Hi.
Am 25-03-2016 11:05, schrieb Beluc:
Hi,
@James Brown : sure ;)
I configure a server to use source a.b.c.d:10000-60000 and I got
"Connect() failed for backend abcd: no free ports."
Maybe a problem with kernel I use ...
or the range is not high enough
http://www.tldp.org/LDP/solrhe/Securing-Optimizing-Linux-RH-Edition-v1.3/chap6sec70.html
what shows a
cat /proc/sys/net/ipv4/ip_local_port_range
or
sysctl -a|egrep ip_local_port_range
BR Aleks
Regards,
2016-03-22 18:45 GMT+01:00 James Brown <[email protected]>:
Templating out (or entirely-procedurally-generating) your HAproxy
config
file is a must once you exceed the bare minimum of complexity. :-)
Best of luck!
On Tue, Mar 22, 2016 at 3:16 AM, Beluc <[email protected]> wrote:
well, it's can become a real mess with lot of server and source :)
but sure, it works !
2016-03-21 19:21 GMT+01:00 James Brown <[email protected]>:
> Why not just add each server multiple times with a different src
> parameter
> and a different name.
>
> Something like
>
> backend my_be
> mode tcp
> server server1_src1 10.1.0.1 source 10.0.0.1
> server server1_src2 10.1.0.1 source 10.0.0.2
> server server2_src1 10.1.0.2 source 10.0.0.1
> server server2_src2 10.1.0.2 source 10.0.0.2
>
> On Mon, Mar 21, 2016 at 8:20 AM, Beluc <[email protected]> wrote:
>>
>> Hi,
>>
>> We're trying to find a way to have multiple sources per server and
>> thus bypass 64k connections per server.
>>
>> We already tried with SNAT iptables :
>> iptables -t nat -A POSTROUTING -o eth2 -j SNAT --to 10.0.0.1-10.0.10
>>
>> without success because kernel is hashing real source ip and real
>> destination ip, so only one source ip nated is used (aka same as using
>> one different source per server).
>>
>> Any idea on achieving this ? maybe in lua ?
>>
>> Regards,
>>
>
>
>
> --
> James Brown
> Engineer
--
James Brown
Engineer
