2013/7/12 jinge <altman87...@gmail.com>: > Hi PiBa-NL, > > I just follow your advice and find my pf configure is not correct > > rdr on vlan64 proto tcp from any to any -> 127.0.0.1 port 2222 > > And I change to ipfw and fwd then it works corrently. > > ipfw add fwd 127.0.0.1,2222 tcp from any to any via vlan64 in > > And you tell my I can use pf's divert-to, but after a test I found it > doesn't work.Here is the configure > > pass in quick on vlan64 inet proto tcp from any to any divert-to 127.0.0.1 > port 2222 > > So can your tell my the right configure?
You can try to explicitly set original port : pass in quick on vlan64 inet proto tcp from any to any port 80 divert-to 127.0.0.1 port 2222 Also check that ipdivert is loaded. Joris > Thank you. > > > > Regards > Jinge > > > > On 2013-7-11, at 下午12:07, jinge <altman87...@gmail.com> wrote: > > Hi PiBa-NL, > > > Thanks for your reply! > And I will follow your advice! > > > > Regards > Jinge > > > > On 2013-7-10, at 上午4:25, PiBa-NL <piba.nl....@gmail.com> wrote: > > Hi Jinge, > > Im not exactly sure how this is supposed to work.. did manage to get > transparent proxy for the server side working.. (the server is presented > with a connection from original client ip.) This works with haproxy 1.5dev19 > on FreeBSD8.3 with help of some ipfw fwd rules.. > > Your config also seams to be working (used some parts their-of to test..) > > Did require the following ipfw rule for me..: > ipfw add 90 fwd localhost tcp from any to any 2222 in recv em1 > Actually on pfSense it also needs "-x haproxy" as it is a bit customized.. > And because i run 'ipfw' combined with 'pf' i also needed to configure pf > with floating 'pass on match' rules to allow the 'strange traffic'.. That pf > cannot handle.. > > If you however have FreeBSD 9 you might want to look into the divert-to > rules that pf can make. Might make stuff simpler if it turns out to work.. > > Please report back your required settings (&config if it changes) when you > manage to get it working. > > Greetings PiBa-NL > > Op 9-7-2013 12:55, jinge schreef: > > Hi,all! > > > We use haproxy and FreeBSD for our cache system. And we want to use the > transparent option > http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#4-option%20transparent > which for some compatiable things. > But found it doest work. Here is the configure which worked in Ubuntu. > > > frontend tcp-in > bind :2222 > mode tcp > log global > option tcplog > > #distingush HTTP and non-HTTP > tcp-request inspect-delay 30s > tcp-request content accept if HTTP > > default_backend Direct > > > backend Direct > mode tcp > log global > option tcplog > no option httpclose > no option http-server-close > no option accept-invalid-http-response > option transparent > > > Can anyone tell my if is the FreeBSD can not support transparent here or my > configure is not correct ? And how to make transparent work right. > > Thanks! > > > Regards > Jinge > > > > > >