Hello, requests are made on public interface and haproxy must route packets
to it's private ethernet and to the webserver:
 
 
HAPROXY:
 
PUBLIC                (public_ip)
PRIVATE                (192.168.0.56)
 
 
WEB1:
 
PRIVATE                (192.168.0.100)
 
WEB2:
 
PRIVATE                (192.168.0.200)
 
 
Here's a portion of haproxy.cfg:
 
 
listen  VIP_Name :80
        mode    http
        option  forwardfor
        source 0.0.0.0 usesrc clientip
        cookie  SERVERID insert nocache indirect
        server resin1 192.168.0.100 cookie resin1 check port 80
        server resin2 192.168.0.200 cookie resin2 check port 80
        server  backup 127.0.0.1:80 backup
        option redispatch

And here the log (I've ran haproxy in debug mode):
 
Total: 4 (4 usable), will use sepoll.
Using sepoll() as the polling mechanism.
00000000:VIP_Name.accept(0004)=0008 from [XXXXXXX:40679]
00000000:VIP_Name.clireq[0008:ffff]: GET /dnshst/index.jsp HTTP/1.1
00000000:VIP_Name.clihdr[0008:ffff]: Host: XXXXXXXXX
00000000:VIP_Name.clihdr[0008:ffff]: User-Agent: Mozilla/5.0 (Windows; U;
Windows NT 5.1; it; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10
00000000:VIP_Name.clihdr[0008:ffff]: Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
00000000:VIP_Name.clihdr[0008:ffff]: Accept-Language:
it-it,it;q=0.8,en-us;q=0.5,en;q=0.3
00000000:VIP_Name.clihdr[0008:ffff]: Accept-Encoding: gzip,deflate
00000000:VIP_Name.clihdr[0008:ffff]: Accept-Charset:
ISO-8859-1,utf-8;q=0.7,*;q=0.7
00000000:VIP_Name.clihdr[0008:ffff]: Keep-Alive: 300
00000000:VIP_Name.clihdr[0008:ffff]: Connection: keep-alive
00000000:VIP_Name.clihdr[0008:ffff]: Cookie:
__utma=219211980.3702727195051592000.1238524648.1241766865.1242050851.13;
__utmz=219211980.1238524648.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none
); JSESSIONID=abc7FgdhC5dKQ_iS4-Ves; SERVERID=resin1;
__utmb=219211980.1.10.1242050851; __utmc=219211980
00000000:VIP_Name.clihdr[0008:ffff]: Cache-Control: max-age=0

 
And no request were found into webserver (netstat -ntap | grep :80)
 
After few seconds: "503 Service Unavailable No server is available to handle
this request. "
 
 
Thanks,
 
 
Carlo
 

________________________________

Da: John Lauro [mailto:[email protected]] 
Inviato: lunedì 11 maggio 2009 14.42
A: 'Carlo Granisso'; [email protected]
Oggetto: RE: Transparent proxy



It’s a little different config than I have, but it looks ok to me…

 

What’s haproxy –vv give?

I have:

[r...@haf1 etc]# haproxy -vv

HA-Proxy version 1.3.15.7 2008/12/04

Copyright 2000-2008 Willy Tarreau <[email protected]>

 

Build options :

  TARGET  = linux26

  CPU     = generic

  CC      = gcc

  CFLAGS  = -O2 -g

  OPTIONS = USE_LINUX_TPROXY=1

 

(I know, I am a little behind, but if it’s not broke…)

 

When you say, haproxy says 503…, I assume it doesn’t actually say that but
that’s what a web browser gets back from it?

 

I assume the web servers have the haproxy’s private IP address as their
default route?  If they are going to some other device as a NAT gateway,
that will not work…

Do they show a SYN_RECV or ESTABLISHED connection from the public client
trying to connect?

 

 

From: Carlo Granisso [mailto:[email protected]] 
Sent: Monday, May 11, 2009 7:06 AM
To: [email protected]
Subject: Transparent proxy

 

Hello everybody, I have a problem with haproxy (1.3.17) and kernel 2.6.29

 

I have successfully recompiled my kernel with TPROXY modules and installed
haproxy (compiled from source with tproxy option enabled) and installed
iptables 1.4.3 (that have tproxy patch).

Now I can't use transparent proxy function: if I leave in haproxy.cfg this
line "source 0.0.0.0 usesrc clientip" haproxy say "503 - Service
unavailable".

If I comment out the line, everything work fine (without transparent proxy).

 

My situation:

 

haproxy with two ethernet device: first one for public IP, sceond one for
private IP (192.168.XX.XX)

two web server with one ethernet for each one connected to my private
network.

 

 

 

Have you got ideas or you can provide me examples?

 

 

Thanks,

 

 

Carlo

No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 8.5.320 / Virus Database: 270.12.10/2088 - Release Date: 05/05/09
13:07:00

No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 8.5.238 / Virus Database: 270.12.24/2107 - Release Date: 05/10/09
07:02:00




Reply via email to