Hi All,
i'm testing a TPROXY implementaion on RHEL 7 KVM servers but i noticed some
issue. All the connections are collected by the VLAN 192.168.10.0/24 and
the backend communication between HAPROXY and APACHE are perfomed on VLAN
192.168.20.0/24. The IP addresses are
192.168.10.20 fe01-dmz
192.168.20.20 fe01-priv
192.168.20.21 be01-priv
I configured the IPTABLES and sysctl with all the commands provided into
the HAPROXY documentation but if i tried to enable trasparent proxy mode i
received an 503 service unavailable error. The haproxy configuration is:
[root@fe01 ~]# cat /etc/haproxy/haproxy.cfg
global
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4096
daemon
defaults
log global
mode http
option httplog
option dontlognull
option forwardfor
option http-server-close
retries 3
timeout connect 5000
timeout client 50000
timeout server 50000
frontend http-lb
bind 192.168.10.20:80 transparent
default_backend backen-it
backend backen-it
option httpclose
option forwardfor
source 0.0.0.0 usesrc clientip
server apache-be01 192.168.20.21:8888 maxconn 1000 check inter
5000 fastinter 2000 downinter 2000 rise 3 fall 3
I notice that all the connections from haproxy and apache remain on
SYNC_SENT status and this could be related to routing issue but i can't
find a solution.
[root@fe01 boot]# netstat -antp | grep 8888
tcp 0 1 192.168.10.1:44073 192.168.20.21:8888
SYN_SENT 11937/haproxy
The default gateway is configured as:
[root@fe01 ~]# netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt
Iface
0.0.0.0 192.168.10.1 0.0.0.0 UG 0 0 0
eth0
[root@be01 ~]# netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt
Iface
0.0.0.0 192.168.20.1 0.0.0.0 UG 0 0 0
ens3
Could someone help me to debug this issue?
Thanks,
Marcello
