Thanks for the reply! Here, the haproxy process runs as a *haproxy* user itself.
Let me try it as root and revert back. On Tue 6 Nov, 2018, 9:19 PM Aleksandar Lazic, <[email protected]> wrote: > Hi Vijay. > > Am 06.11.2018 um 10:06 schrieb Vijay Bais: > > Hello, > > > > I'm using HAProxy 1.8 as a forward proxy with below configuration > > > > <snip> > > > > defaults > > mode tcp > > log global > > option tcplog > > option dontlognull > > option http-server-close > > #option forwardfor except 127.0.0.0/8 <http://127.0.0.0/8> > > option redispatch > > retries 3 > > timeout http-request 10s > > timeout queue 1m > > timeout connect 10s > > timeout client 1m > > timeout server 1m > > timeout http-keep-alive 10s > > timeout check 10s > > maxconn 3000 > > default-server resolvers dns > > > > resolvers dns > > nameserver local 127.0.0.1:53 <http://127.0.0.1:53> > > nameserver ns1 10.0.0.2:53 <http://10.0.0.2:53> > > hold valid 1s > > > > listen c1 > > bind *10.0.0.26:10001 <http://10.0.0.26:10001>* > > mode tcp > > option tcplog > > server r1 *ifconfig.co:80 <http://ifconfig.co:80>* source *<my > Public IP>* > > > > </snip> > > > > But this fails with below log lines for any internet destination (both > in TCP > > and HTTP mode): > > > > 10.0.1.79:47437 <http://10.0.1.79:47437> [06/Nov/2018:09:35:31.170] > c1 c1/r1 > > 1/-1/0 0 SC 1/1/0/0/3 0/0 > > Cannot bind to source address before connect() for backend c1. > > > > > > > > Whereas, if the destination is under my control (with my source public > IP fully > > whitelisted), then the flow works perfectly. > > > > Any help to know the actual issue would be great. > > The snipped does not show the global section. > I think you will need to run HAProxy as root to be able to do this. > > Do you run HAProxy as root? > > > Thanks, > > Vijay B > > Regards > Aleks >
