Re: Transparent proxy issue on FreeBSD

> Am 07.03.2023 um 18:26 schrieb Marc West : > > On 2023-03-07 08:09:04, Rainer Duffner wrote: >> I admit I only toyed with TP, so I really don???t know what I???m doing >> there, but: >> >> Have you tried to just use pfSense for this? The developer of the package >>

Re: Transparent proxy issue on FreeBSD

On 2023-03-07 08:09:04, Rainer Duffner wrote: > I admit I only toyed with TP, so I really don???t know what I???m doing > there, but: > > Have you tried to just use pfSense for this? The developer of the package > (https://github.com/PiBa-NL) seemed to be active here, but I haven???t seen >

Re: Transparent proxy issue on FreeBSD

> Am 07.03.2023 um 08:46 schrieb Marc West : > > > > Any other thoughts to look at or data that would be helpful to collect? > I admit I only toyed with TP, so I really don’t know what I’m doing there, but: Have you tried to just use pfSense for this? The developer of the package

Re: Transparent proxy issue on FreeBSD

Hi Stefan and thanks for your replies. (Sorry for the late reply and replying to my own mail, I don't seem to be receiving messages from the list after confirming the subscription twice and noticed your replies when checking the archives.) > when I understand you correct then you have

Re: Transparent proxy issue on FreeBSD

Hello Marc, one another: source ipv4@ usesrc clientip hope that helps. Stefan Am 17.02.23 um 12:47 schrieb Marc West: Hi, After my other thread about performance issues on OpenBSD we decided to switch OSes on our HAProxy boxes to FreeBSD 13.1. In the test environment everything

Re: Transparent proxy issue on FreeBSD

Hello Marc, when I understand you correct then you have forwarding enabled to that ports on pf. I had a similar issue on pfsense. The solution was to disable the forwarding to that port. Maybe it helps you... greats Stefan when I understand you correct then you have forwarding Am

Re: Transparent proxy that doesn't destroy your default gateway

On Wed, Apr 6, 2016 at 11:34 PM, Lukas Erlacher wrote: > Addendum: > > On the load balancer, > > iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT > > will match *all* packets (for example the packets of your SSH connection, > since there is undoubtedly a socket for

Re: Transparent proxy that doesn't destroy your default gateway

Addendum: On the load balancer, iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT will match *all* packets (for example the packets of your SSH connection, since there is undoubtedly a socket for those SSH packets), at least it does on my system; this is much nicer IMO: iptables -t

RE: Transparent proxy mode

 : samedi 18 mai 2013 08:21 À : Lionel PASCAL Cc : haproxy@formilux.org Objet : Re: Transparent proxy mode Hi Lionel, It's up to you to check you have the necessary features compiled in your kernel. We don't know which features each distribution enable in their kernel. I guess it should be OK since

Re: Transparent proxy mode

Hi Lionel, It's up to you to check you have the necessary features compiled in your kernel. We don't know which features each distribution enable in their kernel. I guess it should be OK since it's debian based and in Debian, it works out of the box. Have you setup your sysctls? Have you run

Re: Transparent Proxy

On Fri, Sep 23, 2011 at 11:53 PM, Jason J. W. Williams jasonjwwilli...@gmail.com wrote: Hello, My understanding has been that HAProxy can be set up in conjunction with TPROXY support in the Linux kernel so that the backend servers see the original client's source IP address on incoming

Re: Transparent Proxy

Jason, No that option is not relevant for TPROXY (client source IP transparency) Its an old blog but take a look at: http://blog.loadbalancer.org/configure-haproxy-with-tproxy-kernel-for-full-transparent-proxy/ Ignore the kernel re-compile stuff, as its all pretty standard in modern kernels.

Re: Transparent Proxy

Thank you. I've been reading that, but wanted to confirm. -J Sent via iPhone Is your email Premiere? On Sep 24, 2011, at 0:57, Malcolm Turnbull malc...@loadbalancer.org wrote: Jason, No that option is not relevant for TPROXY (client source IP transparency) Its an old blog but take a

RE: transparent Proxy on FreeBSD

After further investigation and comparing the make files, the option USE_TPROXY will add the -DTPROXY compile switch. It looks like a bug in where the command source 0.0.0.0 usesrc clientip is looking for the specific linux tproxy or compile option -DCONFIG_HAP_LINUX_TPROXY and not the more

Re: Transparent proxy of SSL traffic using Pound to HAProxy backend patch and howto

On Mon, Jul 20, 2009 at 03:23:22PM +0100, Malcolm Turnbull wrote: Many thanks to Ivansceó Krisztián for working on the TPROXY patch for Pound for us, we can finally do SSL termination - HAProxy - backend with TPROXY.

Re: Transparent proxy

Carlo Granisso wrote: Hello everybody, I have a problem with haproxy (1.3.17) and kernel 2.6.29 I have successfully recompiled my kernel with TPROXY modules and installed haproxy (compiled from source with tproxy option enabled) and installed iptables 1.4.3 (that have tproxy patch). Now I

Re: Transparent proxy

Carlo, Sorry got busy and forgot to post back to you, I was going to ask whats your output from : iptables -L -t mangle Chain PREROUTING (policy ACCEPT) target prot opt source   destination MARK   tcp  --  192.168.2.0/24   anywhere    tcp dpt:http MARK set 0x1

RE: Transparent proxy

It's a little different config than I have, but it looks ok to me. What's haproxy -vv give? I have: [r...@haf1 etc]# haproxy -vv HA-Proxy version 1.3.15.7 2008/12/04 Copyright 2000-2008 Willy Tarreau w...@1wt.eu Build options : TARGET = linux26 CPU = generic CC = gcc