Shorewall version 4.6.4.3 I am trying to configure Shorewall such that it will allow HAProxy,running on the same machine, to pass through the connecting clients IP (transparent mode). I’ve tried to adapt a modified version of the squid transparent configuration using TProxy but am unable to connect to the backend servers.
- Shorewall is the gateway for the backend servers - HAProxy is correctly configured - Kernel support compiled "CONFIG_NETFILTER_TPROXY" “CONFIG_NETFILTER_XT_TARGET_TPROXY" The below rules do fix my issue, allowing the connections. I am quite new to Shorewall/IPTables but expect this to be somewhat of a tribal issue. iptables -t mangle -N DIVERT iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT iptables -t mangle -A DIVERT -j MARK --set-mark 1 iptables -t mangle -A DIVERT -j ACCEPT ip rule add fwmark 1 lookup 100 ip route add local 0.0.0.0/0 dev lo table 100
------------------------------------------------------------------------------
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
