On Mon, Feb 11, 2013 at 1:45 PM, Cornelius Riemenschneider <[email protected]> wrote:
> ** > > Hello, > > We try to use haproxy for internal load balancing in a high availability > setup together with keepalived and a virtual ip on the internal NIC. > > We don't want to expose our internal services to the public, so we want to > restrict the open ports to the internal NIC, eth1. > > We can't bind directly to the ip address, as it is shared by 3 servers, > and haproxy can't bind against the IP when it is bound to another server. > > I'm not sure I follow you. You seem to be saying that you are trying to "share" an IP address between three hosts ? Maybe something has been lost in translation ? I have a two node HAproxy "cluster" that uses keepalived with VIP addresses, but the bind statements in HAProxy on both instances (kept in sync with incrond and unison) use the VIP addresses. This did require "net.ipv4.ip_nonlocal_bind=1" in /etc/sysctl.conf on both HAProxy instances Apologies if I have misunderstood. Cheers
