Hi, On 06.12.2012 16:53, Ozgur Tas wrote: > Haproxy 1.4.22 on CENTOS 6.3 (kernel 2.6.32-279.14.1 ) on HYPER-V (with > Hyper-V integration) > ------------------------- I know Centos a little bit and can confirm that this is working. > Hi, > I'm trying to get transparent proxy working, however looking at my TDC38 > (hub) server for connections on port 25, I do see the correct client IP > (10.10.0.223) where im telneting from on port 25, but just shows > SYN_RECEIVED, does not establish a connection. Been looking for a solution > for a while and cannot find an answer. (iptables is disabled and not > looking to use it on my setup). Without iptables you wont get tproxy aka transparent proxy to work. On the machine where the haproxy runs you need firewall rules like this. -- #dns -A RH-Firewall-1-INPUT -p tcp --dport 25 -j ACCEPT # -A RH-Firewall-1-INPUT -m udp -p udp --dport 1194 -j ACCEPT -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT *mangle -N DIVERT -A PREROUTING -p tcp -m socket -j DIVERT -A DIVERT -j MARK --set-mark 1 -A DIVERT -j ACCEPT COMMIT *nat :PREROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] -I POSTROUTING -d 0/0 -j MASQUERADE -o eth0 COMMIT -- Where eth0 is the external and eth1 the internal interface
in /etc/rc.local I have these lines -- ip rule add fwmark 1 lookup 100 ip route add local 0.0.0.0/0 dev lo table 100 -- All traffic was running through tproxy needs to be routed locally back to haproxy. > Thanks, > Oz > > On TDC38(10.10.0.63 - hub server) > C:\>netstat -ano | findstr 223 > TCP 10.10.0.63:25 10.10.0.223:47217 SYN_RECEIVED 4044 > ( <-- here) > TCP 10.10.0.63:443 10.10.0.107:56223 ESTABLISHED 4 > TCP 10.10.0.63:59531 10.10.0.107:42231 ESTABLISHED 3652 > TCP 10.10.0.63:59531 10.10.0.107:44223 ESTABLISHED 3652 > TCP 10.10.0.64:3389 10.10.0.223:60206 ESTABLISHED 5072 > ================================= > > HAPROXY config:: > > global > #uid 99 > #gid 99 > daemon > stats socket /var/run/haproxy.stat mode 600 level admin > maxconn 40000 > ulimit-n 81000 > pidfile /var/run/haproxy.pid > > defaults > #log global > mode http > retries 3 > contimeout 4000 > clitimeout 3600000 > srvtimeout 3600000 > balance roundrobin > option tcp-smart-accept > option tcp-smart-connect > > frontend ft_smtp > mode tcp > bind 0.0.0.0:25 > #source 0.0.0.0 usesrc clientip > #log global > #option tcplog > #tcp-request inspect-delay 30s > #acl content_present req_len gt 0 > #tcp-request content reject if content_present > default_backend bk_smtp on the frontend you dont need any source 0.0.0.0 line. > backend bk_smtp > mode tcp > balance roundrobin > source 0.0.0.0 usesrc clientip > log global > option tcplog > option smtpchk HELO morrisonhershfield.com > default-server inter 3s rise 2 fall 3 > server TDC38 10.10.0.63:25 check > > listen stats :7000 > stats enable > stats show-node TDCLB01 > stats show-desc MASTER node for Exchange #stats hide-version > #stats realm Haproxy\ Statistics > stats uri / > stats refresh 5s > option httpclose > > > Please ensure that client TDC38 10.10.0.63 uses the haproxy machine as the default gateway. hope this helps you, cheers thomas
