Unable to Connect to CockroachDB through IngressRouteTCP

I'm currently setting up Traefik as an ingress controller in my Kubernetes cluster and I'm attempting to route traffic to a CockroachDB service using IngressRouteTCP. Despite following the documentation and applying the necessary configurations, I'm unable to establish a connection to the database from outside the cluster. Below are the details of my setup and the steps I've taken so far.

Traefik Deployment Configuration:

I'm using the following Helm values to deploy Traefik:

globalArguments:
- "--global.sendanonymoususage=false"
- "--global.checknewversion=false"

additionalArguments:
- "--serversTransport.insecureSkipVerify=true"
- "--log.level=INFO"
- "--entrypoints.web.address=:8000"
- "--entrypoints.websecure.address=:8443"
- "--entrypoints.cockroachdb.address=:26257"
- "--certificatesresolvers.le.acme.httpchallenge.entrypoint=web"
- "--certificatesresolvers.le.acme.email=business@def.wtf"
- "--certificatesresolvers.le.acme.storage=/data/acme.json"
- "--certificatesresolvers.le.acme.caserver=https://acme-v02.api.letsencrypt.org/directory"

deployment:
enabled: true
replicas: 1
annotations: {}
podAnnotations: {}
additionalContainers: []
initContainers: []

ports:
web:
  redirectTo:
    port: websecure
    priority: 10
websecure:
  http3:
    enabled: true
  advertisedPort: 4443
  tls:
    enabled: true

ingressRoute:
dashboard:
  enabled: false

providers:
kubernetesCRD:
  enabled: true
  ingressClass: traefik
  allowExternalNameServices: true
kubernetesIngress:
  enabled: true
  allowExternalNameServices: true
  publishedService:
    enabled: false

rbac:
enabled: true

service:
enabled: true
type: LoadBalancer
annotations: {}
labels: {}
spec:
  ports:
    - name: web
      port: 80
      targetPort: 8000
    - name: websecure
      port: 443
      targetPort: 8443
    - name: cockroachdb
      port: 26257
      targetPort: 26257

entryPoints:
web:
  address: ":80"
  http:
    redirections:
      entryPoint:
        to: websecure
        scheme: https
        permanent: true
websecure:
  address: ":443"
  http:
    tls:
      certResolver: myresolver

certificatesResolvers:
myresolver:
  acme:
    email: business@def.wtf
    storage: /acme.json
    httpChallenge:
      entryPoint: web

IngressRouteTCP Configuration:

To route TCP traffic to CockroachDB, I have the following IngressRouteTCP resource configured:

apiVersion: traefik.io/v1alpha1
kind: IngressRouteTCP
metadata:
  name: cockroachdb-rc
  namespace: rc
spec:
  entryPoints:
    - cockroachdb
  routes:
    - match: HostSNI(`*`)
      services:
        - name: cockroachdb-rc-public
          namespace: rc
          port: 26257
  tls:
    passthrough: true

Service Configuration:

The CockroachDB service is configured as follows:

kubectl get svc -n rc
NAME                          TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)              AGE
cockroachdb-rc                ClusterIP   None            <none>        26257/TCP,8080/TCP   2d
cockroachdb-rc-public         ClusterIP   10.245.123.99   <none>        26257/TCP,8080/TCP   2d

Steps Taken and Troubleshooting:

Network Connectivity: Verified that the external IP (209.38.176.214) is reachable from outside the cluster using tools like nc and telnet. However, I still cannot establish a connection on port 26257.

Logs: Checked Traefik logs for errors, but nothing indicates why the connection might be failing.

Direct Connection: Tried connecting directly to the CockroachDB service from within the cluster using the ClusterIP, which works, but the connection through Traefik does not.

Configuration Review: Double-checked the IngressRouteTCP and Traefik entry points configurations to ensure there are no mismatches in ports or other settings.

Question:

Despite all these steps, I'm still unable to connect to CockroachDB via the Traefik LoadBalancer IP on port 26257. Could someone please help identify what might be wrong in my setup or provide guidance on additional steps I can take to resolve this issue?

Thank you in advance for your assistance!