R: Transparent proxy

Tue, 12 May 2009 09:04:51 -0700 

Well... Now I have new situation:

On haproxy box I've put those directives:

iptables -t mangle -A PREROUTING -j ACCEPT -p tcp --dport 80 -s
haproxy-public-ip
iptables -t mangle -A PREROUTING -j MARK --set-mark 3 -p tcp --dport 80
ip rule add fwmark 3 table 2
ip route add default via haproxy-private-ip dev eth1 table 2 


On webserver:


iptables -A PREROUTING -t nat -i eth1 -p tcp --dport 80 -j REDIRECT
--to-port 80
route add 0.0.0.0 gw 192.168.0.56


When I try to get website from browser...:

tcp        0      0 192.168.0.133:80        haproxy_public:42758
SYN_RECV    -
tcp        0      0 192.168.0.133:80        haproxy_public:43200
SYN_RECV    -


Have you got ideas?
I know that there's only iptables routing problem (wrong rules on haproxy
box and webserver)... But I can't find it... :-(

Thanks,


Carlo

-----Messaggio originale-----
Da: Carlo Granisso [mailto:c.grani...@dnshosting.it] 
Inviato: martedì 12 maggio 2009 10.21
A: 'John Lauro'
Cc: haproxy@formilux.org
Oggetto: R: Transparent proxy

 

-----Messaggio originale-----
Da: John Lauro [mailto:john.la...@covenanteyes.com]
Inviato: lunedì 11 maggio 2009 18.30
A: 'Carlo Granisso'; haproxy@formilux.org
Oggetto: RE: Transparent proxy

>> 
>> And no request were found into webserver (netstat -ntap | grep :80)
>> 
>> After few seconds: "503 Service Unavailable No server is available to 
>> handle this request. "
>> 

> Can you ping your webserver from the haproxy box ok?

Yes


> What does the following show from your webserver:
> netstat -rn
> Does it show the private IP address of your haproxy box as the gateway 
> for 0.0.0.0?

Here's the output:

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt
Iface
0.0.0.0         192.168.0.56    255.255.255.255 UGH       0 0          0
eth1
192.168.0.0     0.0.0.0         255.255.255.0   U         0 0          0
eth1


On my haproxy box I've lot of connecctions in "TIME_WAIT" state from haproxy
to webservers.
When I try to get default page from browser no connections were made on
webserver (haproxy open only one tcp connection in "SYN_SENT" state).


Thanks for your patience.


Carlo



No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 8.5.325 / Virus Database: 270.12.24/2107 - Release Date: 05/10/09
07:02:00




No virus found in this incoming message.
Checked by AVG - www.avg.com 
Version: 8.5.325 / Virus Database: 270.12.24/2107 - Release Date: 05/11/09
16:14:00

Reply via email to