HAProxy - Transparent Binding
Leander Schaefer
info at NetOcean.de
Wed May 13 21:57:33 UTC 2020
Hello,
I need to have transparent binding for my haproxy. Therefore I found a
tutorial for Linux:
https://www.haproxy.com/de/blog/howto-transparent-proxying-and-binding-with-haproxy-and-aloha-load-balancer/
Do you perhaps know the equivilant kernel options for FreeBSD:
- CONFIG_NETFILTER_TPROXY
- CONFIG_NETFILTER_XT_TARGET_TPROXY
or if there is even any change required in the kernel of the latest
FreeBSD 12.1-RELEASE to achieve the same goal?
# iptables rules:
iptables -t mangle -N DIVERT
iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
iptables -t mangle -A DIVERT -j MARK --set-mark 1
iptables -t mangle -A DIVERT -j ACCEPT
# IP route rules:
ip rule add fwmark 1 lookup 100
ip route add local 0.0.0.0/0 dev lo table 100
# HAProxy conf:
# Transparent binding can be configured like this:
[...]
frontend ft_application
bind 1.1.1.1:80 transparent
[...]
# Transparent proxying can be configured like this:
[...]
backend bk_application
source 0.0.0.0 usesrc clientip
[...]
More information about the freebsd-ipfw
mailing list