0

I am Trying to setup HAProxy with transparent proxy on Centos-7 machine. Env: ( 2-http server ==>> HAProxy server ==>> ClientVM )

I have configured http servers with normal haproxy and it works fine.

When i configure haproxy.cfg file as below:

global
   log /dev/log local0
   log /dev/log local1 notice
   chroot /var/lib/haproxy
   stats timeout 30s
   #user haproxy
   #group haproxy
   user root
   group wheel
   daemon

defaults
   log global
   mode tcp
   option tcplog
   option dontlognull
   timeout connect 5000
   timeout client 50000
   timeout server 50000

frontend App_in
       **bind haproxy-ip:80 transparent**
       mode tcp
       default_backend App_out
    
backend App_out
       mode tcp
       log global
       **source 0.0.0.0 usesrc clientip**
       balance roundrobin
       server http-1 http-1-ip:80
       server http-2 http-2-ip:80

i am able to start the haproxy server and i get the response curl from the terminal of haproxy server but when i curl from ClientVM i get response as curl: (52) Empty reply from server :

I have also executed an iptables-rule.sh script to configure iptables on HAProxy server as below:

#!/bin/bash
iptables -F
iptables -F -t nat
iptables -t mangle -N DIVERT
iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
iptables -t mangle -A DIVERT -j MARK --set-mark 1
iptables -t mangle -A DIVERT -j ACCEPT
ip rule add fwmark 1 lookup 100
ip route add local 0.0.0.0/0 dev lo table 100
Stuggi
  • 3,506
  • 4
  • 19
  • 36
Shailendra Pratap Singh
  • 1
  • 1
  • Your rules lack the TPROXY target. check the typical rules in the kernel doc: https://www.kernel.org/doc/Documentation/networking/tproxy.txt – A.B Aug 07 '20 at 19:32
  • Hello A.B, thanks for responding to my post. Could you please be more specific about what steps i should further proceed with. I looked into the link provided by you. I am not sure where should i apply these. Thanks again – Shailendra Pratap Singh Aug 10 '20 at 09:02
  • Hi A.B, I have been following below two URLs for this setup: https://www.loadbalancer.org/blog/configure-haproxy-with-tproxy-kernel-for-full-transparent-proxy/ https://www.haproxy.com/blog/howto-transparent-proxying-and-binding-with-haproxy-and-aloha-load-balancer/ – Shailendra Pratap Singh Aug 10 '20 at 17:46
  • I realize that maybe the TPROXY target isn't needed if the system is already the normal target of the connection (but then tproxy doesn't look that useful). That's not the use case I knew, and that would maybe explain why there's no TPROXY target used. I'm sorry I don't know how to help. – A.B Aug 10 '20 at 18:21

0 Answers0