<html><head><style type="text/css"><!-- DIV {margin:0px;} --></style></head><body><div style="font-family:courier,monaco,monospace,sans-serif;font-size:12pt">Hello everyone.<br><br>Setup:<br>CentOS 5.1<br>Kernel: Linux centos5.a3rocks.com 2.6.25.5 #1 SMP Sun Jun 8 11:15:19 EDT 2008 i686 athlon i386 GNU/Linux<br><div>tproxy patch: tproxy-kernel-2.6.25-20080519-165031-1211208631.tar.bz2<br>iptables: 1.4<br>iptables patch: tproxy-iptables-1.4.0-20080521-113954-1211362794.patch<br><br>I think everything went well on the patching of the kernel and patching of iptables. So here is where I am. I am using the latest version of haproxy, which should work.<br><br>I think the issue that I am having is due to the iptables. I don't think iptables is letting haproxy connect to the secondary host server. So haproxy is listening on port 50080, which is where I have tproxy sitting. Please take a look at my iptables entry and tell me if I am
missing anything. I can see that my connection hits the proxy server, but it does not relay to the secondary host.<br><br>Here is my iptables:<br>echo 1 > /proc/sys/net/ipv4/ip_forward<br>/usr/local/sbin/iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 50080<br>ip rule add fwmark 1 lookup 100<br>ip route add local 0.0.0.0/0 dev lo table 100<br>/usr/local/sbin/iptables -t mangle -N DIVERT<br>/usr/local/sbin/iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT<br>/usr/local/sbin/iptables -t mangle -A DIVERT -j MARK --set-mark 1<br>/usr/local/sbin/iptables -t mangle -A DIVERT -j ACCEPT<br><br>The ip for the proxy, where tproxy is sitting is 192.168.0.4 and the host server(running IIS) is 192.1680.06.<br><br>I would like to use squid, but I am not familiar with it, like I am with haproxy.<br><br>Any info would be appreciated. I am stuck now.<br><br>Thanks.<br>Mike<br><br></div><a
rel="nofollow" target="_blank" href="http://a3rocks.com/"></a><br><br><br><div><br></div></div><br>
</body></html>