RE: Problems with 1.5-dev17 and bind to interface

Hello, I don't see how my solution is broken by design. I see that net.ipv4.ip_nonlocal_bind=1 is superior and widely used, so i'm using that happily. But i still believe there's a bug or misdocumentation somewhere in bind interface. Consider my setup: eth0: external ip address, used to ssh

Re: Problems with 1.5-dev17 and bind to interface

On 2/12/13 7:32 AM, Cornelius Riemenschneider wrote: The server is configured to listen to all traffic on eth1 to a specific port (12340), so either traffic sent to its normal internal ip adress or to its VIP address, in case keepalived assigned it to us will result in haproxy receiving

RE: Problems with 1.5-dev17 and bind to interface

Ah okay, I expected bind :*12340 interface eth1 to listen to traffic coming to the interface, not to bind to al ips which are bound to the interface at the moment of starting haproxy. If that's really the case, the documentation of bind interface could be improved. Cornelius Riemenschneider

Re: Problems with 1.5-dev17 and bind to interface

On 2/12/13 7:38 AM, Cornelius Riemenschneider wrote: RE: Problems with 1.5-dev17 and bind to interface Ah okay, I expected bind :*12340 interface eth1 to listen to traffic coming to the interface, not to bind to al ips which are bound to the interface at the moment of starting haproxy. If

Re: Problems with 1.5-dev17 and bind to interface

On Tue, Feb 12, 2013 at 12:38 PM, Cornelius Riemenschneider c...@itscope.dewrote: ** Ah okay, I expected bind :*12340 interface eth1 to listen to traffic coming to the interface, not to bind to al ips which are bound to the interface at the moment of starting haproxy. If that's really the

RE: Problems with 1.5-dev17 and bind to interface

Ah okay, I expected bind :*12340 interface eth1 to listen to traffic coming to the interface, not to bind to al ips which are bound to the interface at the moment of starting haproxy. If that's really the case, the documentation of bind interface could be improved. I think you misunderstood

Re: Problems with 1.5-dev17 and bind to interface

On Tue, Feb 12, 2013 at 07:42:08AM -0500, David Coulson wrote: On 2/12/13 7:38 AM, Cornelius Riemenschneider wrote: RE: Problems with 1.5-dev17 and bind to interface Ah okay, I expected bind :*12340 interface eth1 to listen to traffic coming to the interface, not to bind to al ips which

Re: Problems with 1.5-dev17 and bind to interface

On Mon, Feb 11, 2013 at 1:45 PM, Cornelius Riemenschneider c...@itscope.de wrote: ** Hello, We try to use haproxy for internal load balancing in a high availability setup together with keepalived and a virtual ip on the internal NIC. We don't want to expose our internal services to the

RE: Problems with 1.5-dev17 and bind to interface

Thanks for your answers, that kernel setting did help me. But nevertheless, bind interface seems to be buggy, isn't it? Thanks, Cornelius Riemenschneider -- ITscope GmbH Ludwig-Erhard-Alle 20 76131 Karlsruhe Email: cornelius.riemenschnei...@itscope.de https://www.itscope.com

RE: Problems with 1.5-dev17 and bind to interface

frontend nodes maxconn 2400 bind :12340 interface eth1 default_backend nodes but portscans from another node in the internal network show that 12340 is sometimes open, but most of the it is closed. We believe this is a bug in haproxy. Probably haproxy starts when the VIP

Re: Problems with 1.5-dev17 and bind to interface

On Mon, Feb 11, 2013 at 5:20 PM, Cornelius Riemenschneider c...@itscope.dewrote: ** Thanks for your answers, that kernel setting did help me. But nevertheless, bind interface seems to be buggy, isn't it? Thanks, For a basic keepalived.conf from here