP: Interface
... still the http server sees my LAN IP.

As soon as I route the traffic via a masked outside GW loopback, the Outbound-NAT works (useless, just to illustrate).

Somebody knows a solution?
What kind of hidden shortcut is in place here?
Thanks

Title: Re: Loopback NAT/ Outbound NAT with HAproxy?
Post by: mimugmail on November 15, 2019, 05:36:11 am

Is there a reason for this? Usually you work with ,X-Forwarded-For Header?

Title: Re: Loopback NAT/ Outbound NAT with HAproxy?
Post by: maweber on November 15, 2019, 09:36:00 am

There is!

X-Forwarded-For carries the Original sender, but that sender is wrong.

Or how do you mean "work"?
Like make conditions for a broken SRC?

The problem is not with HAproxy, but that the outbound-NAT of OPNsense does not work with HAproxy.
It is usually not a problem with normal webservers, but in my case the software (Seafile) fails with the wrong SRC.