Hi, I think I have found the problem.
On the production server, we have one real nic (eth0) and ~20 alias (eth0:1, eth0:2, ...). The routing table show only one route by ip range and real nic, alias are not shown. On a test server, with multiple nic, we have one route by nic. And adding "source 192.168.x.x" works perfectly. Do you see what I mean ? Do you think it's really the cause, and if yes, how can I do ? Thanks, Neri 2013/7/31 Nerilaunt <[email protected]>: > Hi, > >> Is 192.168.1.1 a virtual IP or is it configured on an actual interface? > > 192.168.1.1 is one of the multiple interface on the server ; ~20 alias like > > auto eth0:17 > allow-hotplug eth0:17 > iface eth0:17 inet static > address 192.168.1.100 > netmask 255.255.255.0 > gateway 192.168.1.254 > > auto eth0:18 > allow-hotplug eth0:18 > iface eth0:18 inet static > address 192.168.1.1 > netmask 255.255.255.0 > gateway 192.168.1.254 > > The ip address used by haproxy is the IP i can see when I do a "ip route" : > > 192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.100 > >> Try enabling ip_nonlocal_bind, although I'm not sure this affects >> the source ip: >> echo 1> /proc/sys/net/ipv4/ip_nonlocal_bind > > That doesn't change anything (and it seems normal, because IP really exist) > >> If it still doesn't work, please provide the output of "haproxy -vv" > > HA-Proxy version 1.5-dev19 2013/06/17 > Copyright 2000-2013 Willy Tarreau <[email protected]> > > Build options : > TARGET = linux26 > CPU = generic > CC = gcc > CFLAGS = -O2 -g -fno-strict-aliasing > OPTIONS = USE_OPENSSL=1 > > Default settings : > maxconn = 2000, bufsize = 16384, maxrewrite = 8192, maxpollevents = 200 > > Encrypted password support via crypt(3): yes > Built without zlib support (USE_ZLIB not set) > Compression algorithms supported : identity > Built with OpenSSL version : OpenSSL 0.9.8g 19 Oct 2007 > Running on OpenSSL version : OpenSSL 0.9.8g 19 Oct 2007 > OpenSSL library supports TLS extensions : yes > OpenSSL library supports SNI : yes > OpenSSL library supports prefer-server-ciphers : yes > Built without PCRE support (using libc's regex instead) > > Available polling systems : > epoll : pref=300, test result OK > poll : pref=200, test result OK > select : pref=150, test result OK > Total: 3 (3 usable), will use epoll. > >> and ´strace´ the issue. > > It's not easy, it's on a production server, i will try to debug with a > dev server. > > Thanks for your help. > > Neri
