hi, folks, I've been scratching my head over this, and need your help with this. I've got haproxy compiled with tproxy support, and it's working fine with regards to point no. 3 ("Initiating connections with a foreign address as a source") - I've got it binding and connecting properly, and it's able to send out packets using a foreign address. Problem now is, when the reply packet comes back, haproxy cant seem to be able to detect it? The route rules in the readme are tuned for a full transparent proxy, listening on another port other than the port of the traffic you want to transparently listen to, which is fine for squid - but this is not what I'm looking for. As far as i've figured, the following rules should work, but dont somehow: ====== iptables -t mangle -N DIVERT iptables -t mangle -A PREROUTING -p tcpo -m socket -j DIVERT iptables -t mangle -A DIVERT -j MARK --set-xmark 0x1/0xffffffff iptables -t mangle -A DIVERT -j ACCEPT ===== The rule iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --on-port <proxyport> --tproxy-mark 0x1/0x1 isn't applicable here, because haproxy IS supposed to be "non-transparent" at the client end - it IS supposed to listen in directly on the ip and port for web traffic - that's the point of a load balancer, so... Could somebody perhaps tell me what i need to complete the setup, and get the packets to be forwarded to haproxy? thanks, -jf -- In the meantime, here is your PSA: "It's so hard to write a graphics driver that open-sourcing it would not help." -- Andrew Fear, Software Product Manager, NVIDIA Corporation http://kerneltrap.org/node/7228