> frontend nodes
> maxconn 2400
> bind :12340 interface eth1
> default_backend nodes
>
>
> but portscans from another node in the internal network show that 12340 is
> sometimes open, but most of the it is closed.
>
> We believe this is a bug in haproxy.
Probably haproxy starts when the VIP is not bound to the interface, and since
haproxy only binds when starting the daemon, the bind behavior depends on your
VIP status.
I would strongly suggest to use hardcoded IP addresses in the bind line (+
net.ipv4.ip_nonlocal_bind=1) if you use virtual IP addresses (imho the
configuration you are using is broken by design).
> But nevertheless, bind interface seems to be buggy, isn't it?
Well, you will need to be more specific and do some troubleshooting. "is
sometimes open, but most of the it is closed" is more than vague. Does the
"bind interface" configuration work as expected with normal, non-virtual IP
addresses? Is the behavior reproducible depending on your VIP status when the
haproxy daemon was started?
