R: Transparent proxy

Mon, 11 May 2009 07:22:12 -0700 

I've tried to use webserver through public interface on the same ip class of
haproxy: it doesn't work.... :-(
 
 
Thanks,
 
 
Carlo

  _____  

Da: John Lauro [mailto:john.la...@covenanteyes.com] 
Inviato: lunedì 11 maggio 2009 14.42
A: 'Carlo Granisso'; haproxy@formilux.org
Oggetto: RE: Transparent proxy



It’s a little different config than I have, but it looks ok to me…

 

What’s haproxy –vv give?

I have:

[r...@haf1 etc]# haproxy -vv

HA-Proxy version 1.3.15.7 2008/12/04

Copyright 2000-2008 Willy Tarreau <w...@1wt.eu>

 

Build options :

  TARGET  = linux26

  CPU     = generic

  CC      = gcc

  CFLAGS  = -O2 -g

  OPTIONS = USE_LINUX_TPROXY=1

 

(I know, I am a little behind, but if it’s not broke…)

 

When you say, haproxy says 503…, I assume it doesn’t actually say that but
that’s what a web browser gets back from it?

 

I assume the web servers have the haproxy’s private IP address as their
default route?  If they are going to some other device as a NAT gateway,
that will not work…

Do they show a SYN_RECV or ESTABLISHED connection from the public client
trying to connect?

 

 

From: Carlo Granisso [mailto:c.grani...@dnshosting.it] 
Sent: Monday, May 11, 2009 7:06 AM
To: haproxy@formilux.org
Subject: Transparent proxy

 

Hello everybody, I have a problem with haproxy (1.3.17) and kernel 2.6.29

 

I have successfully recompiled my kernel with TPROXY modules and installed
haproxy (compiled from source with tproxy option enabled) and installed
iptables 1.4.3 (that have tproxy patch).

Now I can't use transparent proxy function: if I leave in haproxy.cfg this
line "source 0.0.0.0 usesrc clientip" haproxy say "503 - Service
unavailable".

If I comment out the line, everything work fine (without transparent proxy).

 

My situation:

 

haproxy with two ethernet device: first one for public IP, sceond one for
private IP (192.168.XX.XX)

two web server with one ethernet for each one connected to my private
network.

 

 

 

Have you got ideas or you can provide me examples?

 

 

Thanks,

 

 

Carlo

No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 8.5.320 / Virus Database: 270.12.10/2088 - Release Date: 05/05/09
13:07:00

No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 8.5.238 / Virus Database: 270.12.24/2107 - Release Date: 05/10/09
07:02:00

Reply via email to