On Mon, Apr 21, 2008 at 11:27:48AM -0700, Scott Smith wrote:
> Hi, so now that we've been using haproxy very successfully for the past
> 4 months, it is time to see what other uses it can provide us :)
>
> I was curious if anyone has used haproxy to load balance outbound
> firewall traffic?
>
> I would like to set up a few machines running pf, and have haproxy
> balance outbound tcp connections through them. http traffic should be
> fairly simply, as I will also have squid on each pf machine. Each pf
> machine will have an internal and external interface, only allowing
> outbound traffic from the haproxy servers themselves.
>
> Requests will be sent to an internal hostname that resolves to an IP on
> which haproxy is bound. It will balance the traffic to squids listening
> on each of the pf servers, which will then proxy the requests to the
> actual servers on the Internet.
>
> Any input? What about other protocols?
No specific input. You should use "balance uri" though, in order to improve cache hit rate on your squids.
If you have other services installed on your firewalls (eg: mail relays), you may also set up a TCP instance listening on port 25 which will balance between your two relays. But you will not be able to balance non-TCP protocols.
Willy Received on 2008/04/22 06:25
This archive was generated by hypermail 2.2.0 : 2008/04/22 06:30 CEST