Re: Issue with HAProxy as a forward proxy

Wed, 07 Nov 2018 18:52:26 -0800 

Hello Aleksandar,

I tried running haproxy as root, but it still failed with same logs.

Btw, here's the global section used,
<snip>

global
    log         127.0.0.1 local2
    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     4000
    user        root
    group       root
    daemon
    stats socket /var/lib/haproxy/stats
    stats timeout 2m
    master-worker
    nbthread 10

</snip>

Please let me know if anything is missing here.

Thanks & Regards,
Vijay B

On Wed, Nov 7, 2018 at 4:23 PM Vijay Bais <[email protected]> wrote:

> Thanks for the reply!
>
> Here, the haproxy process runs as a *haproxy* user itself.
>
> Let me try it as root and revert back.
>
> On Tue 6 Nov, 2018, 9:19 PM Aleksandar Lazic, <[email protected]> wrote:
>
>> Hi Vijay.
>>
>> Am 06.11.2018 um 10:06 schrieb Vijay Bais:
>> > Hello,
>> >
>> > I'm using HAProxy 1.8 as a forward proxy with below configuration
>> >
>> > <snip>
>> >
>> >     defaults
>> >         mode                    tcp
>> >         log                     global
>> >         option                  tcplog
>> >         option                  dontlognull
>> >         option http-server-close
>> >         #option forwardfor       except 127.0.0.0/8 <http://127.0.0.0/8
>> >
>> >         option                  redispatch
>> >         retries                 3
>> >         timeout http-request    10s
>> >         timeout queue           1m
>> >         timeout connect         10s
>> >         timeout client          1m
>> >         timeout server          1m
>> >         timeout http-keep-alive 10s
>> >         timeout check           10s
>> >         maxconn                 3000
>> >         default-server          resolvers dns
>> >
>> >     resolvers dns
>> >         nameserver local 127.0.0.1:53 <http://127.0.0.1:53>
>> >         nameserver ns1   10.0.0.2:53 <http://10.0.0.2:53>
>> >         hold valid 1s
>> >
>> >     listen c1
>> >         bind   *10.0.0.26:10001 <http://10.0.0.26:10001>*
>> >         mode   tcp
>> >         option tcplog
>> >         server r1 *ifconfig.co:80 <http://ifconfig.co:80>* source *<my
>> Public IP>*
>> >
>> > </snip>
>> >
>> > But this fails with below log lines for any internet destination (both
>> in TCP
>> > and HTTP mode):
>> >
>> >     10.0.1.79:47437 <http://10.0.1.79:47437>
>> [06/Nov/2018:09:35:31.170] c1 c1/r1
>> >     1/-1/0 0 SC 1/1/0/0/3 0/0
>> >     Cannot bind to source address before connect() for backend c1.
>> >
>> >
>> >
>> > Whereas, if the destination is under my control (with my source public
>> IP fully
>> > whitelisted), then the flow works perfectly.
>> >
>> > Any help to know the actual issue would be great.
>>
>> The snipped does not show the global section.
>> I think you will need to run HAProxy as root to be able to do this.
>>
>> Do you run HAProxy as root?
>>
>> > Thanks,
>> > Vijay B
>>
>> Regards
>> Aleks
>>
>

Reply via email to