hi, folks, I&#39;ve been scratching my head over this, and need your help with this.<br><br>I&#39;ve got haproxy compiled with tproxy support, and it&#39;s working fine with regards to point no. 3 (&quot;Initiating connections with a foreign address as a source&quot;) - I&#39;ve got it binding and connecting properly, and it&#39;s able to send out packets using a foreign address. Problem now is, when the reply packet comes back, haproxy cant seem to be able to detect it?<br>
<br>The route rules in the readme are tuned for a full transparent proxy, listening on another port other than the port of the traffic you want to transparently listen to, which is fine for squid - but this is not what I&#39;m looking for.<br>
<br>As far as i&#39;ve figured, the following rules should work, but dont somehow:<br><br>======<br><pre>iptables -t mangle -N DIVERT<br>iptables -t mangle -A PREROUTING -p tcpo -m socket -j DIVERT<br>iptables -t mangle -A DIVERT -j MARK --set-xmark 0x1/0xffffffff<br>
iptables -t mangle -A DIVERT -j ACCEPT<br></pre>=====<br><br>The rule<br>&nbsp; iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --on-port &lt;proxyport&gt; --tproxy-mark 0x1/0x1<br><br>isn&#39;t applicable here, because haproxy IS supposed to be &quot;non-transparent&quot; at the client end - it IS supposed to listen in directly on the ip and port for web traffic - that&#39;s the point of a load balancer, so... Could somebody perhaps tell me what i need to complete the setup, and get the packets to be forwarded to haproxy?<br>
<br>thanks,<br>-jf<br clear="all"><br>--<br>In the meantime, here is your PSA:<br>&quot;It&#39;s so hard to write a graphics driver that open-sourcing it would not help.&quot;<br> -- Andrew Fear, Software Product Manager, NVIDIA Corporation<br>
<a href="http://kerneltrap.org/node/7228">http://kerneltrap.org/node/7228</a><br>