Re: AW: transparent mode -> chksum incorrect

On Thu, Mar 22, 2018 at 01:15:26PM +, matei marius wrote: > haproxy -vv > HA-Proxy version 1.8.4-1deb90d 2018/02/08 > Copyright 2000-2018 Willy Tarreau > > Build options : >   TARGET  = linux26 >   CPU = generic >   CC  = gcc >   CFLAGS  = -m64 -march=x86-64 -O2 -g

Re: AW: transparent mode -> chksum incorrect

bad. Cheers Mathias == Von: matei marius <mat.mar...@yahoo.com> Gesendet: Donnerstag, 22. März 2018 11:50 An: HAproxy Mailing Lists <haproxy@formilux.org> Betreff: transparent mode -> chksum incorrect Hello I'm  trying to configure haproxy in transparent mode using the confi

Re: transparent mode -> chksum incorrect

Hello, On 22 March 2018 at 11:49, matei marius wrote: > When I try to access the service from the same IP class with haproxy I see > the packets having incorrect checksum. This is most likely due to offloading techniques such as TX checksumming, where tcpdump will not see

AW: transparent mode -> chksum incorrect

== Von: matei marius <mat.mar...@yahoo.com> Gesendet: Donnerstag, 22. März 2018 11:50 An: HAproxy Mailing Lists <haproxy@formilux.org> Betreff: transparent mode -> chksum incorrect Hello I'm  trying to configure haproxy in transparent mode using the confi

transparent mode -> chksum incorrect

Hello I'm  trying to configure haproxy in transparent mode using the configuration below: The backend servers have as default gateway the haproxy IP (172.17.232.232) frontend fe_frontend_pool_proxy_3128     timeout client 30m     mode tcp     bind 172.17.232.232:3128 transparent

Re: [PATCH] MINOR: set IP_FREEBIND on IPv6 sockets in transparent mode

On 03.03.2014 21:31, Willy Tarreau wrote: On Mon, Mar 03, 2014 at 09:10:51PM +0100, Lukas Tribus wrote: Lets set IP_FREEBIND on IPv6 sockets as well, this works since Linux 3.3 and doesn't require CAP_NET_ADMIN privileges (IPV6_TRANSPARENT does). This allows unprivileged users to bind to

Re: [PATCH] MINOR: set IP_FREEBIND on IPv6 sockets in transparent mode

Hi Sander, Patch applied, thank you Lukas! I will test the patch. Stupid question, but is it really supported from 3.3 and higher? A quick test with dev22 yesterday seemed to be working but I didn't put any traffic through it. It was late so I didn't give it enough attention ;-) Just

[PATCH] MINOR: set IP_FREEBIND on IPv6 sockets in transparent mode

Lets set IP_FREEBIND on IPv6 sockets as well, this works since Linux 3.3 and doesn't require CAP_NET_ADMIN privileges (IPV6_TRANSPARENT does). This allows unprivileged users to bind to non-local IPv6 addresses, which can be useful when setting up the listening sockets or when connecting to

Re: [PATCH] MINOR: set IP_FREEBIND on IPv6 sockets in transparent mode

On Mon, Mar 03, 2014 at 09:10:51PM +0100, Lukas Tribus wrote: Lets set IP_FREEBIND on IPv6 sockets as well, this works since Linux 3.3 and doesn't require CAP_NET_ADMIN privileges (IPV6_TRANSPARENT does). This allows unprivileged users to bind to non-local IPv6 addresses, which can be useful

Re: File uploads (multipart/form-data POST ) and transparent mode fail

the file uploads fail and with Transparent ClientIP disabled all works perfectly as it should. I do need the transparent mode though. Is there a setting somewhere I've missed? Thanks in advance for any possible help /Magnus

Re: File uploads (multipart/form-data POST ) and transparent mode fail

disabled all works perfectly as it should. I do need the transparent mode though. Is there a setting somewhere I've missed? Thanks in advance for any possible help /Magnus

Re: File uploads (multipart/form-data POST ) and transparent mode fail

as it should. I do need the transparent mode though. Is there a setting somewhere I've missed? Thanks in advance for any possible help /Magnus -- The config created

Re: File uploads (multipart/form-data POST ) and transparent mode fail

as it should. I do need the transparent mode though. Is there a setting somewhere I've missed? Thanks in advance for any possible help /Magnus

File uploads (multipart/form-data POST ) and transparent mode fail

that when Transparent ClientIP is enabled and set to DMZ the file uploads fail and with Transparent ClientIP disabled all works perfectly as it should. I do need the transparent mode though. Is there a setting somewhere I've missed? Thanks in advance for any possible help /Magnus

Does haproxy in transparent mode support FreeBSD's divert mechanism ?

Hi, All: In the past day, I want use pf’s “reply-to” on freebsd to solve ip address overlapping problem. But it’s seems that pf’s “divert-to” and “divert-reply” cannot work with haproxy on the same machine. Does haproxy in transparent mode support FreeBSD’s divert mechanism ? Regards

Does haproxy in transparent mode support FreeBSD's divert mechanism ?

Hi, All: In the past day, I want use pf’s “reply-to” on freebsd to solve ip address overlapping problem. But it’s seems that pf’s “divert-to” and “divert-reply” cannot work with haproxy on the same machine. Does haproxy in transparent mode support FreeBSD’s divert mechanism ? Regards

Re: SYN_RECEIVED / SMTP / Transparent mode

Hi, On 06.12.2012 16:53, Ozgur Tas wrote: Haproxy 1.4.22 on CENTOS 6.3 (kernel 2.6.32-279.14.1 ) on HYPER-V (with Hyper-V integration) - I know Centos a little bit and can confirm that this is working. Hi, I'm trying to get transparent proxy working, however

Re: HaProxy + Squid in transparent mode

Hi David, (warning, your mail agent sends ctrl-M at the end of each line, looks a bit broken). On Mon, Oct 15, 2012 at 04:56:47PM +0200, David Touzeau wrote: Dear^M ^M  ^M I have seen in Haproxy that you can use it in transparent mode.^M ^M I would like to use it in order to load balance

HaProxy + Squid in transparent mode

Dear   I have seen in Haproxy that you can use it in transparent mode. I would like to use it in order to load balance Squid cache servers in transparent mode. Is there somebody had implemented this kind of architecture ?

Re: transparent mode

. It adds the well known X-Forwarded-For header in the request and the servers will be able to use it to retrieve the client's IP address. There are modules for virtually every server to use it, check mod_rpaf for Apache. If you want to enable transparent mode, you'll have to use a very recent

Re: transparent mode

no need to develop a netfilter module to get transparent mode, the TPROXY feature in recent kernels already does it. We also have a patch to inconditionally do that without netfilter but it's only for older kernels. Anyway, tproxy is the most common solution. Regards, Willy

transparent mode

I am sure it's been asked before, I can find some vague references on how to accomplish this but nothing that does not include recompiling the kernel. I think these posts are out of date. So, sorry in advance but here's the question. I have about 1000 listen (groups) and need to pass the client

RE: transparent mode

, June 09, 2011 2:24 PM To: haproxy@formilux.org Subject: transparent mode I am sure it's been asked before, I can find some vague references on how to accomplish this but nothing that does not include recompiling the kernel. I think these posts are out of date. So, sorry in advance but here's

Re: transparent mode

and the servers will be able to use it to retrieve the client's IP address. There are modules for virtually every server to use it, check mod_rpaf for Apache. If you want to enable transparent mode, you'll have to use a very recent kernel (or a patched one), make a non-trivial configuration, and change