Thank you for your help. =) I'm not sure to understand : According to haproxy website, it seems that only 2.6.x kernels are supported. Maybe the informations are outdated. In my case, Haproxy works fine (in nat mode), only transparent mode cause problems (Cannot bind to tproxy source address before connect()). Maybe 3.x kernels only provide non transparent support? How should I check this?
By the way, transparent mode is an essential feature. I'm surprised to find so few informations in the documentation (i.e. : iptables transparent settings and additional ip rules are not indicated). Did I miss something? Thank you! :) Lionel My configuration : ----- Lb1 has two interfaces : Eth0 :192.168.1.1 Eth1: 10.0.0.10 Webserver : Eth0 : 10.0.0.11 Gw : 10.0.0.10 Here's my configuration files : root@lb1:~# haproxy -vv HA-Proxy version 1.4.22 2012/08/09 Copyright 2000-2012 Willy Tarreau <[email protected]> Build options : TARGET = linux2628 CPU = generic CC = gcc CFLAGS = -O2 -g -fno-strict-aliasing OPTIONS = USE_LINUX_TPROXY=1 -------- /etc/sysctl.conf : net.ipv4.ip_nonlocal_bind = 1 net.ipv4.ip_forward = 1 fs.file-max = 131070 ---- root@lb1:~# iptables -t mangle -L Chain PREROUTING (policy ACCEPT) target prot opt source destination DIVERT tcp -- anywhere anywhere socket Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination Chain DIVERT (1 references) target prot opt source destination MARK all -- anywhere anywhere MARK set 0x6f ACCEPT all -- anywhere anywhere ( with this additional rules : ip rule add fwmark 111 lookup 100 ip route add local 0.0.0.0/0 dev lo table 100) --- -----Message d'origine----- De : Baptiste [mailto:[email protected]] Envoyé : samedi 18 mai 2013 08:21 À : Lionel PASCAL Cc : [email protected] Objet : Re: Transparent proxy mode Hi Lionel, It's up to you to check you have the necessary features compiled in your kernel. We don't know which features each distribution enable in their kernel. I guess it should be OK since it's debian based and in Debian, it works out of the box. Have you setup your sysctls? Have you run configured iptables? Please share with us your procedure and we may be able to help. Baptiste On Fri, May 17, 2013 at 6:12 PM, Lionel PASCAL <[email protected]> wrote: > I m on ubuntu 12.04 LTS > > Kernel 3.2.0-40-generic > > > > Im trying to enable transparent proxy mode but it does not work : > > Cannot bind to tproxy source address before connect() for proxy server011. > Aborting. > > > > Is this fonctionnality supported on this kernel? > > Should I try on Ubuntu 10? > > > > Thanks! > > > > -- > > Lionel > >
