Cluster-IP for outgoing appliance traffic
For incoming traffic to an appliance cluster you can use the cluster ip (e.g. traps), but for outgoing traffic the active node ip address is used. This is annoying for configuring ACLs and also for debugging. Some target devices only allow limited ip lists.
It would be great if also for outgoing site traffic the cluster ip is used, thus a cluster has a unified network behavior, regardless of the internal structure.
Comments: 1
-
21 Dec, '23
JodokIt looks that something like this could be a solution:
```
iptables -t nat -A POSTROUTING -m owner --uid-owner <site-user> -j SNAT --to-source <Cluster_IP-Address>
```
But I am not yet 100% sure about the ProxyPass traffic from the system apache to the site apache. May need some tweaking like:
```
! --in-interface lo
! --out-interface lo
```