Willy Tarreau a écrit :
> On Wed, Mar 12, 2008 at 05:36:22PM -0400, Guillaume Bourque wrote:
>> Sorry I forgot to mention I'm running kernel 2.6.22-14-virtual and no
>> rules in iptables.
> Haproxy does not care if you come from the inside or outside network, since
> it's just a TCP proxy.
That's what I tought !
> However, since you're balancing on source IP address,
> I suspect that from the internal net, your hash goes to one server, and that
> from the internet address you used, you go to the other server and that it
> simply does not respond.
I can reach both TCP server from the internet if I set a DNAT rule to those 2 adresses, so those TERMINAL server are fine and routing should be ok too
> Check the logs, check that the FW box correcly nats the outgoing traffic,
> and BTW, that the haproxy box has the correct default gateway to the net
> through the FW box.
When a client get's to the haproxy box a have a log of the client who connect but from internet I dont see anything in haproxy log
I did not mention that keepalived set the VIP that I use on the haproxy box.
> If nothing works, you can still produce a tcpdump trace on the haproxy box
> so that we can check at what moment the problem appears.
1205354601.951588 184.108.40.206 -> 192.168.4.26 TCP 1394 > 3389 [SYN] Seq=0 Len=0 MSS=1460
1205354601.951656 192.168.4.26 -> 220.127.116.11 TCP 3389 > 1394 [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1460 1205354604.846363 18.104.22.168 -> 192.168.4.26 TCP 1394 > 3389 [SYN] Seq=0 Len=0 MSS=1460
1205354604.846439 192.168.4.26 -> 22.214.171.124 TCP 3389 > 1394 [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1460 1205354605.201423 192.168.4.26 -> 126.96.36.199 TCP 3389 > 1394 [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1460
-- Guillaume Bourque, B.Sc., consultant, infrastructures technologiques Logisoft Technologies inc. 514 576-7638 http://www.logisoftech.comReceived on 2008/03/12 23:23
This archive was generated by hypermail 2.2.0 : 2008/03/12 23:30 CET