Thanks for your answers, that kernel setting did help me. But nevertheless, bind interface seems to be buggy, isn't it?
Thanks, Cornelius Riemenschneider -- ITscope GmbH Ludwig-Erhard-Alle 20 76131 Karlsruhe Email: cornelius.riemenschnei...@itscope.de https://www.itscope.com Handelsregister: AG Mannheim, HRB 232782 Sitz der Gesellschaft: Karlsruhe Geschäftsführer: Alexander Münkel, Benjamin Mund, Stefan Reger -----Original message----- To:haproxy@formilux.org; CC:Cornelius Riemenschneider <c...@itscope.de>; From:shouldbe q931 <shouldbeq...@gmail.com> Sent:Mon 11-02-2013 17:28 Subject:Re: Problems with 1.5-dev17 and bind to interface On Mon, Feb 11, 2013 at 1:45 PM, Cornelius Riemenschneider <c...@itscope.de> wrote: Hello, We try to use haproxy for internal load balancing in a high availability setup together with keepalived and a virtual ip on the internal NIC. We don't want to expose our internal services to the public, so we want to restrict the open ports to the internal NIC, eth1. We can't bind directly to the ip address, as it is shared by 3 servers, and haproxy can't bind against the IP when it is bound to another server. I'm not sure I follow you. You seem to be saying that you are trying to "share" an IP address between three hosts ? Maybe something has been lost in translation ? I have a two node HAproxy "cluster" that uses keepalived with VIP addresses, but the bind statements in HAProxy on both instances (kept in sync with incrond and unison) use the VIP addresses. This did require "net.ipv4.ip_nonlocal_bind=1" in /etc/sysctl.conf on both HAProxy instances Apologies if I have misunderstood. Cheers
