Hello,
L. Alberto Giménez ha scritto:
Please check that:
* You have the tproxy enabled in your kernel
* You have haproxy compiled with tproxy support
Your backend servers *can't* see the clients directly (i.e., they have
the haproxy box as default gateway and *no other* gateways).
The
On Sat, Mar 20, 2010 at 02:23:29AM +0100, Daniele Genetti wrote:
I verify default gw and it seems correct.
I also add rules suggested, but nothing change.
The error 503 Service Unavailable persist.
So, now I try to do this test.
1) Without transparent proxy
on HAPROXY_SERVER:
netstat
On 03/20/2010 08:27 PM, Daniele Genetti wrote:
So, there is something that don't permit to communicate in transparent
mode..
Where is the barrier? mmm..
Hi,
Sorry for insist on that, but are you *completely* sure that your
routing is properly set up so transparent mode can work? This kind of
Hello,
L. Alberto Giménez ha scritto:
Please check that:
* You have the tproxy enabled in your kernel
* You have haproxy compiled with tproxy support
Your backend servers *can't* see the clients directly (i.e., they have
the haproxy box as default gateway and *no other* gateways).
The same
Hi,
On Fri, Mar 19, 2010 at 07:03:47PM +0100, Daniele Genetti wrote:
Hello,
I have one big problem with HAproxy compiled with tproxy support.
This is the situation...
HAPROXY_SERVER
os: ubuntu server
kernel: 2.6.31 (so with tproxy support)
iptables: 1.4.4 (so with tproxy support)
Also for some reason if you are using the new kernel and the new
iptables (as you seem to be)
you need to specify the firewall mark on EVERY interface:
ip rule add dev eth0 fwmark 111 lookup 100
ip rule add dev eth1 fwmark 111 lookup 100
ip rule add dev eth2 fwmark 111 lookup 100
ip rule add dev
I verify default gw and it seems correct.
I also add rules suggested, but nothing change.
The error 503 Service Unavailable persist.
So, now I try to do this test.
1) Without transparent proxy
on HAPROXY_SERVER:
netstat -ctnup | grep 192.168.1.20:80 (ok, connection established showed)
on
7 matches
Mail list logo
