We’ve got a bunch of f5 servers we’re looking at replacing with haproxy. In addition to load balancing and application delivery, these can provide much needed SNAT to which we use as a gateway for backend servers that need to get outbound internet access.
It looks like haproxy doesn’t provide this as it terminates all connections / uses its own ip stack. I am curious as to what others are doing that need this.
First thing that comes to mind is putting a firewall in front of the haproxies and using the fw as the gateway for everything. Or perhaps maybe some iptables rules onto the haproxies themselves.
Just wondering what best practice / most efficient setup would be in this scenario. Thanks.
1 post - 1 participant