Hi PiBa-NL, I just follow your advice and find my pf configure is not correct
rdr on vlan64 proto tcp from any to any -> 127.0.0.1 port 2222 And I change to ipfw and fwd then it works corrently. ipfw add fwd 127.0.0.1,2222 tcp from any to any via vlan64 in And you tell my I can use pf's divert-to, but after a test I found it doesn't work.Here is the configure pass in quick on vlan64 inet proto tcp from any to any divert-to 127.0.0.1 port 2222 So can your tell my the right configure? Thank you. Regards Jinge On 2013-7-11, at 下午12:07, jinge <altman87...@gmail.com> wrote: > Hi PiBa-NL, > > > Thanks for your reply! > And I will follow your advice! > > > > Regards > Jinge > > > > On 2013-7-10, at 上午4:25, PiBa-NL <piba.nl....@gmail.com> wrote: > >> Hi Jinge, >> >> Im not exactly sure how this is supposed to work.. did manage to get >> transparent proxy for the server side working.. (the server is presented >> with a connection from original client ip.) This works with haproxy 1.5dev19 >> on FreeBSD8.3 with help of some ipfw fwd rules.. >> >> Your config also seams to be working (used some parts their-of to test..) >> >> Did require the following ipfw rule for me..: >> ipfw add 90 fwd localhost tcp from any to any 2222 in recv em1 >> Actually on pfSense it also needs "-x haproxy" as it is a bit customized.. >> And because i run 'ipfw' combined with 'pf' i also needed to configure pf >> with floating 'pass on match' rules to allow the 'strange traffic'.. That pf >> cannot handle.. >> >> If you however have FreeBSD 9 you might want to look into the divert-to >> rules that pf can make. Might make stuff simpler if it turns out to work.. >> >> Please report back your required settings (&config if it changes) when you >> manage to get it working. >> >> Greetings PiBa-NL >> >> Op 9-7-2013 12:55, jinge schreef: >>> Hi,all! >>> >>> >>> We use haproxy and FreeBSD for our cache system. And we want to use the >>> transparent option >>> http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#4-option%20transparent >>> which for some compatiable things. >>> But found it doest work. Here is the configure which worked in Ubuntu. >>> >>> >>> frontend tcp-in >>> bind :2222 >>> mode tcp >>> log global >>> option tcplog >>> >>> #distingush HTTP and non-HTTP >>> tcp-request inspect-delay 30s >>> tcp-request content accept if HTTP >>> >>> default_backend Direct >>> >>> >>> backend Direct >>> mode tcp >>> log global >>> option tcplog >>> no option httpclose >>> no option http-server-close >>> no option accept-invalid-http-response >>> option transparent >>> >>> >>> Can anyone tell my if is the FreeBSD can not support transparent here or my >>> configure is not correct ? And how to make transparent work right. >>> >>> Thanks! >>> >>> >>> Regards >>> Jinge >>> >>> >>> >> >
