Hello, requests are made on public interface and haproxy must route packets
to it's private ethernet and to the webserver:
HAPROXY:
PUBLIC (public_ip)
PRIVATE (192.168.0.56)
WEB1:
PRIVATE (192.168.0.100)
WEB2:
PRIVATE (192.168.0.200)
Here's a portion of haproxy.cfg:
listen VIP_Name :80
mode http
option forwardfor
source 0.0.0.0 usesrc clientip
cookie SERVERID insert nocache indirect
server resin1 192.168.0.100 cookie resin1 check port 80
server resin2 192.168.0.200 cookie resin2 check port 80
server backup 127.0.0.1:80 backup
option redispatch
And here the log (I've ran haproxy in debug mode):
Total: 4 (4 usable), will use sepoll.
Using sepoll() as the polling mechanism.
00000000:VIP_Name.accept(0004)=0008 from [XXXXXXX:40679]
00000000:VIP_Name.clireq[0008:ffff]: GET /dnshst/index.jsp HTTP/1.1
00000000:VIP_Name.clihdr[0008:ffff]: Host: XXXXXXXXX
00000000:VIP_Name.clihdr[0008:ffff]: User-Agent: Mozilla/5.0 (Windows; U;
Windows NT 5.1; it; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10
00000000:VIP_Name.clihdr[0008:ffff]: Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
00000000:VIP_Name.clihdr[0008:ffff]: Accept-Language:
it-it,it;q=0.8,en-us;q=0.5,en;q=0.3
00000000:VIP_Name.clihdr[0008:ffff]: Accept-Encoding: gzip,deflate
00000000:VIP_Name.clihdr[0008:ffff]: Accept-Charset:
ISO-8859-1,utf-8;q=0.7,*;q=0.7
00000000:VIP_Name.clihdr[0008:ffff]: Keep-Alive: 300
00000000:VIP_Name.clihdr[0008:ffff]: Connection: keep-alive
00000000:VIP_Name.clihdr[0008:ffff]: Cookie:
__utma=219211980.3702727195051592000.1238524648.1241766865.1242050851.13;
__utmz=219211980.1238524648.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none
); JSESSIONID=abc7FgdhC5dKQ_iS4-Ves; SERVERID=resin1;
__utmb=219211980.1.10.1242050851; __utmc=219211980
00000000:VIP_Name.clihdr[0008:ffff]: Cache-Control: max-age=0
And no request were found into webserver (netstat -ntap | grep :80)
After few seconds: "503 Service Unavailable No server is available to handle
this request. "
Thanks,
Carlo
________________________________
Da: John Lauro [mailto:[email protected]]
Inviato: lunedì 11 maggio 2009 14.42
A: 'Carlo Granisso'; [email protected]
Oggetto: RE: Transparent proxy
Its a little different config than I have, but it looks ok to me
Whats haproxy vv give?
I have:
[r...@haf1 etc]# haproxy -vv
HA-Proxy version 1.3.15.7 2008/12/04
Copyright 2000-2008 Willy Tarreau <[email protected]>
Build options :
TARGET = linux26
CPU = generic
CC = gcc
CFLAGS = -O2 -g
OPTIONS = USE_LINUX_TPROXY=1
(I know, I am a little behind, but if its not broke
)
When you say, haproxy says 503
, I assume it doesnt actually say that but
thats what a web browser gets back from it?
I assume the web servers have the haproxys private IP address as their
default route? If they are going to some other device as a NAT gateway,
that will not work
Do they show a SYN_RECV or ESTABLISHED connection from the public client
trying to connect?
From: Carlo Granisso [mailto:[email protected]]
Sent: Monday, May 11, 2009 7:06 AM
To: [email protected]
Subject: Transparent proxy
Hello everybody, I have a problem with haproxy (1.3.17) and kernel 2.6.29
I have successfully recompiled my kernel with TPROXY modules and installed
haproxy (compiled from source with tproxy option enabled) and installed
iptables 1.4.3 (that have tproxy patch).
Now I can't use transparent proxy function: if I leave in haproxy.cfg this
line "source 0.0.0.0 usesrc clientip" haproxy say "503 - Service
unavailable".
If I comment out the line, everything work fine (without transparent proxy).
My situation:
haproxy with two ethernet device: first one for public IP, sceond one for
private IP (192.168.XX.XX)
two web server with one ethernet for each one connected to my private
network.
Have you got ideas or you can provide me examples?
Thanks,
Carlo
No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 8.5.320 / Virus Database: 270.12.10/2088 - Release Date: 05/05/09
13:07:00
No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 8.5.238 / Virus Database: 270.12.24/2107 - Release Date: 05/10/09
07:02:00
