On Thu, Mar 22, 2018 at 01:15:26PM +, matei marius wrote:
> haproxy -vv
> HA-Proxy version 1.8.4-1deb90d 2018/02/08
> Copyright 2000-2018 Willy Tarreau
>
> Build options :
> TARGET = linux26
> CPU = generic
> CC = gcc
> CFLAGS = -m64 -march=x86-64 -O2 -g
bad.
Cheers
Mathias
==
Von: matei marius <mat.mar...@yahoo.com>
Gesendet: Donnerstag, 22. März 2018 11:50
An: HAproxy Mailing Lists <haproxy@formilux.org>
Betreff: transparent mode -> chksum incorrect
Hello
I'm trying to configure haproxy in transparent mode using the confi
Hello,
On 22 March 2018 at 11:49, matei marius wrote:
> When I try to access the service from the same IP class with haproxy I see
> the packets having incorrect checksum.
This is most likely due to offloading techniques such as TX
checksumming, where tcpdump will not see
==
Von: matei marius <mat.mar...@yahoo.com>
Gesendet: Donnerstag, 22. März 2018 11:50
An: HAproxy Mailing Lists <haproxy@formilux.org>
Betreff: transparent mode -> chksum incorrect
Hello
I'm trying to configure haproxy in transparent mode using the confi
Hello
I'm trying to configure haproxy in transparent mode using the configuration
below:
The backend servers have as default gateway the haproxy IP (172.17.232.232)
frontend fe_frontend_pool_proxy_3128
timeout client 30m
mode tcp
bind 172.17.232.232:3128 transparent
On 03.03.2014 21:31, Willy Tarreau wrote:
On Mon, Mar 03, 2014 at 09:10:51PM +0100, Lukas Tribus wrote:
Lets set IP_FREEBIND on IPv6 sockets as well, this works since Linux
3.3
and doesn't require CAP_NET_ADMIN privileges (IPV6_TRANSPARENT does).
This allows unprivileged users to bind to
Hi Sander,
Patch applied, thank you Lukas!
I will test the patch. Stupid question, but is it really supported
from 3.3 and higher? A quick test with dev22 yesterday seemed to be
working but I didn't put any traffic through it. It was late so I
didn't give it enough attention ;-)
Just
Lets set IP_FREEBIND on IPv6 sockets as well, this works since Linux 3.3
and doesn't require CAP_NET_ADMIN privileges (IPV6_TRANSPARENT does).
This allows unprivileged users to bind to non-local IPv6 addresses, which
can be useful when setting up the listening sockets or when connecting
to
On Mon, Mar 03, 2014 at 09:10:51PM +0100, Lukas Tribus wrote:
Lets set IP_FREEBIND on IPv6 sockets as well, this works since Linux 3.3
and doesn't require CAP_NET_ADMIN privileges (IPV6_TRANSPARENT does).
This allows unprivileged users to bind to non-local IPv6 addresses, which
can be useful
the
file uploads fail and with Transparent ClientIP disabled all works
perfectly as it should. I do need the transparent mode though.
Is there a setting somewhere I've missed?
Thanks in advance for any possible help
/Magnus
disabled all works perfectly as it should. I do need the
transparent mode though.
Is there a setting somewhere I've missed?
Thanks in advance for any possible help
/Magnus
as it should. I do need the transparent mode though.
Is there a setting somewhere I've missed?
Thanks in advance for any possible help
/Magnus
--
The config created
as it should. I do need the transparent mode
though.
Is there a setting somewhere I've missed?
Thanks in advance for any possible help
/Magnus
that when Transparent ClientIP is enabled and set to DMZ the file
uploads fail and with Transparent ClientIP disabled all works perfectly as it
should. I do need the transparent mode though.
Is there a setting somewhere I've missed?
Thanks in advance for any possible help
/Magnus
Hi, All:
In the past day, I want use pf’s “reply-to” on freebsd to solve ip address
overlapping problem. But it’s seems that pf’s “divert-to” and “divert-reply”
cannot work with haproxy on the same machine. Does haproxy in transparent mode
support FreeBSD’s divert mechanism ?
Regards
Hi, All:
In the past day, I want use pf’s “reply-to” on freebsd to solve ip address
overlapping problem. But it’s seems that pf’s “divert-to” and “divert-reply”
cannot work with haproxy on the same machine. Does haproxy in transparent mode
support FreeBSD’s divert mechanism ?
Regards
Hi,
On 06.12.2012 16:53, Ozgur Tas wrote:
Haproxy 1.4.22 on CENTOS 6.3 (kernel 2.6.32-279.14.1 ) on HYPER-V (with
Hyper-V integration)
-
I know Centos a little bit and can confirm that this is working.
Hi,
I'm trying to get transparent proxy working, however
Hi David,
(warning, your mail agent sends ctrl-M at the end of each line, looks a bit
broken).
On Mon, Oct 15, 2012 at 04:56:47PM +0200, David Touzeau wrote:
Dear^M
^M
^M
I have seen in Haproxy that you can use it in transparent mode.^M
^M
I would like to use it in order to load balance
Dear
I have seen in Haproxy that you can use it in transparent mode.
I would like to use it in order to load balance Squid cache servers in
transparent mode.
Is there somebody had implemented this kind of architecture ?
. It adds the well known
X-Forwarded-For header in the request and the servers will be able to use
it to retrieve the client's IP address. There are modules for virtually every
server to use it, check mod_rpaf for Apache.
If you want to enable transparent mode, you'll have to use a very recent
no need to develop a netfilter module to get transparent mode,
the TPROXY feature in recent kernels already does it.
We also have a patch to inconditionally do that without netfilter but
it's only for older kernels. Anyway, tproxy is the most common solution.
Regards,
Willy
I am sure it's been asked before, I can find some vague references on how to
accomplish this but nothing that does not include recompiling the kernel. I
think these posts are out of date. So, sorry in advance but here's the
question. I have about 1000 listen (groups) and need to pass the client
, June 09, 2011 2:24 PM
To: haproxy@formilux.org
Subject: transparent mode
I am sure it's been asked before, I can find some vague references on how to
accomplish this but nothing that does not include recompiling the kernel. I
think these posts are out of date. So, sorry in advance but here's
and the servers will be able to use
it to retrieve the client's IP address. There are modules for virtually every
server to use it, check mod_rpaf for Apache.
If you want to enable transparent mode, you'll have to use a very recent
kernel (or a patched one), make a non-trivial configuration, and change
24 matches
Mail list logo