Am 13.07.2020 07:08 schrieb Gabri Tofano:
"Redirections cannot reflect packets back through the interface they
arrive on, they can only be redirected to hosts connected to different
interfaces or to the firewall itself."
- Keep my current configuration with HAproxy
- Add another network interface to the box and configure an additional
network to
it (it might be tricky when deploying a droplet with a direct public IP
address)
- Migrate to relayd relays and give up with SSL passthrough (with the
benefit of
SSL offloading if want to implement it)
There's a "workaround" also mentioned in pf.conf(5) which also works
with
relayd inserted rdr-rules, e.g.
pass out quick on vlan99 proto tcp to 192.168.89.13 received-on vlan99
nat-to 192.168.89.1
vlan99 has 'inet 192.168.89.1/24' and 192.168.89.13 is the relayd rdr
"target".
HTH,
--
pb
