| Re: Transparent tcp proxy with haproxy in OpenVZ container [message #51634 is a reply to message #51632] |
Fri, 29 August 2014 11:29   |
grizzly
Messages: 8
Registered: August 2014
|
Junior Member |
|
|
After some testing found that packets are marked well and proxy pass client IP to destination, but outgoing packets goes nowhere
# netstat -ctnup | grep 10.1.1.102
tcp 0 1 <client_ip>:39008 10.1.1.102:587 SYN_SENT 696/haproxy
tcp 0 1 <client_ip>:39008 10.1.1.102:587 SYN_SENT 696/haproxy
tcp 0 1 <client_ip>:39008 10.1.1.102:587 SYN_SENT 696/haproxy
tcp 0 1 <client_ip>:39008 10.1.1.102:587 SYN_SENT 696/haproxy
In 10.1.1.102 tcpdump shows nothing
Firewall pass all dest ips
-A FORWARD -p tcp -m tcp -d 10.1.1.102/32 --dport 587 -j ACCEPT
But in normal mode
netstat -ctnup | grep 10.1.1.102
tcp 0 0 10.1.1.105:58548 10.1.1.102:587 ESTABLISHED 732/haproxy
tcp 0 0 10.1.1.105:58548 10.1.1.102:587 ESTABLISHED 732/haproxy
tcp 0 0 10.1.1.105:58548 10.1.1.102:587 ESTABLISHED 732/haproxy
tcp 0 0 10.1.1.105:58548 10.1.1.102:587 ESTABLISHED 732/haproxy
Also tried to proxy to external source and loocked tcpdump on HN - nothing goes to external IP from haproxy in transparent mode
[Updated on: Fri, 29 August 2014 11:37] Report message to a moderator |
|
|
|
OpenVZ Forum
Members
Search
Help
Register
Login
Home
