hi, folks, I've been scratching my head over this, and need your help with this.<br><br>I've got haproxy compiled with tproxy support, and it's working fine with regards to point no. 3 ("Initiating connections with a foreign address as a source") - I've got it binding and connecting properly, and it's able to send out packets using a foreign address. Problem now is, when the reply packet comes back, haproxy cant seem to be able to detect it?<br>
<br>The route rules in the readme are tuned for a full transparent proxy, listening on another port other than the port of the traffic you want to transparently listen to, which is fine for squid - but this is not what I'm looking for.<br>
<br>As far as i've figured, the following rules should work, but dont somehow:<br><br>======<br><pre>iptables -t mangle -N DIVERT<br>iptables -t mangle -A PREROUTING -p tcpo -m socket -j DIVERT<br>iptables -t mangle -A DIVERT -j MARK --set-xmark 0x1/0xffffffff<br>
iptables -t mangle -A DIVERT -j ACCEPT<br></pre>=====<br><br>The rule<br> iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --on-port <proxyport> --tproxy-mark 0x1/0x1<br><br>isn't applicable here, because haproxy IS supposed to be "non-transparent" at the client end - it IS supposed to listen in directly on the ip and port for web traffic - that's the point of a load balancer, so... Could somebody perhaps tell me what i need to complete the setup, and get the packets to be forwarded to haproxy?<br>
<br>thanks,<br>-jf<br clear="all"><br>--<br>In the meantime, here is your PSA:<br>"It's so hard to write a graphics driver that open-sourcing it would not help."<br> -- Andrew Fear, Software Product Manager, NVIDIA Corporation<br>
<a href="http://kerneltrap.org/node/7228">http://kerneltrap.org/node/7228</a><br>