Hi ZeN & Willy,
To use transparent proxying on FreeBSD you currently need to compile
with "USE_LINUX_TPROXY=yes".
And make a few changes to the source code (else it wont compile).
As a "quick and dirty fix" you could (manually?) apply this patch [1]:
http://marc.info/?l=haproxy&m=136700170314757&w=2
For the better/cleaner fix this one should be usable [2]:
http://marc.info/?l=haproxy&m=136707895800761&w=2 , which is what i
would like to get committed to the main HAProxy source tree.
@Willy could you take a look at the patch attached to that mail [2] ?
Greets,
PiBa-NL
Op 2-5-2013 5:13, ZeN schreef:
Dear Users,
sorry if i open new thread,
but i really want to solve this problem..
i manage to compile haproxy via port using TPROXY :
haproxy -vv
HA-Proxy version 1.5-dev18 2013/04/03
Copyright 2000-2013 Willy Tarreau <w...@1wt.eu>
Build options :
TARGET = freebsd
CPU = generic
CC = cc
CFLAGS = -O2 -pipe -fno-strict-aliasing -DFREEBSD_PORTS
OPTIONS = USE_TPROXY=1 USE_GETADDRINFO=1 USE_ZLIB=1 USE_OPENSSL=1
USE_PCRE=1
Default settings :
maxconn = 2000, bufsize = 16384, maxrewrite = 8192, maxpollevents = 200
Encrypted password support via crypt(3): yes
Built with zlib version : 1.2.7
Compression algorithms supported : identity, deflate, gzip
Built with OpenSSL version : OpenSSL 0.9.8y 5 Feb 2013
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports prefer-server-ciphers : yes
but when i started the service with the "source 0.0.0.0 usesrc
clientip" option, the haproxy wont start with this messages:
parsing [/usr/local/etc/haproxy.conf:28] : 'usesrc' not allowed here
because support for TPROXY was not compiled in.
what i should i do to make haproxy compile with transparent option?
Rgds
ZeN