On Tue, Jan 20, 2015 at 6:13 PM, Shawn Heisey <hapr...@elyograg.org> wrote: > On 1/20/2015 6:12 AM, Thomas Heil wrote: >> >> On 20.01.2015 03:26, Shawn Heisey wrote: >>> >>> When haproxy is run in TPROXY mode, does it lose any functionality, or >>> can >>> I do all the same things as I can when it's acting in normal proxy mode? >>> I'd like to have my servers see the real source ip but still have the >>> ability to make decisions based on HTTP headers and manipulate those >>> headers. >> >> No you are not loosing any functionality when running in http mode. > > > This is not very clear. It seems to be saying that I can still do ACLs > and header mangling, but you mention http mode, when I was asking about > tproxy. > > To be clear: I'd like to try tproxy so that my servers will see the true > source IP, but still be able to use ACLs and change the HTTP headers. > > If enabling iptables is necessary for tproxy (which it seems to be), how > to I additionally tell iptables that I do not want to block any traffic? > My haproxy server currently is not running a firewall, because it just > gets in the way. > > Thanks, > Shawn > >
Hi Shawn, Everything is explained here: http://blog.haproxy.com/2013/09/16/howto-transparent-proxying-and-binding-with-haproxy-and-aloha-load-balancer/ If you can't do it, maybe you should ask the HAProxy experts to help you: http://haproxy.com/services/haproxy-professional-services/ Baptiste