Loopback NAT/ Outbound NAT with HAproxy?

Started by maweber, November 15, 2019, 01:33:15 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
November 15, 2019, 01:33:15 AM
Hi folks

I need to mask LAN-HAproxy traffic with my WAN IP.

it seems I cannot get an outbound NAT for HAproxy working.
The conditions are never met for the Outbound-NAT to hook in.

I used: Outbound NAT
- Interface: WAN
- Source: The complete 10.24.0.0/16
- Dest: WAN (HAproxy port)
- Translate IP: Interface
... still the http server sees my LAN IP.

As soon as I route the traffic via a masked outside GW loopback, the Outbound-NAT works (useless, just to illustrate).

Somebody knows a solution?
What kind of hidden shortcut is in place here?
Thanks
November 15, 2019, 05:36:11 AM #1
Is there a reason for this? Usually you work with ,X-Forwarded-For Header?
November 15, 2019, 09:36:00 AM #2 Last Edit: November 15, 2019, 09:42:25 AM by maweber
There is!

X-Forwarded-For carries the Original sender, but that sender is wrong.

Or how do you mean "work"?
Like make conditions for a broken SRC?

The problem is not with HAproxy, but that the outbound-NAT of OPNsense does not work with HAproxy.
It is usually not a problem with normal webservers, but in my case the software (Seafile) fails with the wrong SRC.
Print
Go Up Pages1
User actions