Hi,
> Thanks Lukas. But why does it say this here for "server" in the man? > > Address “0.0.0.0″ or “*” has a special meaning. > It indicates that the connection will be forwarded to the same IP > address as the one from the client connection. This is useful in > transparent proxy architectures where the client’s connection is > intercepted and haproxy must forward to the original destination > address. You are right and now I understand whats happening. Its not a bug at all. Read carefully: > It indicates that the connection *will be forwarded to the same IP > address as the one from the client connection* Means, when you browser connects to HAProxy at 10.0.0.1:80 and uses the * server, a backend connection is created connecting to 10.0.0.1:80 (because that was the original destination IP). This will lead to an infinite connection loop because the backend connects to the frontend, limited only by maxconn (which in your case is way to high). > Isn't this exactly what I intend to do? No, because the destination IP of the frontend TCP connection is the local HAProxy IP, not the correct real world IP (you are spoofing DNS records via /etc/hosts or local resolvers, right?). This feature only works when HAProxy is in the forwarding path with TPROXY redirection, not DNS redirection. To do what you need, HAProxy would need to resolve the value of the Host header and connect to that IP. But HAproxy can only resolve IP address at startup, its currently not possible to resolve records while proxying: > a resolvable hostname is supported, but this name will be resolved > during start-up. Regards, Lukas
