On Sat, Mar 20, 2010 at 02:23:29AM +0100, Daniele Genetti wrote: > I verify default gw and it seems correct. > I also add rules suggested, but nothing change. > The error "503 Service Unavailable" persist. > > So, now I try to do this test. > > 1) Without transparent proxy > on HAPROXY_SERVER: > > netstat -ctnup | grep 192.168.1.20:80 (ok, connection established showed) > on WEB_SERVER: > > netstat -ctnup | grep 192.168.1.21:80 (ok, connection established showed) > > 2) With transparent proxy activated > on HAPROXY_SERVER: > > netstat -ctnup | grep 192.168.1.20:80 (ok, connection established showed) > on WEB_SERVER: > > netstat -ctnup | grep 192.168.1.21:80 (nothing showed) > > So, probably there is a problem forwarding.. I'm right?
No, you're not watching the same connections. I'm assuming that 192.168.1.20 is your web server and 192.168.1.21 is your haproxy server. In transparent mode, the web server will see the client's IP address as the source, not the haproxy server. So you must use exactly the same grep on both sides. Also, be sure not to test from 127.0.0.1, otherwise it will not work. But what I find strange in your case is that if the connection appears established on the haproxy server, that means that everything is correct, including routing of backwards packets. Otherwise you would see a SYN_SENT state. > Anyone maybe have an idea to resolve this issue? Please simplify the test first. Disable health checks on the server. That way we'll know that health checks are not seeing the server as down. Next step is to ensure that you're sending the request from a machine that must be routed back via the haproxy server, so it must not be on the same local net as your web server. If you still don't see any progress, please take a tcpdump capture on both sides (haproxy server and web server). Regards, Willy
