HAProxy community

Simple layer3 loadB for port range


Hi there,

thanks for you fantastic software.

I have 2 applications server (middleware) where the software listen on different socket for different channel, so the result is that i have 120 different port open from 10000 to 60000

I want to put an HAproxy on head of that, and i google for solution…

i put together something like this:

frontend FRTEST
bind xxx.yyy.zzz.126:10000-60000
mode tcp
default_backend BKTEST

backend BKTEST
stick store-request src
stick-table type ip size 200k expire 120m
option persist
option redispatch
balance roundrobin
server as1 xxx.yyy.zzz.127 (no port means the same port right?)
server as2 xxx.yyy.zzz.128

where obv xxx.yyy.zzz.126 is my VIP, and xxx.yyy.zzz.127,128 are my as

is the correct solution?

what is the option like fowardfor for tcp balancing?




Your configuration might work, that said, I don’t think it’s a good idea to bind 50K ports when you need only 120…
Is there, by any chance, a port that will always be opened on the server side (for monitoring purpose) ?

About your forwardfor question for TCP, you may want to use proxy-protocol, but the application servers must be compatible with it.
More info about Proxy protocol: https://www.haproxy.com/blog/haproxy/proxy-protocol/


yep you are right but if i know (i can retrieve it) the 120 ports, how i can put on this configuration? i miss example… thank you!!

EDIT: i put bind vip:port for 120 rows :smiley:


and an other question:

the developer tell me that he try to send a request but i don’t receive a ACK in response, but i don’t know why, how i can check this?

thanks again!

EDIT: Found the problem, the default is mode http and not mode tcp


bind :1050,:1055,:1060


bind :1050
bind :1055
bind :1060



final question: best way to check if node in backend is alive? (in tcp mode)

with ping?

tcp-check send PING\r\n
tcp-check expect string +PONG


if i put only check on the conf haproxy wont start, because want a port for perform a check


“tcp-check send/expect” is when you want to mimic an actual client and know exactly what the protocol has to look like.

I think its best to only check a specific port.

You can specify the health check port like this:
server as2 xxx.yyy.zzz.128 check port 1050

It won’t change the behavior for actual traffic, only health checks now use port 1050. This will mark the server down when haproxy cannot connect to port 1050 on that particular server.


work as expected, many thanks guys :slight_smile:

i don’t understand why this community is not like the big open project, haproxy is amazing… :slight_smile: