Hi,
we are currently facing problem with connection clogging with this
configuration.
The client after a while (random number of requests ~few hundreds) reaches
timeout connect settings on backend server - proxy returns 503 Service
Unavailable No server is available to handle this request.
Hi Babtiste,
yes we do have change that:
[root@srvA ~]# cat /etc/sysconfig/network-scripts/route-eth0
default via 192.168.1.254 dev eth0 table 700
[root@srvA ~]# cat /etc/sysconfig/network-scripts/rule-eth0
from 192.168.1.1 lookup 700
The setup is working just fine, for a while. When we try
Hi Zbynek,
Have you changed the default gateway of your server?
traffic from server to client must pass through HAProxy box.
In your case, I guess HAProxy sends a SYN to the server and the
servers sends the S/A to the client directly, bypassing HAProxy.
Baptiste
On Mon, Jan 26, 2015 at 1:24
what does dmesg says then?
Or errors logged by HAProxy?
You may have some iptables issues or source port exhaustion.
Baptiste
On Mon, Jan 26, 2015 at 2:53 PM, Zbyněk Rozman zbynek.roz...@stable.cz wrote:
Hi Babtiste,
yes we do have change that:
[root@srvA ~]# cat
Hello,
L. Alberto Giménez ha scritto:
Please check that:
* You have the tproxy enabled in your kernel
* You have haproxy compiled with tproxy support
Your backend servers *can't* see the clients directly (i.e., they have
the haproxy box as default gateway and *no other* gateways).
The
On Sat, Mar 20, 2010 at 02:23:29AM +0100, Daniele Genetti wrote:
I verify default gw and it seems correct.
I also add rules suggested, but nothing change.
The error 503 Service Unavailable persist.
So, now I try to do this test.
1) Without transparent proxy
on HAPROXY_SERVER:
netstat
On 03/20/2010 08:27 PM, Daniele Genetti wrote:
So, there is something that don't permit to communicate in transparent
mode..
Where is the barrier? mmm..
Hi,
Sorry for insist on that, but are you *completely* sure that your
routing is properly set up so transparent mode can work? This kind of
Hello,
L. Alberto Giménez ha scritto:
Please check that:
* You have the tproxy enabled in your kernel
* You have haproxy compiled with tproxy support
Your backend servers *can't* see the clients directly (i.e., they have
the haproxy box as default gateway and *no other* gateways).
The same
Hi,
On Fri, Mar 19, 2010 at 07:03:47PM +0100, Daniele Genetti wrote:
Hello,
I have one big problem with HAproxy compiled with tproxy support.
This is the situation...
HAPROXY_SERVER
os: ubuntu server
kernel: 2.6.31 (so with tproxy support)
iptables: 1.4.4 (so with tproxy support)
Also for some reason if you are using the new kernel and the new
iptables (as you seem to be)
you need to specify the firewall mark on EVERY interface:
ip rule add dev eth0 fwmark 111 lookup 100
ip rule add dev eth1 fwmark 111 lookup 100
ip rule add dev eth2 fwmark 111 lookup 100
ip rule add dev
I verify default gw and it seems correct.
I also add rules suggested, but nothing change.
The error 503 Service Unavailable persist.
So, now I try to do this test.
1) Without transparent proxy
on HAPROXY_SERVER:
netstat -ctnup | grep 192.168.1.20:80 (ok, connection established showed)
on
11 matches
Mail list logo