I currently have a solution that works well for doing NAT.
Front end IP:Port (10.238.232.20:443)--------+-------- Back end IP:Port (172.22.0.42:443) | | eth0 +---------+ | | | NAT | | | +---------+
This is what my setup looks like. My NAT box has only one interface
eth0 with IP
10.238.232.20 and my objective is to do both IP Masquerading and IP forwarding.
In the above scenario, im accomplishing it using
echo 1 > /proc/sys/net/ipv4/ip_forward iptables -t nat -F iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE iptables -t nat -A PREROUTING -p tcp -d 10.238.232.20 --dport 443 -j DNAT --to-destination 172.22.0.42:443 iptables -t nat -A POSTROUTING -p tcp -d 172.22.0.42 --dport 443 -j SNAT --to-source 10.238.232.20
Now I want to switch from iptables to HAProxy while preserving the above behaviour.
Here is the snippet of what I have till now
frontend k8s_https_frontend bind *:443 mode tcp default_backend k8s_https_backend backend k8s_https_backend mode tcp balance roundrobin server https_ingress 172.22.0.42:443 check port 443
Now from my browser, when I do a
curl 10.238.232.20:443 , I definitely do get a
200 response from my backend. I am just not sure if that is enough to meet both the criteria for IP masquerading and IP forwarding.
Is there something else I need to do in my HAProxy config ?