Hello,
>> If you don't require specific source IP's per server, than just remove >> the "source ip:port-range" keyword altogether, the kernel will take >> care of everything. Just make sure that your sysctls permit a similar >> source port range. > > thanks. That helps. > > >> If you need specific source IPs (for reasons unrelated to source port >> exhaustion), then drop the port range and specify only the IP. However >> for the kernel to be able to use the full 5-table, you will need >> IP_BIND_ADDRESS_NO_PORT [1], which requires haproxy 1.7, linux 4.2 and >> libc 2.23. > > We will see if we can install a 4.2 or later kernel. This is only necessary if you need the to use specific source IPs. If you can remove the source keyword completely, then you don't need to do this at all. Grüße, Lukas
