> Am 07.03.2023 um 18:26 schrieb Marc West :
>
> On 2023-03-07 08:09:04, Rainer Duffner wrote:
>> I admit I only toyed with TP, so I really don???t know what I???m doing
>> there, but:
>>
>> Have you tried to just use pfSense for this? The developer of the package
>>
On 2023-03-07 08:09:04, Rainer Duffner wrote:
> I admit I only toyed with TP, so I really don???t know what I???m doing
> there, but:
>
> Have you tried to just use pfSense for this? The developer of the package
> (https://github.com/PiBa-NL) seemed to be active here, but I haven???t seen
>
> Am 07.03.2023 um 08:46 schrieb Marc West :
>
>
>
> Any other thoughts to look at or data that would be helpful to collect?
>
I admit I only toyed with TP, so I really don’t know what I’m doing there, but:
Have you tried to just use pfSense for this? The developer of the package
Hi Stefan and thanks for your replies.
(Sorry for the late reply and replying to my own mail, I don't seem to
be receiving messages from the list after confirming the subscription
twice and noticed your replies when checking the archives.)
> when I understand you correct then you have
Hello Marc,
one another:
source ipv4@ usesrc clientip
hope that helps.
Stefan
Am 17.02.23 um 12:47 schrieb Marc West:
Hi,
After my other thread about performance issues on OpenBSD we decided to
switch OSes on our HAProxy boxes to FreeBSD 13.1. In the test
environment everything
Hello Marc,
when I understand you correct then you have forwarding enabled to that
ports on pf.
I had a similar issue on pfsense. The solution was to disable the
forwarding to that port.
Maybe it helps you...
greats
Stefan
when I understand you correct then you have forwarding
Am
On Wed, Apr 6, 2016 at 11:34 PM, Lukas Erlacher wrote:
> Addendum:
>
> On the load balancer,
>
> iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
>
> will match *all* packets (for example the packets of your SSH connection,
> since there is undoubtedly a socket for
Addendum:
On the load balancer,
iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
will match *all* packets (for example the packets of your SSH connection, since
there is undoubtedly a socket for those SSH packets), at least it does on my
system; this is much nicer IMO:
iptables -t
: samedi 18 mai 2013 08:21
À : Lionel PASCAL
Cc : haproxy@formilux.org
Objet : Re: Transparent proxy mode
Hi Lionel,
It's up to you to check you have the necessary features compiled in your
kernel.
We don't know which features each distribution enable in their kernel.
I guess it should be OK since
Hi Lionel,
It's up to you to check you have the necessary features compiled in your kernel.
We don't know which features each distribution enable in their kernel.
I guess it should be OK since it's debian based and in Debian, it
works out of the box.
Have you setup your sysctls?
Have you run
On Fri, Sep 23, 2011 at 11:53 PM, Jason J. W. Williams
jasonjwwilli...@gmail.com wrote:
Hello,
My understanding has been that HAProxy can be set up in conjunction
with TPROXY support in the Linux kernel so that the backend servers
see the original client's source IP address on incoming
Jason,
No that option is not relevant for TPROXY (client source IP transparency)
Its an old blog but take a look at:
http://blog.loadbalancer.org/configure-haproxy-with-tproxy-kernel-for-full-transparent-proxy/
Ignore the kernel re-compile stuff, as its all pretty standard in
modern kernels.
Thank you. I've been reading that, but wanted to confirm.
-J
Sent via iPhone
Is your email Premiere?
On Sep 24, 2011, at 0:57, Malcolm Turnbull malc...@loadbalancer.org wrote:
Jason,
No that option is not relevant for TPROXY (client source IP transparency)
Its an old blog but take a
After further investigation and comparing the make files, the option USE_TPROXY
will add the -DTPROXY compile switch. It looks like a bug in where the command
source 0.0.0.0 usesrc clientip is looking for the specific linux tproxy or
compile option -DCONFIG_HAP_LINUX_TPROXY and not the more
On Mon, Jul 20, 2009 at 03:23:22PM +0100, Malcolm Turnbull wrote:
Many thanks to Ivansceó Krisztián for working on the TPROXY patch for
Pound for us, we can finally do SSL termination - HAProxy - backend
with TPROXY.
Carlo Granisso wrote:
Hello everybody, I have a problem with haproxy (1.3.17) and kernel 2.6.29
I have successfully recompiled my kernel with TPROXY modules and installed
haproxy (compiled from source with tproxy option enabled) and installed
iptables 1.4.3 (that have tproxy patch).
Now I
Carlo,
Sorry got busy and forgot to post back to you,
I was going to ask whats your output from :
iptables -L -t mangle
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
MARK tcp -- 192.168.2.0/24 anywhere tcp
dpt:http MARK set 0x1
It's a little different config than I have, but it looks ok to me.
What's haproxy -vv give?
I have:
[r...@haf1 etc]# haproxy -vv
HA-Proxy version 1.3.15.7 2008/12/04
Copyright 2000-2008 Willy Tarreau w...@1wt.eu
Build options :
TARGET = linux26
CPU = generic
CC = gcc
18 matches
Mail list logo