Hi, my current traffic flow with "source 0.0.0.0 usesrc clientip" and with "source publichaproxyip usesrc clientip":
haproxy receives a SYN from the client and does a normal tcp handshake which works fine. Additionally haproxy forwards the SYN to the backend with the client ip as source ip, backend sends SYN/ACK back to haproxy, haproxy sends this to the client. client is confused because he send one SYN but receives two SYN/ACK. it would be perfect if haproxy would establish a connection with the node and a second with the backend, any ideas on how to tell haproxy to not forward packets from the backend but to answer them by himself? On 19.05.2015 22:07, Tim wrote: > > On 19.05.2015 21:20, Lukas Tribus wrote: >>> Mmh, I'm not sure. Try: >>> source usesrc clientip Where is the real IP from HAproxy. >> Just realized that the config is still messed up. >> This should have been: >> >> source haproxyip usesrc clientip > thanks for the awesome hint, I've never seen this in the docs, will test > it tomorrow. > > Why I use this: > > I've got several thousand clients that send their logs and other tls > encrpyted $other_data to a central place. the network isn't trusted so I > need to encrypt everything in the net. I've setup a working ssl > offloading proxy with nginx for $other_data. I just wanted to add > haproxy to do ssl offloading and loadbalancing also for the rsyslog data. > >> where haproxyip is the real IP from HAproxy. >> >> >>
