Comments on: Configure HAProxy with TPROXY kernel for full transparent proxy

By: Malcolm Turnbull

Malcolm Turnbull — Thu, 21 Feb 2013 10:52:12 +0000

Ahmd,

You won’t find the patches because they are not needed for that Kernel version. It is already built in!

By: Ahmd

Ahmd — Sun, 17 Feb 2013 13:08:12 +0000

hi ,
i want to ask ,
i followed the articale on
http://wiki.squid-cache.org/Features/Tproxy4

i saw that it require kernel 2.6.37 , but when i go to balabit site , i dont see patch for it!!!!

i searched and it seems no patch for the kernel 2.6.37 ???

wt i need to do ??

plz help , advice

By: Mathew.Levett

Mathew.Levett — Tue, 05 Feb 2013 13:57:04 +0000

Hello Matteo, Can I ask if you have compiled ha proxy from source or just installed from one of the Debian repository? as the error indicates that the build you are running was not compiled with TPROXY support.

By: Matteo

Matteo — Sun, 27 Jan 2013 10:55:44 +0000

Hello All,
I’ve installated HAproxy on Debian with kernel Linux 2.6.32+.
When HAproxy starts, I’ve the following error:
Starting haproxy: haproxy

[ALERT] 024/152707 (1802) : parsing [/etc/haproxy/hapr xy.cfg:54] : ‘usesrc’ not allowed here because support for TPROXY was not compiled in.

[ALERT] 024/152707 (1802) : parsing [/etc/haproxy/haproxy.cfg:92] : error detected while parsing a ‘monitor fail’ condition.

[ALERT] 024/152707 (1802) : parsing [/etc/haproxy/haproxy.cfg:104] : ‘usesrc’ not allowed here because support for TPROXY was not compiled in.

[ALERT] 024/152707 (1802) : Error(s) found in configuration file : /etc/haproxy/haproxy.cfg

[ALERT] 024/152707 (1802) : Fatal errors found in configuration.

May you help me? Have any suggestions?
I’m following this article:
http://blog.exceliance.fr/2012/08/25/haproxy-varnish-and-the-single-hostname-website/

Best regards.

By: Load Balancing – What are the supported load balancing methods? « Govardhan Gunnala

Sat, 17 Nov 2012 20:20:26 +0000

[...] (SNAT-TPROXY) load balancing method If the source address of the client is a requirement then HaProxy can be forced into transparent mode using TPROXY, this requires that the real servers use the load balancer as the default gateway (as in NAT mode) [...]

By: Scott McKeown

Scott McKeown — Mon, 12 Nov 2012 14:35:37 +0000

Hi Lior,
Please have a look at our new Blog post at http://blog.loadbalancer.org/setting-up-haproxy-with-transparent-mode-on-centos-6-x/ which should help.

By: lior

lior — Sat, 10 Nov 2012 22:05:48 +0000

Hey I’m using centos 6.3 and did pretty much what you wrote and still my web server sees the haproxy up. What am I doing wrong?

By: lior

lior — Sat, 10 Nov 2012 00:02:49 +0000

hey,

great article.

followed through this article by the letter and still my web server see the HAPROXY server ip.

Anybody any idea?

By: Malcolm Turnbull

Malcolm Turnbull — Tue, 09 Oct 2012 07:55:06 +0000

Generally the HAProxy box will be configured as a NAT gateway between your external network and internal network, you can use any physical IP (of the HAProxy unit) on the internal side for your default gateway. If you have a High-availability pair of HA-Proxy units this would be the internal floating IP, if you just have a single unit then you would probably just have one IP address. The VIP or bind address would usualy be on the external network (so you definately would not use that one).

By: caraconan

caraconan — Tue, 09 Oct 2012 07:26:05 +0000

Hi all, thanks for this great post.

I’ve got couple of questions:

1. It’s 100% mandatory to change default gateway of real servers to point to 1 of the haproxy IP addresses?

2. If yes, which one? The VIP one?

Regards