0
I currently have a solution that works well for doing NAT.
Front end IP:Port (10.238.232.20:443)--------+-------- Back end IP:Port (172.22.0.42:443)
|
| eth0
+---------+
| |
| NAT |
| |
+---------+
This is what my setup looks like. My NAT box has only one interface eth0
with IP 10.238.232.20
and my objective is to do both IP Masquerading and IP forwarding.
In the above scenario, im accomplishing it using iptables
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -F
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -t nat -A PREROUTING -p tcp -d 10.238.232.20 --dport 443 -j DNAT --to-destination 172.22.0.42:443
iptables -t nat -A POSTROUTING -p tcp -d 172.22.0.42 --dport 443 -j SNAT --to-source 10.238.232.20
Now I want to switch from iptables to HAProxy while preserving the above behaviour.
Here is the snippet of what I have till now
frontend k8s_https_frontend
bind *:443
mode tcp
default_backend k8s_https_backend
backend k8s_https_backend
mode tcp
balance roundrobin
server https_ingress 172.22.0.42:443 check port 443
Now from my browser, when I do a curl 10.238.232.20:443
, I definitely do get a 200
response from my backend. I am just not sure if that is enough to meet both the criteria for IP masquerading and IP forwarding.
Is there something else I need to do in my HAProxy config ?