UDP and address spoofing

Hi all,

I’m trying to create some NAT rules using Haproxy (replacing nginx) and I’m struggling with one situation.

When I do TCP rules, everything is working properly and I have rules like the following:

listen ldap
    server ldap_1
    server ldap_2

Here, I set the source.ip to another one, that is the one allowed in the firewall.

However, I need to create also a nat rule for dns requests and this is working with UDP.
I can create a rule like the following:

log-forward dns
   log local0
   log local0

But it is a requirement in my network that the NAT requests are sent with source.ip one of the virtual ips I’ve created with keepalived. In this case is “” as you can see in the tcp rule.

Is this possible with UDP?


Unfortunately we don’t have the source keyword in the log-forward section, you could probably make a feature request on github for this.

Do you know if there is any workaround to achieve this? Else I need to use other software.


I don’t think that’s possible unfortunately with HAProxy alone :confused:

1 Like