Re: Transparent proxy issue on FreeBSD

> Am 07.03.2023 um 18:26 schrieb Marc West : > > On 2023-03-07 08:09:04, Rainer Duffner wrote: >> I admit I only toyed with TP, so I really don???t know what I???m doing >> there, but: >> >> Have you tried to just use pfSense for this? The developer of the package >>

Re: Transparent proxy issue on FreeBSD

On 2023-03-07 08:09:04, Rainer Duffner wrote: > I admit I only toyed with TP, so I really don???t know what I???m doing > there, but: > > Have you tried to just use pfSense for this? The developer of the package > (https://github.com/PiBa-NL) seemed to be active here, but I haven???t seen >

Re: Transparent proxy issue on FreeBSD

> Am 07.03.2023 um 08:46 schrieb Marc West : > > > > Any other thoughts to look at or data that would be helpful to collect? > I admit I only toyed with TP, so I really don’t know what I’m doing there, but: Have you tried to just use pfSense for this? The developer of the package

Re: Transparent proxy issue on FreeBSD

Hi Stefan and thanks for your replies. (Sorry for the late reply and replying to my own mail, I don't seem to be receiving messages from the list after confirming the subscription twice and noticed your replies when checking the archives.) > when I understand you correct then you have

Re: Transparent proxy issue on FreeBSD

malloc_trim() is enabled. Built with zlib version : 1.2.12 Running on zlib version : 1.2.12 Compression algorithms supported : identity("identity"), deflate("deflate"), raw-deflate("deflate"), gzip("gzip") Built with transparent proxy support using: IP_B

Re: Transparent proxy issue on FreeBSD

pression algorithms supported : identity("identity"), deflate("deflate"), raw-deflate("deflate"), gzip("gzip") Built with transparent proxy support using: IP_BINDANY IPV6_BINDANY Built with PCRE2 version : 10.40 2022-04-14 PCRE2 library supports JIT : ye

Transparent proxy issue on FreeBSD

d : identity("identity"), deflate("deflate"), raw-deflate("deflate"), gzip("gzip") Built with transparent proxy support using: IP_BINDANY IPV6_BINDANY Built with PCRE2 version : 10.40 2022-04-14 PCRE2 library supports JIT : yes Encrypted password support via cry

Re: HAproxy transparent proxy and IPv6

Hi, I did some more testing and found the reason why it didn't work: I have added the required ip cmds:     post-up ip rule add fwmark 1 lookup 100     post-up ip route add local 0.0.0.0/0 dev lo table 100     post-up ip route add local ::/0 dev lo table 100 ip rule add fwmark

HAproxy transparent proxy and IPv6

Hi, I have setup my test-HAproxy-env according to https://www.haproxy.com/blog/howto-transparent-proxying-and-binding-with-haproxy-and-aloha-load-balancer/ I have setup the Firewall Rules for ipv4 and v6. TEST testha1:~/svnconfig/etc/iptables# iptables -t mangle -vL Chain PREROUTING (policy

Re: Transparent proxy that doesn't destroy your default gateway

On Wed, Apr 6, 2016 at 11:34 PM, Lukas Erlacher wrote: > Addendum: > > On the load balancer, > > iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT > > will match *all* packets (for example the packets of your SSH connection, > since there is undoubtedly a socket for

Re: Transparent proxy that doesn't destroy your default gateway

Addendum: On the load balancer, iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT will match *all* packets (for example the packets of your SSH connection, since there is undoubtedly a socket for those SSH packets), at least it does on my system; this is much nicer IMO: iptables -t

Re: getting transparent proxy to work.

bryan.tal...@ijji.com *Sent:* Thursday, August 20, 2015 4:27 PM *To:* Rich Vigorito *Cc:* Bryan Talbot; Baptiste; HAProxy *Subject:* Re: getting transparent proxy to work. On Thu, Aug 20, 2015 at 4:05 PM, Rich Vigorito ri...@ocp.org wrote: Reading this: http://blog.haproxy.com/2012/06/05/preserve

Re: getting transparent proxy to work.

On Thu, Aug 20, 2015 at 4:05 PM, Rich Vigorito ri...@ocp.org wrote: Reading this: http://blog.haproxy.com/2012/06/05/preserve-source-ip-address-despite-reverse-proxies/​ about PROXY protocol, what needs to happen for PROXY protocol to be recognized by the web server? The webserver needs to

Re: getting transparent proxy to work.

! From: Bryan Talbot bryan.tal...@ijji.com Sent: Thursday, August 20, 2015 2:16 PM To: Rich Vigorito Cc: Baptiste; HAProxy Subject: Re: getting transparent proxy to work. On Wed, Aug 19, 2015 at 3:26 PM, Rich Vigorito ri...@ocp.orgmailto:ri...@ocp.org wrote: I should also clarify the goal

Re: getting transparent proxy to work.

handshake from haproxy to webservers. Though Im assuming transparent proxy will mean less work for haproxy server. Is this second approach even possible? to accomplish the goal of TLS all the way through the call all ive seen is the transparent proxy solution which Ive been struggling

Re: getting transparent proxy to work.

On Tue, Aug 18, 2015 at 6:19 PM, Rich Vigorito ri...@ocp.org wrote: After changing the default gateway of the web servers to 10.10.130.79 this didnt fix it. The site we were testing on, and then all the other sites as well were unresponsive. So what I was unclear on is if we changed the

Re: getting transparent proxy to work.

proxy will mean less work for haproxy server. Is this second approach even possible? to accomplish the goal of TLS all the way through the call all ive seen is the transparent proxy solution which Ive been struggling with. From: Rich Vigorito Sent: Tuesday

Re: getting transparent proxy to work.

transparent proxy to work. temporary just for the troubleshooting period, and validate this is the root of your issue. The definitive solution belongs to you then! Please clarify the rest of your email. I don't understand what IPs or loopbacks you're speaking about. Before going further, please apply

Re: getting transparent proxy to work.

web servers serve multiple sites, how to accommodate this? Ie couldnt have 5 different IPs in the loopback? From: Baptiste bed...@gmail.com Sent: Wednesday, August 12, 2015 11:41 PM To: Rich Vigorito Cc: HAProxy Subject: Re: getting transparent proxy

Re: getting transparent proxy to work.

-transparent-proxy-mode/ Baptiste On Thu, Aug 13, 2015 at 2:29 AM, Rich Vigorito ri...@ocp.org wrote: No inside the firewall one default gateway. 10.10.130.1 The web servers and haproxy servers have one interface I believe Sent from my Verizon Wireless 4G LTE DROID Baptiste bed...@gmail.com

RE: getting transparent proxy to work.

? From: Baptiste bed...@gmail.com Sent: Wednesday, August 12, 2015 11:41 PM To: Rich Vigorito Cc: HAProxy Subject: Re: getting transparent proxy to work. Hi Rich, so here is your problem. Please temporarily change this default gateway of the web servers to the active VIP

RE: getting transparent proxy to work.

From: Rich Vigorito ri...@ocp.org Sent: Monday, August 10, 2015 5:22 PM To: Baptiste Cc: haproxy@formilux.org Subject: RE: getting transparent proxy to work. Thanks you very much for all the help, and yes, you were correct about the capture i reported being the health check. attached are 2 pngs

Re: getting transparent proxy to work.

From: Rich Vigorito ri...@ocp.org Sent: Monday, August 10, 2015 5:22 PM To: Baptiste Cc: haproxy@formilux.org Subject: RE: getting transparent proxy to work. Thanks you very much for all the help, and yes, you were correct about the capture i reported being

Re: getting transparent proxy to work.

...@ocp.org Sent: Monday, August 10, 2015 5:22 PM To: Baptiste Cc: haproxy@formilux.org Subject: RE: getting transparent proxy to work. Thanks you very much for all the help, and yes, you were correct about the capture i reported being the health check. attached are 2 pngs. one w/ our simple

Re: getting transparent proxy to work.

Subject: RE: getting transparent proxy to work. Thanks you very much for all the help, and yes, you were correct about the capture i reported being the health check. attached are 2 pngs. one w/ our simple diagram of network topology and the other being what me and the network admin though

Re: getting transparent proxy to work.

From: Rich Vigorito ri...@ocp.orgmailto:ri...@ocp.org Sent: Monday, August 10, 2015 5:22 PM To: Baptiste Cc: haproxy@formilux.orgmailto:haproxy@formilux.org Subject: RE: getting transparent proxy to work. Thanks you very much for all the help, and yes, you were

Re: getting transparent proxy to work.

On Fri, Aug 7, 2015 at 11:05 PM, Rich Vigorito ri...@ocp.org wrote: Hello, this is my first time using the mailing list. I have the following issue. Followed steps to enable transparent proxy outlined here: Howto transparent proxying and binding with HAProxy and ALOHA Load-Balancer

getting transparent proxy to work.

Hello, this is my first time using the mailing list. I have the following issue. Followed steps to enable transparent proxy outlined here: Howto transparent proxying and binding with HAProxy and ALOHA Load-Balancer | HAProxy Technologies - Aloha Load Balancerhttp://blog.haproxy.com/2013/09/16

RE: Transparent proxy mode

 : samedi 18 mai 2013 08:21 À : Lionel PASCAL Cc : haproxy@formilux.org Objet : Re: Transparent proxy mode Hi Lionel, It's up to you to check you have the necessary features compiled in your kernel. We don't know which features each distribution enable in their kernel. I guess it should be OK since

Re: Transparent proxy mode

configured iptables? Please share with us your procedure and we may be able to help. Baptiste On Fri, May 17, 2013 at 6:12 PM, Lionel PASCAL lionel.pas...@ac-clermont.fr wrote: I ‘m on ubuntu 12.04 LTS Kernel 3.2.0-40-generic I’m trying to enable transparent proxy mode but it does not work

Transparent proxy mode

I 'm on ubuntu 12.04 LTS Kernel 3.2.0-40-generic I'm trying to enable transparent proxy mode but it does not work : Cannot bind to tproxy source address before connect() for proxy server011. Aborting. Is this fonctionnality supported on this kernel? Should I try on Ubuntu 10

Re: HAproxy tproxy problem when try to make transparent proxy

Hello, L. Alberto Giménez ha scritto: Please check that: * You have the tproxy enabled in your kernel * You have haproxy compiled with tproxy support Your backend servers *can't* see the clients directly (i.e., they have the haproxy box as default gateway and *no other* gateways). The

Re: HAproxy as a reverse+transparent proxy help (pfsense)

don't know if the requester wants : - to find a way to enable transparent proxy in the pfsense kernel - to find a way to enable transparent proxy in haproxy - to get some help troubleshooting a config involving transparent proxy - anything else ? and i said also the exact way to do it. I

HAproxy as a reverse+transparent proxy help (pfsense)

Good morning people, since yesterday i have an existing problem that i can't solve without any help.. Topology: pfsense (Reverse+transparent proxy (haproxy), Load Balancer (of pfsense), SSL termination (stunnel)) after pfsense i have 2 web servers that pfsense load balance them. Here

Re: HAproxy as a reverse+transparent proxy help (pfsense)

Hi, Are you sure pfsense kernel has been compiled with TPROXY enabled? cheers On Fri, Aug 24, 2012 at 9:09 AM, hapr...@serverphorums.com wrote: Good morning people, since yesterday i have an existing problem that i can't solve without any help.. Topology: pfsense (Reverse+transparent

Re: HAproxy as a reverse+transparent proxy help (pfsense)

Hi Baptiste, It's a VM and generally i don't think that it needs compile with transparent proxy enabled in the packages of pfsense there is haproxy and haproxy supports transparency. Regards, --- posted at http://www.serverphorums.com http://www.serverphorums.com/read.php?10,552462,552488#msg

Re: HAproxy as a reverse+transparent proxy help (pfsense)

Yeah, the all thing is not this. The transparent proxy is the last thing i want to know. --- posted at http://www.serverphorums.com http://www.serverphorums.com/read.php?10,552462,552500#msg-552500

Re: HAproxy as a reverse+transparent proxy help (pfsense)

so please clarify your question cause I don't understand anything and I'm not the only one. cheers On Fri, Aug 24, 2012 at 10:27 AM, hapr...@serverphorums.com wrote: Yeah, the all thing is not this. The transparent proxy is the last thing i want to know. --- posted at http

Re: HAproxy as a reverse+transparent proxy help (pfsense)

I said it very clearly, that i have found how to make it transparent, and i said also the exact way to do it. I want help with the set up of the reverse proxy. This... Regards, --- posted at http://www.serverphorums.com http://www.serverphorums.com/read.php?10,552462,552583#msg-552583

Re: HAproxy as a reverse+transparent proxy help (pfsense)

On Fri, Aug 24, 2012 at 1:15 PM, hapr...@serverphorums.com wrote: I said it very clearly, that i have found how to make it transparent, No you didn't... But maybe my english understanding is too bad :) and i said also the exact way to do it. I want help with the set up of the reverse proxy.

Re: HAproxy as a reverse+transparent proxy help (pfsense)

Yes and i am asking how to set up haproxy to works as a reverse proxy. Because haproxy can do load balance too. Regards, --- posted at http://www.serverphorums.com http://www.serverphorums.com/read.php?10,552462,552625#msg-552625

haproxy ssh transparent proxy

Sorry for i'm new in haproxy,there is my problem i wanna haproxy to proxy any non-http traffic. And there is my config about it listen tcp-in bind 192.168.137.18: mode tcp tcp-request inspect-delay 5s tcp-request content accept if HTTP

Re: Transparent Proxy

On Fri, Sep 23, 2011 at 11:53 PM, Jason J. W. Williams jasonjwwilli...@gmail.com wrote: Hello, My understanding has been that HAProxy can be set up in conjunction with TPROXY support in the Linux kernel so that the backend servers see the original client's source IP address on incoming

Re: Transparent Proxy

Jason, No that option is not relevant for TPROXY (client source IP transparency) Its an old blog but take a look at: http://blog.loadbalancer.org/configure-haproxy-with-tproxy-kernel-for-full-transparent-proxy/ Ignore the kernel re-compile stuff, as its all pretty standard in modern kernels

Re: Transparent Proxy

a look at: http://blog.loadbalancer.org/configure-haproxy-with-tproxy-kernel-for-full-transparent-proxy/ Ignore the kernel re-compile stuff, as its all pretty standard in modern kernels. But it should show you how to construct the haproxy.cfg file. On 23 September 2011 22:53, Jason J

Transparent Proxy

Hello, My understanding has been that HAProxy can be set up in conjunction with TPROXY support in the Linux kernel so that the backend servers see the original client's source IP address on incoming packets? So is the option transparent (http://code.google.com/p/haproxy-docs/wiki/transparent)

RE: transparent Proxy on FreeBSD

generic one. Travis From: GARRISON, TRAVIS J. [mailto:garri...@otc.edu] Sent: Tuesday, August 09, 2011 9:08 AM To: haproxy Subject: transparent Proxy on FreeBSD How can I configure haproxy to operate in transparent mode in FreeBSD. I have tried adding the line source 0.0.0.0 usesrc clientip to mu

transparent Proxy on FreeBSD

How can I configure haproxy to operate in transparent mode in FreeBSD. I have tried adding the line source 0.0.0.0 usesrc clientip to mu config but it states that I need to recompile with tproxy. I have tried adding the compile switch but it doesn't work. I have noticed that FreeBSD uses

Re: HAproxy tproxy problem when try to make transparent proxy

On Sat, Mar 20, 2010 at 02:23:29AM +0100, Daniele Genetti wrote: I verify default gw and it seems correct. I also add rules suggested, but nothing change. The error 503 Service Unavailable persist. So, now I try to do this test. 1) Without transparent proxy on HAPROXY_SERVER: netstat

Re: HAproxy tproxy problem when try to make transparent proxy

On 03/20/2010 08:27 PM, Daniele Genetti wrote: So, there is something that don't permit to communicate in transparent mode.. Where is the barrier? mmm.. Hi, Sorry for insist on that, but are you *completely* sure that your routing is properly set up so transparent mode can work? This kind of

Re: HAproxy tproxy problem when try to make transparent proxy

Hello, L. Alberto Giménez ha scritto: Please check that: * You have the tproxy enabled in your kernel * You have haproxy compiled with tproxy support Your backend servers *can't* see the clients directly (i.e., they have the haproxy box as default gateway and *no other* gateways). The same

Re: HAproxy tproxy problem when try to make transparent proxy

Hi, On Fri, Mar 19, 2010 at 07:03:47PM +0100, Daniele Genetti wrote: Hello, I have one big problem with HAproxy compiled with tproxy support. This is the situation... HAPROXY_SERVER os: ubuntu server kernel: 2.6.31 (so with tproxy support) iptables: 1.4.4 (so with tproxy support)

Re: HAproxy tproxy problem when try to make transparent proxy

Also for some reason if you are using the new kernel and the new iptables (as you seem to be) you need to specify the firewall mark on EVERY interface: ip rule add dev eth0 fwmark 111 lookup 100 ip rule add dev eth1 fwmark 111 lookup 100 ip rule add dev eth2 fwmark 111 lookup 100 ip rule add dev

Re: HAproxy tproxy problem when try to make transparent proxy

I verify default gw and it seems correct. I also add rules suggested, but nothing change. The error 503 Service Unavailable persist. So, now I try to do this test. 1) Without transparent proxy on HAPROXY_SERVER: netstat -ctnup | grep 192.168.1.20:80 (ok, connection established showed

Re: Transparent proxy of SSL traffic using Pound to HAProxy backend patch and howto

On Mon, Jul 20, 2009 at 03:23:22PM +0100, Malcolm Turnbull wrote: Many thanks to Ivansceó Krisztián for working on the TPROXY patch for Pound for us, we can finally do SSL termination - HAProxy - backend with TPROXY. http://blog.loadbalancer.org/transparent-proxy-of-ssl-traffic-using-pound

Transparent proxy of SSL traffic using Pound to HAProxy backend patch and howto

Many thanks to Ivansceó Krisztián for working on the TPROXY patch for Pound for us, we can finally do SSL termination - HAProxy - backend with TPROXY. http://blog.loadbalancer.org/transparent-proxy-of-ssl-traffic-using-pound-to-haproxy-backend-patch-and-howto/ Patches to Pound are here: http

R: Transparent proxy

originale- Da: L. Alberto Giménez [mailto:agimenez-hapr...@sysvalve.homelinux.net] Inviato: martedì 12 maggio 2009 23.06 A: Carlo Granisso Cc: haproxy@formilux.org Oggetto: Re: Transparent proxy Carlo Granisso wrote: Hello everybody, I have a problem with haproxy (1.3.17) and kernel 2.6.29 I

R: Transparent proxy

-Messaggio originale- Da: John Lauro [mailto:john.la...@covenanteyes.com] Inviato: lunedì 11 maggio 2009 18.30 A: 'Carlo Granisso'; haproxy@formilux.org Oggetto: RE: Transparent proxy And no request were found into webserver (netstat -ntap | grep :80) After few seconds: 503

Re: Transparent proxy

can't use transparent proxy function: if I leave in haproxy.cfg this line source 0.0.0.0 usesrc clientip haproxy say 503 - Service unavailable. If I comment out the line, everything work fine (without transparent proxy). My situation: haproxy with two ethernet device: first one for public

Transparent proxy

Hello everybody, I have a problem with haproxy (1.3.17) and kernel 2.6.29 I have successfully recompiled my kernel with TPROXY modules and installed haproxy (compiled from source with tproxy option enabled) and installed iptables 1.4.3 (that have tproxy patch). Now I can't use transparent proxy

Re: Transparent proxy

and installed haproxy (compiled from source with tproxy option enabled) and installed iptables 1.4.3 (that have tproxy patch). Now I can't use transparent proxy function: if I leave in haproxy.cfg this line source 0.0.0.0 usesrc clientip haproxy say 503 - Service unavailable. If I comment out

RE: Transparent proxy

To: haproxy@formilux.org Subject: Transparent proxy Hello everybody, I have a problem with haproxy (1.3.17) and kernel 2.6.29 I have successfully recompiled my kernel with TPROXY modules and installed haproxy (compiled from source with tproxy option enabled) and installed iptables 1.4.3

R: Transparent proxy

: Transparent proxy It’s a little different config than I have, but it looks ok to me… What’s haproxy –vv give? I have: [r...@haf1 etc]# haproxy -vv HA-Proxy version 1.3.15.7 2008/12/04 Copyright 2000-2008 Willy Tarreau w...@1wt.eu Build options : TARGET = linux26 CPU = generic CC

Re: R: R: Transparent proxy

Willy Tarreau wrote: do you mean that the OpenBSD supports a linux-compatible tproxy ? I was not aware of this, because for me, tproxy is 100% linux-specific. Do you know what versions provide it (if so) and how to detect whether it's supported ? I've seen a bunch of pf+squid magic to do it,