Thanks for the reply.
We’re using DNS internally to resolve all these names, this is just a placeholder question to make sure that the concept is sound. If you have a moment, would the fact that we’re using DNS to get this done change the ability for HAProxy to do this? I tried playing with “source:” in the advanced back-end options, and briefly messed with X-Forwarded-For headers, but any connection on a protocol other than HTTP was attempted with the real source IP instead of the one I wanted.
I ended up proxying with HAProxy to get past the firewall, and then proxying again with apache to display the content - which successfully allowed me to force both the IP and the protocol for display.
I may have some misunderstanding in the implementation of this (probably do, I’m no expert), but I wasn’t able to find a way to get HAProxy to keep its own IP address for internal connections. I spoke to an expert on corporate-level reverse proxies, and he mentioned that the way it is typically done is to secure the application correctly in the first place so that this kind of proxy is not needed.
For anyone Googling in 2023, hopefully something in here will help.