Am 13-11-2015 06:14, schrieb jaleel:
It works if HAProxy and backend are in different box, but when both are
in same box it didn't work

Maybe because the iptables rule is a different from 'localhost' then from external.

Please take a look at the picture

and the document for this Picture.

I think you should add some lines into the postrouting table

BR Aleks

On Fri, Nov 13, 2015 at 1:56 AM, Igor Cicimov
<> wrote:

On 13/11/2015 1:04 AM, "jaleel" <> wrote:


I am trying to setup the following for deployment

I have 2 servers.
server1: eth0: (
eth1: (
server2: eth0: (
eth1: (

VRRP between server1 and server2 eth0. VRIP is

my haproxy config:
listen  ingress_traffic [1]
mode tcp
source usesrc clientip
balance roundrobin
server server1 [2]
server server2 [3]

iptables -t mangle -N DIVERT
iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
iptables -t mangle -A DIVERT -j MARK --set-mark 1
iptables -t mangle -A DIVERT -j ACCEPT

ip rule add fwmark 1 lookup 100
ip route add local [4] dev lo table 100

Now is the master and owns VRIP

When traffic comes to [1], the routing to server2
is successful and end-to-end communication is fine. But the response
from server1 ( [2]) is not reaching HAProxy.

I cannot have 3rd box for HAProxy alone.

Any suggestions

Thank you
-Abdul Jaleel

The backends need to have haproxy set as gateway.


Reply via email to