I'm setting up a system made of application and database servers all running on a private LAN. The application servers are accessed through HTTP Nginx reverse proxy server and the database servers are accessed through TCP HAproxy. Both Nginx and HAproxy are running on the same Ubuntu host.
The application and database servers need to connect to the internet for software upgrades and installation from repositories.
The only machine that can connect to the Internet is the one working as the proxy server host. It has two NICs, one for public IP and the other for private IP. This same proxy server is also running UFW firewall to safe guard the installation from external threats.
I know very well how to configure both Nginx and HAproxy for proxy features. I know how to configure the UFW firewall for application filtering and also configuring to NAT connections.
The puzzle is how to isolate connections destined for proxy applications from those internet seeking connections originating from the private segment. Won't the firewall block the NAT connections or won't the proxy connections ending up being routed?
How do I combine the NAT function with the proxy functions without interference?
