On Fri, Aug 20, 2010 at 12:49:02PM +0800, Xiaoyu Du wrote:
> Hi.
> I use haproxy 1.4.6. when I configured it for my http servers with full
> transparent mode, it works in a strange way.
>
> Here is my configuration:
>
> global
> maxconn 40000
> ulimit-n 80013
>
> defaults
> mode http
> contimeout 4000
> clitimeout 42000
> srvtimeout 43000
> balance roundrobin
> listen VIP_Name 192.168.10.58:80
> mode http
> option forwardfor
> source 0.0.0.0 usesrc clientip
> cookie SERVERID insert nocache indirect
> server server1 192.168.10.250:80 weight 1 cookie server1 check
> option redispatch
>
>
> After I start haproxy. I cann't connect to 192.168.10.58
>
> But I wrote a small test program which listened on different port xxx.
> I telnet the 192.168.10.58 xxx, it works, and after this. I reconnect
> 192.168.10.58 80, haproxy worked, but if I do not do any other
> operations, about two minutes later, haproxy seemed not working again.
> And I wrote a small kernel netfilter module for LOCAL_IN chain, the
> SYN packet did route to local host, but no syn-ack.
But is the 192.168.10.58 address bound to the local machine ? I suspect
it's not, because it's the kernel than handles the SYN/SYN-ACK sequence,
not haproxy. And in your example you're using FREEBIND which allows your
code to receive traffic for an IP it does not own. If this is the case,
you should add the "transparent" option to the "bind" line in haproxy :
listen VIP_Name
bind 192.168.10.58:80 transparent
Regards,
Willy
