Hello,
We are attempting to do a reverse proxy from IPv4 to IPv6 on our end, with HAProxy, pre-opening the ports corresponding to some IPv6s. The reverse proxy sits at the dedicated server ends and redirects requests at a given port to one of the IPv6s.
However, it seems not to be working. We have multiple reports of this not working. This is (part of) our haproxy.cfg file:
maxconn 40000 # Increased to handle more connections
# SSL settings
tune.ssl.default-dh-param 2048
ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACH>
ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
defaults
log global
mode tcp
option tcplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
frontend ipv4_to_ipv6_frontend
bind x.x.x.x:10000-12549 transparent
mode tcp
option tcplog
use_backend ipv6_back
frontend http_frontend
bind x.x.x.x:80 transparent
mode http
option httplog
use_backend ipv6_http_back
frontend https_frontend
bind x.x.x.x:443 transparent
mode tcp
option tcplog
tcp-request inspect-delay 5s
tcp-request content accept if { req.ssl_hello_type 1 }
use_backend ipv6_https_back
backend ipv6_back
mode tcp
balance roundrobin
server ipv6-1-10000 [2xxx:xxx:xxx:xxxx::1]:10000 check
server ipv6-1-10000 [2xxx:xxx:xxx:xxxx::1]:10001 check
server ipv6-1-10000 [2xxx:xxx:xxx:xxxx::1]:10002 check
…
server ipv6-1-10000 [2xxx:xxx:xxx:xxxx::1]:10009 check
server ipv6-2-10010 [2xxx:xxx:xxx:xxxy::1]:10010 check
server ipv6-2-10010 [2xxx:xxx:xxx:xxxy::1]:10011 check
server ipv6-2-10010 [2xxx:xxx:xxx:xxxy::1]:10012 check
(…)
We have iptables rules to allow for these TCP ports and forward them (but not ip6tables rules).
What are we doing wrong here?
Thank you. Sorry for the inconvenience!