Hi Malcolm,
On Wed, Feb 11, 2009 at 12:32:31PM +0000, Malcolm Turnbull wrote:
> Thanks to the help of John Lauro I finally got TPROXY and HAProxy
> working together...
> It was actually quite simple, but then it always is after the weeks of
> tearing your hair out...
>
> Its on the Load balancer blog here:
> http://www.loadbalancer.org/blog/
> (Configure HAProxy with TPROXY kernel for full transparent proxy)
>
> Or more specifically here:
> http://www.loadbalancer.org/blog/configure-haproxy-with-tproxy-kernel-for-full-transparent-proxy/
Excellent !
I'm currently working on improving the doc (and trying to get rid of
the old one), and one of my concerns was to add some doc explaining
how to set up transparent proxy. Right now I'm only using it with my
old patches for 2.4 which do not require iptables at all, so I'm
lacking experience with the last tproxy code. Your explanation above
will help me for sure !
BTW, I've read that you cannot use a local backup server anymore,
and that makes sense. But if it's just a local backup server, maybe
you don't need to present the client's IP to this server. I think
that replacing :
server backup 127.0.0.1:80 backup
with :
server backup 127.0.0.1:80 backup source 0.0.0.0
might do the trick. It simply says that the server has its own source
address setting, which is not using transparent mode, so this should
work (not tested though).
Regards,
Willy
