Hi!
> After "/sbin/iptables -A POSTROUTING -t nat -o eth0 -j MASQUERADE", > source is ignored and the fisrt ip of the routing table is taken. The source is not ignored, but the traffic masqueraded by NAT. > So, new questions ... Is it normal? You configured iptables to NAT every outgoing traffic on the eth0 interface with the main ip. Your kernel does exactly what you told him to do. > iptables -t nat -A POSTROUTING -o eth0 -s @alias@ -j SNAT --to-source @alias@ Are you servers within 192.168.0.0/16? Then just exclude the private destination traffic: /sbin/iptables -A POSTROUTING -t nat -d ! 192.168.0.0/16 -o eth0 -j MASQUERADE > To me your "source x.x.x.x" is working anyway from the haproxy sight but > you're masquerading all aliases behind the default eth0 interface. Thats exactly it, we also see from his strace that the IP was successfully bound to the local alias ip. > Is it bad to have the same server for haproxy and gateway? I don't know what your natting, and I don't know what services your are reverse proxying, so I cannot answer this generic question. Use the example above to avoid natting private traffic. Cheers, Lukas
