Hi, On Fri, Mar 19, 2010 at 07:03:47PM +0100, Daniele Genetti wrote: > Hello, > > I have one big problem with HAproxy compiled with tproxy support. > > This is the situation... > > HAPROXY_SERVER > os: ubuntu server > kernel: 2.6.31 (so with tproxy support) > iptables: 1.4.4 (so with tproxy support) > ip: 192.168.1.20 > > WEB_SERVER > os: debian > kernel: 2.6.26 > iptables: 1.4.2 > ip: 192.168.1.21 > > I set up haproxy and with "normal" rules and configuration all works well! > > When I try to set the proxy transparent, adding in the configuration the > line: > source 0.0.0.0 usesrc clientip > I have like result all connection "503 Service Unavailable" > > In HAPROXY_SERVER I added this rules: > --- > iptables -t mangle -N DIVERT > iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT > iptables -t mangle -A DIVERT -j MARK --set-mark 1 > iptables -t mangle -A DIVERT -j ACCEPT > > ip rule add fwmark 1 lookup 100 > ip route add local 0.0.0.0/0 dev lo table 100 > --- > > And also I changed HAPROXY_SERVER sysctrls with: > echo 1 > /proc/sys/net/ipv4/conf/all/forwarding > echo 1 > /proc/sys/net/ipv4/conf/all/send_redirects > echo 1 > /proc/sys/net/ipv4/conf/eth0/send_redirects > > Where I'm wrong? > Have you got any ideas? > > Thanks! Daniel
I suspect that you forgot to change your servers' default gateway to point to the haproxy machine, and that they are responding directly to the client without passing through haproxy. Regards, Willy
