On 1/21/2015 2:52 AM, Baptiste wrote: > Everything is explained here: > http://blog.haproxy.com/2013/09/16/howto-transparent-proxying-and-binding-with-haproxy-and-aloha-load-balancer/ > > If you can't do it, maybe you should ask the HAProxy experts to help you: > http://haproxy.com/services/haproxy-professional-services/
I had already seen the blog post you linked ... that blog post does not answer my initial question about whether I keep all haproxy functionality when going transparent. My worry is that it will function just like ipvs and offer none of haproxy's advanced capability. Most of our current load balancing is using ipvs, I am in the process of migrating to haproxy. I can do it without spending a lot of money on help, I just need a little guidance with iptables. I always turn off iptables because I have a very large Cisco external firewall handling access control. Therefore I am a little fuzzy on how to make iptables accept everything while also doing what haproxy needs. If I do set up iptables to accept all traffic, then add the rules on that blog post, will everything work? I realize that iptables is outside the scope of this mailing list, so I am hoping someone can point me to a HOWTO, article, or blog post that covers it. The "old" load balancer system (which I still need to configure) is CentOS 5. Can I successfully run transparent mode on a 2.6.18 kernel? I have a new one running Ubuntu 14, but when I tried to switch everything to that, ldirectord crashed and took out all the ipvs config ... so my new plan is to reduce the ldirectord config to FTP only, which requires that I migrate everything else to haproxy first. I did find something about tproxy and different kernel versions that has me a little worried. Specifically the caveats for specific kernel versions here: http://wiki.squid-cache.org/Features/Tproxy4#Minimum_Requirements_.28IPv6_and_IPv4.29 One of the caveats mentioned is that 3.x kernels require a different config than 2.6 kernels for tproxy4. Which kernel versions are targeted by the iptables info on that blog post? One final question, which is very important. Can I mix transparent bindings and normal bindings on one haproxy config? I need to migrate one frontend at a time, I can't do them all at once. Thanks, Shawn