Ubuntu 16.04 and Transparent mode


#1

Who configured Ubuntu server 16.04 haproxy in transparent mode. Who can help ?


#2

I’ve not configured transparent mode(I assume Tproxy??) on Ubuntu but I’ve done it plenty on CentOS so if you have questions I may be able to help.


#3

Target: NLB for Exchange 2013
I install Centos 7 with 4 network adapter (1 eth for HostNetwork 1 eth for Stats, 1eth for mail.contoso.com. 1 eth for outlook.contoso.com)
Haproxy server:
10.45.100.100 - HostNetwork
10.45.100.101 - stats
10.45.100.60 - mail.contoso.com
10.45.100.61 - outlook.contoso.com

Exchange Server:
CAS-01 - 10.45.100.160
CAS-02 - 10.45.100.161

Install:
wget http://www.haproxy.org/download/1.7/src/haproxy-1.7.9.tar.gz
tar -zxf haproxy-1.7.9.tar.gz
cd haproxy-1.7.9.tar.gz
Make TARGET=linux26 USE_STATIC_PCRE=1 USE_LINUX_TPROXY=1

Config file:
global
description Our awesome HAProxy Stats page
log /dev/log local0 info
chroot /var/lib/haproxy
stats socket /var/run/haproxy/haproxy.sock mode 600 level admin
group haproxy
user haproxy
daemon
quiet
tune.ssl.default-dh-param 2048

defaults
log global
mode http
option log-separate-errors
option httplog clf
option dontlognull
option forwardfor
timeout connect 60000ms
timeout client 2400000ms
timeout server 2400000ms
timeout check 60000ms
email-alert mailers mymailers
email-alert from haproxy@contoso.com
email-alert to katochimoto@contoso.com
email-alert level info

Email system for Emailing alerts

mailers mymailers
mailer mymailserver 10.45.100.161:25 # IP Exchange Server

listen statspage
bind 10.45.100.101:9000 ssl crt /etc/ssl/certs/exchange_certificate_and_key_nopassword.pem
stats enable
stats uri /stats
stats refresh 30s
stats auth admin:P@ssw0rd
stats show-desc
stats show-legends
stats admin if TRUE

frontend fe_ex2013_smtp
mode tcp
bind 10.45.100.60:25
default_backend be_ex2013_smtp

frontend fe_ex2013
description Exchange 2013 /Autodiscovery/MAPI/OWA/ECP/ActiveSync/EWS/OAB/ - FrontEnd
mode http
bind 10.45.100.60:443 ssl crt /etc/ssl/certs/exchange_certificate_and_key_nopassword.pem
acl autodiscover url_reg (?i)/autodiscover
acl mapi url_reg (?i)/mapi
acl owa url_reg (?i)/owa
acl eas url_reg (?i)/microsoft-server-activesync
acl ecp url_reg (?i)/ecp
acl ews url_reg (?i)/ews
acl oab url_reg (?i)/oab
use_backend be_ex2013_autodiscover if autodiscover
use_backend be_ex2013_mapi if mapi
use_backend be_ex2013_owa if owa
use_backend be_ex2013_eas if eas
use_backend be_ex2013_ecp if ecp
use_backend be_ex2013_ews if ews
use_backend be_ex2013_oab if oab
default_backend be_ex2013

frontend FrontEnd_outlook.contoso.com
description Exchange 2013 /RPC/ - FrontEnd
mode http
bind 10.45.100.61:443 ssl crt /etc/ssl/certs/exchange_certificate_and_key_nopassword.pem
acl rpc url_reg (?i)/rpc
use_backend be_ex2013_rpc if rpc
default_backend be_ex2013

backend be_ex2013_smtp
mode tcp
no option http-server-close
balance roundrobin
option log-health-checks
option smtpchk EHLO haproxy.check
server CAS-01 10.45.100.160:25 check
server CAS-02 10.45.100.161:25 check

backend be_ex2013_autodiscover
description Exchange 2013 /Autodiscovery/ - BackEnd
mode http
balance leastconn
option httpchk GET /autodiscover/healthcheck.htm
option log-health-checks
http-check expect status 200
server CAS1 10.45.100.160:443 check ssl slowstart 5m downinter 3m inter 5s fall 3 rise 5 verify required ca-file /etc/ssl/certs/ca-certificates.crt
server CAS2 10.45.100.161:443 check ssl slowstart 5m downinter 3m inter 5s fall 3 rise 5 verify required ca-file /etc/ssl/certs/ca-certificates.crt

backend be_ex2013_mapi
description Exchange 2013 /MAPI/ - BackEnd
mode http
balance leastconn
option httpchk GET /mapi/healthcheck.htm
option log-health-checks
http-check expect status 200
server CAS1 10.45.100.160:443 check ssl slowstart 5m downinter 3m inter 5s fall 3 rise 5 verify required ca-file /etc/ssl/certs/ca-certificates.crt
server CAS2 10.45.100.161:443 check ssl slowstart 5m downinter 3m inter 5s fall 3 rise 5 verify required ca-file /etc/ssl/certs/ca-certificates.crt

backend be_ex2013_rpc
description Exchange 2013 /RPC/ - BackEnd
mode http
balance leastconn
option httpchk GET /rpc/healthcheck.htm
option log-health-checks
http-check expect status 200
server CAS1 10.45.100.160:443 check ssl slowstart 5m downinter 3m inter 5s fall 3 rise 5 verify required ca-file /etc/ssl/certs/ca-certificates.crt
server CAS2 10.45.100.161:443 check ssl slowstart 5m downinter 3m inter 5s fall 3 rise 5 verify required ca-file /etc/ssl/certs/ca-certificates.crt

backend be_ex2013_owa
description Exchange 2013 /OWA/ - BackEnd
mode http
balance leastconn
option httpchk GET /owa/healthcheck.htm
option log-health-checks
http-check expect status 200
server CAS1 10.45.100.160:443 check ssl slowstart 5m downinter 3m inter 5s fall 3 rise 5 verify required ca-file /etc/ssl/certs/ca-certificates.crt
server CAS2 10.45.100.161:443 check ssl slowstart 5m downinter 3m inter 5s fall 3 rise 5 verify required ca-file /etc/ssl/certs/ca-certificates.crt

backend be_ex2013_eas
description Exchange 2013 /EAS/ - BackEnd
mode http
balance leastconn
option httpchk GET /microsoft-server-activesync/healthcheck.htm
option log-health-checks
http-check expect status 200
server CAS1 10.45.100.160:443 check ssl slowstart 5m downinter 3m inter 5s fall 3 rise 5 verify required ca-file /etc/ssl/certs/ca-certificates.crt
server CAS2 10.45.100.161:443 check ssl slowstart 5m downinter 3m inter 5s fall 3 rise 5 verify required ca-file /etc/ssl/certs/ca-certificates.crt

backend be_ex2013_ecp
description Exchange 2013 /ECP/ - BackEnd
mode http
balance leastconn
option httpchk GET /ecp/healthcheck.htm
option log-health-checks
http-check expect status 200
server CAS1 10.45.100.160:443 check ssl slowstart 5m downinter 3m inter 5s fall 3 rise 5 verify required ca-file /etc/ssl/certs/ca-certificates.crt
server CAS2 10.45.100.161:443 check ssl slowstart 5m downinter 3m inter 5s fall 3 rise 5 verify required ca-file /etc/ssl/certs/ca-certificates.crt

backend be_ex2013_ews
description Exchange 2013 /EWS/ - BackEnd
mode http
balance leastconn
option httpchk GET /ews/healthcheck.htm
option log-health-checks
http-check expect status 200
server CAS1 10.45.100.160:443 check ssl slowstart 5m downinter 3m inter 5s fall 3 rise 5 verify required ca-file /etc/ssl/certs/ca-certificates.crt
server CAS2 10.45.100.161:443 check ssl slowstart 5m downinter 3m inter 5s fall 3 rise 5 verify required ca-file /etc/ssl/certs/ca-certificates.crt

backend be_ex2013_oab
description Exchange 2013 /OAB/ - BackEnd
mode http
balance leastconn
option httpchk GET /oab/healthcheck.htm
option log-health-checks
http-check expect status 200
server CAS1 10.45.100.160:443 check ssl slowstart 5m downinter 3m inter 5s fall 3 rise 5 verify required ca-file /etc/ssl/certs/ca-certificates.crt
server CAS2 10.45.100.161:443 check ssl slowstart 5m downinter 3m inter 5s fall 3 rise 5 verify required ca-file /etc/ssl/certs/ca-certificates.crt

backend be_ex2013
mode http
balance leastconn
server CAS1 10.45.100.160:443 check ssl slowstart 5m downinter 3m inter 5s fall 3 rise 5 verify required ca-file /etc/ssl/certs/ca-certificates.crt
server CAS2 10.45.100.161:443 check ssl slowstart 5m downinter 3m inter 5s fall 3 rise 5 verify required ca-file /etc/ssl/certs/ca-certificates.crt

How enable transparent ? Is it possible to enable for SMTP?