Hi,
On Fri, Mar 21, 2008 at 10:45:48AM +0100, Wouter Callewaert wrote:
> Hi,
>
>
>
> I'm trying to install HAProxy for multiple incoming SMTP servers.
>
> Since I need the ip address for RBL checks, I need to use tproxy as
> well.
>
>
>
> I've installed HAProxy snapshot 20080318 and tproxy 4.0.4 on the 2.6.22
> kernel.
>
> Both the nf_conntrack & iptable_tproxy modules are loaded.
>
>
>
> When I test the proxy with a telnet connection, I just get a timeout. It
> works fine without the 'usesrc clientip'
>
>
>
> Any idea what I could do wrong?
Possibly you're not wrong. I have re-implemented a transparent proxy patch for 2.4 which did not rely on cttproxy nor the nat patches, and I needed an ID for the setsockopt call. I found that tproxy4 API was perfectly suitable for this, so I have adapted my patch to reflect it, but have not tried tproxy4 yet.
However, have you checked that you have ip_forward enabled ? With my patches it is required, because since the source address does not belong to the machine, the return packets are dropped very early. I would not be surprized you have the same requirement with tproxy4 (which I really should test soon).
> No change that the XCLIENT extension will be implemented in the near
> future? (http://www.postfix.org/XCLIENT_README.html , comparable with
> the X-Forwarded-For header)
Oh that's good news. Let's say that this will be one of the first features the day SMTP is supported ;-)
Regards,
Willy
Received on 2008/03/21 20:13
This archive was generated by hypermail 2.2.0 : 2008/03/21 20:30 CET