Willy Tarreau a écrit :
> On Wed, Mar 12, 2008 at 05:36:22PM -0400, Guillaume Bourque wrote:
>
>> Sorry I forgot to mention I'm running kernel 2.6.22-14-virtual and no
>> rules in iptables.
>>
>
> Guillaume,
>
> Haproxy does not care if you come from the inside or outside network, since
> it's just a TCP proxy.
That's what I tought !
> However, since you're balancing on source IP address,
> I suspect that from the internal net, your hash goes to one server, and that
> from the internet address you used, you go to the other server and that it
> simply does not respond.
>
>
I can reach both TCP server from the internet if I set a DNAT rule to
those 2 adresses, so those TERMINAL server are fine and routing should
be ok too
> Check the logs, check that the FW box correcly nats the outgoing traffic,
> and BTW, that the haproxy box has the correct default gateway to the net
> through the FW box.
>
When a client get's to the haproxy box a have a log of the client who
connect but from internet I dont see anything in haproxy log
I did not mention that keepalived set the VIP that I use on the haproxy box.
> If nothing works, you can still produce a tcpdump trace on the haproxy box
> so that we can check at what moment the problem appears.
>
1205354601.951588 66.130.19.67 -> 192.168.4.26 TCP 1394 > 3389 [SYN]
Seq=0 Len=0 MSS=1460
1205354601.951656 192.168.4.26 -> 66.130.19.67 TCP 3389 > 1394 [SYN,
ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1460
1205354604.846363 66.130.19.67 -> 192.168.4.26 TCP 1394 > 3389 [SYN]
Seq=0 Len=0 MSS=1460
1205354604.846439 192.168.4.26 -> 66.130.19.67 TCP 3389 > 1394 [SYN,
ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1460
1205354605.201423 192.168.4.26 -> 66.130.19.67 TCP 3389 > 1394 [SYN,
ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1460
> Regards,
> Willy
>
>
Thanks
-- Guillaume Bourque, B.Sc., consultant, infrastructures technologiques Logisoft Technologies inc. 514 576-7638 http://www.logisoftech.comReceived on 2008/03/12 23:23
This archive was generated by hypermail 2.2.0 : 2008/03/12 23:30 CET