Hello everybody... I've little problem with haproxy: it's working fine in transparent mode (with tproxy enabled) but sometimes (NOT on every reload), when I try to load page (all pages are in jsp), I've delay: I must attend few seconds to have the page completed.
All pages are in JAVA (jsp extension) Here's my haproxy.cfg: listen MAIN PUBLIC_IP:80 mode http option forwardfor acl xxxxx_ACL hdr_dom(host) www.xxxxx.it acl yyyyy_ACL hdr_dom(host) www.yyyyy.it source 192.168.0.133 usesrc clientip stats enable stats uri /haproxy stats auth admin:sbereu208 use_backend XXXXX if dnshosting_ACL use_backend YYYYY if joomlahost_ACL option redispatch backend BACKEND1 PUBLIC_IP:80 mode http balance roundrobin option forwardfor acl indirizzo_dnshst path_end / source 192.168.0.133 usesrc clientip redirect location /dnshst/index.jsp if indirizzo_dnshst cookie SERVERID insert nocache # cookie JSESSIONID prefix server resin1.xxxxx.it 192.168.0.132 cookie resin1 check port 80 inter 30000 rise 2 fall 5 maxconn 300 server resin2.yyyyy.it 192.168.0.141 cookie resin2 check port 80 inter 30000 rise 2 fall 5 maxconn 300 option redispatch backend BACKEND2 PUBLIC_IP:80 mode http balance roundrobin acl indirizzo_jhst path_end / source 192.168.0.133 usesrc clientip redirect location /dnshst/jm/index.jsp if indirizzo_jhst cookie SERVERID insert nocache # cookie JSESSIONID prefix server resin1.xxxxx.it 192.168.0.132 cookie resin1 check port 80 inter 30000 rise 2 fall 5 maxconn 300 server resin2.yyyyy.it 192.168.0.141 cookie resin2 check port 80 inter 30000 rise 2 fall 5 maxconn 300 option redispatch And here's my iptables rules on haproxy server: echo 1 > /proc/sys/net/ipv4/ip_forward /usr/local/sbin/iptables -t mangle -N DIVERT /usr/local/sbin/iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT /usr/local/sbin/iptables -t mangle -A DIVERT -j MARK --set-mark 1 /usr/local/sbin/iptables -t mangle -A DIVERT -j ACCEPT ip rule add fwmark 1 lookup 100 ip route add local 0.0.0.0/0 dev lo table 100 iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE iptables --append FORWARD --in-interface eth1 -j ACCEPT Eth0 is my public interface Eth1 the private one Routing form my two webserver is working fine both for public and private IPs Thanks! Carlo