We have two backend IIS servers which are load balanced and working fine for HTTP and HTTPS passthrough traffic perfectly. They are configured for clientip transparency so their default gateway is necessarily set to the haproxy server (v 1.6.8 on CentOS7). They each have an ip address mapped to a public ip also. When we try to connect via RDP it times out. Then we noticed that we cannot originate traffic from the backend servers to the internet (smtp, smtps, http) and can only ping the local private LAN.
We are using a singe NIC on the haproxy for the listening ips (eth0, eth0:1, eth0:2…) and are using firewalld configured for the transparency to work.
Has anyone else seen this issue? If we change back the default gateway to the Juniper FW the backend servers behave normally. It is the haproxy server that seems to be discarding the packets destined for the internet.