Hello Community
I have a problem, the traffic will no pass the HAProxy:
The configuration is based on two HAProxy’s with two nics of each.
A dump shows me input traffic but no output traffic.
frontend fe1
bind 10.10.11.1:80, interface eth1
mode tcp
default_backend be1
backend be1
mode tcp
balance roundrobin
server s1:80 10.10.12.1:80 check
server s2:80 10.10.12.2:80 check backup
the virtual ip’s are deployed via pacemaker ipaddr2 between two HAProxy nodes.
Backend adresses
HAProxy-1 : eth0 : 10.10.10.1/24
HAProxy-2 : eth0 : 10.10.10.2/24
defaulroute looks to eth0
Frontend adresses
HAProxy-1 : eth1 : 10.10.11.1/24
HAProxy-2 : eth1 : 10.10.11.2/24
As a local firewall i use nftables without nat. Drops will be logged, there are no drops.
Is there any nat or explicit routing needed if i want to hide the be-pool servers from the clients.
And the pool servers have to speak with the backend ips on eth0.
So the traffic comes like this : Client <10.10.11.0/24> eth1 eth0 <10.10.10.0/24> pool servers
Is here anyone to help me to fix my problem. And yes a part of the problems can be are not explicit HAProxy configuration. I’m not sure…
sysctl.conf
net.ipv4.ip_nonlocal_bind = 1
net.ipv4.ip_forward=1
net.ipv4.conf.all.log_martians = 0
net.ipv4.conf.default.log_martians = 0
Cheers Dave