On Mon, Jan 25, 2016 at 08:05:16PM +0200, [email protected] wrote: > The confusion came after seeing the message belowand I thought it was > sent by the Exchange server behind the HAproxy. > > Escape character is '^]'. > Connection closed by foreign host.
Ah OK, indeed it's telnet which says this. It says "Escape character ..." as soon as the connection is established from its side, which means when the client system receives the SYN-ACK packet. At the same moment the ACK is emitted to the server to validate the connection there. And only once the ACK is received the system will instanciate a connection request that will be acceptable by accept() from within haproxy. Thus haproxy closes violently, the system emits a reset and the client receives it and informs you that the connection was closed. It will also randomly display "connection reset by peer" when it gets the chance to see it as an error (you often need to send some data for this, but the timeframe is quite short). In addition, note that haproxy also supports a "silent-drop" option which is ugly but can sometimes be useful. It manipulates the TCP connection in the kernel to destroy it without sending a reset. So the client doesn't get the reset until it tries to send anything. Thus your client sees a connection that it believes is still alive. Don't do that if you are behind a firewall, it will not like it during an attack... Regards, Willy
