On Mon, Oct 22, 2007 at 10:50:27AM +0100, Tim O'Donovan wrote:
> Hi Willy,
>
> Many thanks for the help.
>
> > 1) use a client from a different network and add a default route from
> > your MTA to haproxy. In this case, you'll also need to enable IP
> > forwarding on your haproxy machine so that your SMTP servers can
> > access the rest of the world.
>
> Fantastic. That did the trick. And it makes complete sense now I think
> about it.
perfect!
> The only problem I have now, is that any servers that are on the same
> switch as haproxy experience the same problem as before, in that the
> requests just time out. I wonder if there is some iptables magic that
> can be setup to redirect incoming requests from the internal network on
> port 25 to a non-transparent haproxy instance.
I think that what you could do is to use the DNAT target (or REDIRECT, they are basically the same) and match based on the source IP, then redirect to another local port (eg: 26) on which you would have another instance.
In a near future, when many features will be conditionned by ACLs, it will be even easier since you would be able to say that you want the tproxy only if the source IP matches some networks. It' not that hard to implement BTW, just has to be done.
> Love the new UNIX socket stats feature in 1.3.13.
Fine! Be careful, there's a bug in the first line. The "Status" field is missing from the description but it's still there in the values.
Regards,
Willy
Received on 2007/10/22 14:00
This archive was generated by hypermail 2.2.0 : 2007/11/04 19:21 CET