Hi.

But do you really think this is a haproxy Problem?

Am 13-11-2015 08:38, schrieb Aleksandar Lazic:
Am 13-11-2015 06:14, schrieb jaleel:
It works if HAProxy and backend are in different box, but when both are
in same box it didn't work

Maybe because the iptables rule is a different from 'localhost' then
from external.

Please take a look at the picture

https://ixquick-proxy.com/do/spg/show_picture.pl?l=english&rais=1&oiu=http%3A%2F%2Ferlerobotics.gitbooks.io%2Ferle-robotics-introduction-to-linux-networking%2Fcontent%2Fsecurity%2Fimg9%2Fiptables.gif&sp=5ac7f7d4aa8327c04f456b9db2362108

or this one

http://inai.de/images/nf-packet-flow.png

from this site

http://serverfault.com/questions/345111/iptables-target-to-route-packet-to-specific-interface

and the document for this Picture.

https://erlerobotics.gitbooks.io/erle-robotics-introduction-to-linux-networking/content/security/introduction_to_iptables.html

I think you should add some lines into the postrouting table

BR Aleks

On Fri, Nov 13, 2015 at 1:56 AM, Igor Cicimov
<ig...@encompasscorporation.com> wrote:

On 13/11/2015 1:04 AM, "jaleel" <abduljal...@gmail.com> wrote:

Hello,

I am trying to setup the following for deployment

I have 2 servers.
server1: eth0:10.200.2.211 (255.255.252.0)
eth1: 192.168.10.10 (255.255.255.0)
server2: eth0: 10.200.2.242 (255.255.252.0)
eth1: 192.168.20.10 (255.255.255.0)

VRRP between server1 and server2 eth0. VRIP is 10.200.3.84


my haproxy config:
--------------------------
listen  ingress_traffic 10.200.3.84:7000 [1]
mode tcp
source 0.0.0.0 usesrc clientip
balance roundrobin
server server1 192.168.10.10:9001 [2]
server server2 192.168.20.10:9001 [3]

Iptables:
-----------
iptables -t mangle -N DIVERT
iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
iptables -t mangle -A DIVERT -j MARK --set-mark 1
iptables -t mangle -A DIVERT -j ACCEPT

ip rule add fwmark 1 lookup 100
ip route add local 0.0.0.0/0 [4] dev lo table 100


Now 10.200.2.211 is the master and owns VRIP 10.200.3.84

When traffic comes to 10.200.3.84:7000 [1], the routing to server2
is successful and end-to-end communication is fine. But the response
from server1 (192.168.10.10:9001 [2]) is not reaching HAProxy.

I cannot have 3rd box for HAProxy alone.

Any suggestions

Thank you
-Abdul Jaleel


The backends need to have haproxy set as gateway.



Links:
------
[1] http://10.200.3.84:7000
[2] http://192.168.10.10:9001
[3] http://192.168.20.10:9001
[4] http://0.0.0.0/0

Reply via email to