What version of FreeBSD do you run? What firewall does it use pf/ipfw ?
What does haproxy -vv show? (version/transparent options)
Can you write a little about the network topology and what isn't working
For example like this:
ClientMachine = 172.16.1.100/24
Haproxy LAN1 = 172.16.1.1/24
Haproxy LAN2 = 192.168.1.1/24
Server1 = 192.168.1.101/24
Now ClientMachine sends a tcp request to 192.168.1.101. This request is
routed through the haproxy machine which functions as a 'router' but
also the request is intercepted by machine firewall (make sure to NOT
use a standard portforward rule as it will change the destination-IP..)
and redirected to the haproxy process, which determines its not http,
and then sends traffic further to Server1 using the "option transparent".
The question then is does Server1 ever recieve a SYN packet (check with
Does HAProxy show all backends as 'available' in the stats page?
Does the clientmachine use the proper IP(so NOT the haproxy-ip) for
connecting to Server1 and is traffic routed through the haproxy machine?
Is this what doesn't currently work.?
Or is the trouble with the nginx machines machines not being able to be
connected the original client ip?
There are 3 different HAProxy options called or referred to as
'transparent' which makes it also a bit difficult to see which option
your asking about..
A- option transparent (for sending connection to original destination)
B- source 0.0.0.0 usesrc clientip (for sending client-IP to the backend
C- bind transparent (for binding to a nonlocal (CARP?) IP address)
I'm sure C is not what your asking about, but i'm unclear if your
current issue is with A or B.
Could you try and make a smallest possible haproxy configuration that
still contains the problem you currently experience?
Op 11-7-2013 14:38, Baptiste schreef:
So the problem might be in the way you compiled HAProxy or you have
configured your OS.
Unfortunately, I can't help on FreeBSD :'(
On Thu, Jul 11, 2013 at 11:55 AM, jinge <altman87...@gmail.com> wrote:
But i just test with this and found no use.
On 2013-7-11, at 下午5:35, Baptiste <bed...@gmail.com> wrote:
Could you update your source statement to:
source 0.0.0.0 usesrc clientip
And let us know if that fixed your issue.
On Thu, Jul 11, 2013 at 11:25 AM, jinge <altman87...@gmail.com> wrote:
We use HAproxy for our web system. And there is a statement if not HTTP will
go backend Direct.Which is client-side transparent proxying. Here is the
configure. But we found that the Direct backend not working. Is anyone can
tell me. Are there any problem in my configure? Or should there any turning
on my FreeBSD.
stats socket /tmp/haproxy.sock
timeout connect 5s
timeout client 60s
timeout server 60s
timeout queue 60s
timeout check 10s
timeout http-request 15s
timeout http-keep-alive 1s
timeout tunnel 3600s
no option checkcache
######### frontend ##############
tcp-request inspect-delay 30s
tcp-request content accept if HTTP
use_backend NginxCluster if HTTP
balance uri whole
server ngx1 192.168.10.1:80 weight 20 check inter 5s maxconn 10000
server ngx2 192.168.10.2:80 weight 20 check inter 5s maxconn 10000
server ngx3 192.168.10.3:80 weight 20 check inter 5s maxconn 10000
no option httpclose
no option http-server-close
no option accept-invalid-http-response
no option http-pretend-keepalive