On my laptop, kernel 3.10.6, haproxy 1.5-dev19-50, compiled with "TARGET=linux2628 USE_ZLIB=yes USE_OPENSSL=yes USE_PCRE=yes" (TPROXY implicitly setup by the TARGET). I confirm that "source x.x.x.x", using x.x.x.x as an alias works perfectly.
So I wonder if Nerilaunt issue is in his kernel... Could you let us know which version of HAProxy are you running and how you did compiled it? Baptiste On Mon, Aug 19, 2013 at 11:37 AM, Baptiste <[email protected]> wrote: > You're right... > documentation says about "source x.x.x.x" : "the IPv4 address HAProxy > will bind to before connecting to a server." > > Actually, I use very often "source 0.0.0.0" combined with "usesrc > clientip". In such configuration, HAProxy will let the system choose > the right outgoing interface address but will spoof client IP when > binding the connection to the server. > if an IP address is specified instead of 0.0.0.0, HAProxy will choose > the corresponding NIC for outgoing traffic (but still spoofing client > ip when connecting). > > That said, it deserve a try :) > Let me configure a few aliases on my loopback and try different > configuration, then come back to you. > > > Baptiste > > > > > > On Mon, Aug 19, 2013 at 11:16 AM, Lukas Tribus <[email protected]> wrote: >> Hi Baptiste, >> >> >>> when using "source x.x.x.x", haproxy will use the NIC which hosts the >>> IP address x.x.x.x to try to reach the server. >>> then your kernel will pick up the main IP address configured on the >>> corresponding nic, that's why it works when you have one IP per NIC >>> but it doesn't work when you have many aliases. >> >> >> Are you sure about this? The documentation certainly suggests otherwise [1]. >> I think you are confusing it with the "interface" keyword. >> >> The interface keyword sets SO_BINDTODEVICE, which does what you describe >> above. The source keyword however calls bind() to set the local ip address, >> according to the strace I did some time ago. >> >> It don't see a reason why we need TPROXY support in the kernel, just to >> set the outgoing ip address in Nerilaunt's scenario. >> >> >> >> Regards, >> >> Lukas >> >> >> [1] >> http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#source%20%28Alphabetically%20sorted%20keywords%20reference%29
