Hello,
L. Alberto Giménez ha scritto:
> Please check that:
>
> * You have the tproxy enabled in your kernel
> * You have haproxy compiled with tproxy support
>
> Your backend servers *can't* see the clients directly (i.e., they have
> the haproxy box as default gateway and *no other* gateways).
>
> The same for the clients (not mandatory, but if they can see the
> servers, it may cause trouble).
Like I wrote before, I use ubuntu server 9.10, with kernel 2.6.31 and
iptables 1.4.4, so with built-in tproxy support (if I'm not wrong).
And I compiled Haproxy by "hands" with correct parameters I think...
> lsmod
[...]
nf_tproxy_core 2428 1 xt_socket,
[...]
> haproxy -vv
HA-Proxy version 1.4.2 2010/03/17
Copyright 2000-2010 Willy Tarreau
Build options :
TARGET = linux26
CPU = i686
CC = gcc
CFLAGS = -O2 -march=i686 -g
OPTIONS = USE_LINUX_TPROXY=1 USE_STATIC_PCRE=1
[...]
The client can't see directly the backend server.
> ping -c 1 192.168.0.2
PING 192.168.0.2 (192.168.0.2) 56(84) bytes of data.
From 192.168.1.2 icmp_seq=1 Destination Host Unreachable
--- 192.168.0.2 ping statistics ---
1 packets transmitted, 0 received, +1 errors, 100% packet loss, time 0ms
The backend server can't see the clients directly.
> ping -c 1 192.168.1.2
PING 192.168.1.2 (192.168.1.2) 56(84) bytes of data.
*From 192.168.1.21 icmp_seq=1 Destination Host Unreachable* (not From
192.168.0.2 like expected)
--- 192.168.1.2 ping statistics ---
1 packets transmitted, 0 received, +1 errors, 100% packet loss, time 0ms
So, incredible.. I find the trick.. Alberto, you save my mind.. :-)
In backend server I have 2nd ethernet card configured with 192.168.1.21.
The cable is out but I forget to disable it (how I'm chicken......)..
So everytime the backend try to access to client from this route.
Many times errors are in the most simple things.
Thanks, thank you very much.. Really!
Daniele
Hi all,
perhaps there is hope for me too ...
I have HAProxy running on 192.168.1.101, with this configuration:
...
backend test
mode http
source 0.0.0.0 usesrc clientip
server serv1 192.168.4.41
frontend test
mode http
bind 192.168.1.101:8090
default_backend test
the HAProxy is from 1.5-dev6, build with TARGET=linux26 USE_LINUX_TPROXY=1,
kernel is 2.6.26-2-amd64
The server is in my vmware player, debian 6 kernel 2.6.32-5-686). By default,
player is bridged and dhcp assings it ip 192.168.1.28 (host xp is
192.168.1.62), and default gateway is 192.168.1.2
So manually change ip address on server (eth0, no other cards) to 192.168.4.41
255.255.0.0, and set default gateway to be 192.168.1.101 (the HAProxy machine).
On HAProxy I have done routing commands as Daniele did.
And I still get 503.
What have I done wrong? Is there any known issue if SERVER is in virtual
machine?
---
posted at http://www.serverphorums.com
http://www.serverphorums.com/read.php?10,120994,707061#msg-707061
