Problem with HAProxy transparent mode
-
Hi,
I need to activate Transpartent Mode on HAProxy because I need to see the public IP of customers browsing my websites.
However, by activating it all the other sites that are not on the public IP managed by the haproxy stop working.How can I solve?
Thanks
-
Hi,
anyone can help me?
-
@luck-besozzi
This by design.
Read the warning hint at Transparent ClientIP:WARNING Activating this option will load rules in IPFW and might interfere with CaptivePortal and possibly other services due to the way server return traffic must be 'captured' with a automatically created fwd rule. This also breaks directly accessing the (web)server on the ports configured above. Also a automatic sloppy pf rule is made to allow HAProxy to server traffic.
Workaround exists only by configuring a second port or IP on the destination server for direct access of the website.
Having this option enabled also means that a client on the same subnet as the server wont be able to connect. -
@viragomann
So we set up another Front / Backend for sites that were not previously managed by haproxy.
Everything works fine except the websocket connection.
The strange thing is that the websocket connection no longer works even on the other local virtual machines on the LAN (which are not web servers).