UDP and address spoofing

luisc · May 29, 2024, 2:51pm

Hi all,

I’m trying to create some NAT rules using Haproxy (replacing nginx) and I’m struggling with one situation.

When I do TCP rules, everything is working properly and I have rules like the following:

listen ldap
    bind 10.0.192.36:636
    source 172.18.81.55
    server ldap_1 172.18.0.10:636
    server ldap_2 172.18.0.11:636

Here, I set the source.ip to another one, that is the one allowed in the firewall.

However, I need to create also a nat rule for dns requests and this is working with UDP.
I can create a rule like the following:

log-forward dns
   dgram-bind 10.0.192.35:53
   log 172.18.16.11:53 local0
   log 172.18.16.12:53 local0

But it is a requirement in my network that the NAT requests are sent with source.ip one of the virtual ips I’ve created with keepalived. In this case is “172.18.81.55” as you can see in the tcp rule.

Is this possible with UDP?

Thanks
Regards.
Luis

wlallemand · June 3, 2024, 9:43am

Unfortunately we don’t have the source keyword in the log-forward section, you could probably make a feature request on github for this.

luisc · June 3, 2024, 11:57am

Do you know if there is any workaround to achieve this? Else I need to use other software.

Thanks!

wlallemand · June 3, 2024, 12:56pm

I don’t think that’s possible unfortunately with HAProxy alone

Topic		Replies	Views
Does HAProxy support UDP? Help!	4	4106	October 31, 2023
Haproxy + keepalived + ldap Help!	0	394	February 12, 2023
Log ldap query or bind Help!	0	132	August 10, 2023
Haproxy support udp Help!	7	1432	August 28, 2024
Haproxy Forwoard Original IP ADDRESS Help!	3	336	September 17, 2024

UDP and address spoofing

Related topics