Lukas Tribus wrote, On 01/15/2015 08:31 PM:
As said in the inital posting, the IP of the proxy server is 192.168.100.100
and public port 1234; it needs to be forwarded to the 2nd IP 192.168.100.101
port 5678, and from there to the backend server 192.168.100.102:9999.
The key question is: what is the reason you don't bind to 192.168.100.100:1234?
Imagine the 192.168.100.100 is a public IP (for example 1.2.3.4),
and the others are private IPs as they indeed are (192.168.*).
The reason for me is to use internally (ie. between the proxy server
and the backend server) only the private IPs.
As said the idea and the setup works, but haproxy has a problem with it,
and therefore there is a bug in haproxy.
I unfortunately lost much time for finding the reason for this
mysterious behavior of haproxy, so I just wanted to inform you of the bug.
The bug is localized as having to do with the TPROXY forwarding even
before haproxy gets the packet. As said, with an other transparent proxy
(test-) program this scenario works fine.
