Hello, We try to use haproxy for internal load balancing in a high availability setup together with keepalived and a virtual ip on the internal NIC.
We don't want to expose our internal services to the public, so we want to restrict the open ports to the internal NIC, eth1. We can't bind directly to the ip address, as it is shared by 3 servers, and haproxy can't bind against the IP when it is bound to another server. We use the following config (excerpt) frontend nodes maxconn 2400 bind :12340 interface eth1 default_backend nodes but portscans from another node in the internal network show that 12340 is sometimes open, but most of the it is closed. We believe this is a bug in haproxy. Can you comment on that issue? Or should we prefer bind transparent over bind interface? Please reply to me directly, i'm not subscribed to the list. Thanks for your help, Cornelius Riemenschneider -- ITscope GmbH Ludwig-Erhard-Alle 20 76131 Karlsruhe Email: cornelius.riemenschnei...@itscope.de https://www.itscope.com Handelsregister: AG Mannheim, HRB 232782 Sitz der Gesellschaft: Karlsruhe Geschäftsführer: Alexander Münkel, Benjamin Mund, Stefan Reger
