Hi everyone,
I use HAProxy to publish my websites for months now and it works like a charm.
Thank you for that.
Today, I have to setup FTP access through HAProxy and I face the hideous
protocol caveats with the data channel.
I want all FTP traffic to be NATed to HAProxy through my firewall, then
distributed to the different FTP Servers through hdr(host) ACLs.
>From what I read, my HAProxy config seems fine but I need to add NAT rules to
>the HAProxy server in order to forward data channel packets, and set HAProxy
>as the default gateway on the FTP Servers.
I can't figure out how to configure these rules in iptables.
Could someone show an example iptables configuration for that ?
HAProxy config :
frontend ftp
bind *:21 transparent
mode tcp
option tcplog
acl host_ftp1 hdr(host) -i ftp1.domain.tld
acl host_ftp2 hdr(host) -i ftp2.domain.tld
use_backend ftp1 if host_ftp1
use_backend ftp2 if host_ftp2
backend ftp1
server node1 10.10.10.2:21 check
backend ftp2
server node1 10.10.10.3:21 check
Thank you for your help,
Nicolas ZEDDE
