I'd like to set up transparent HA Proxy for TCP protocol.
It works flawlessly when HA Proxy is in front of the boxes that are running the service.
But when I try to set up HA Proxy in transparent mode to load balance connections to a service that is residing on the same box as HA Proxy then it stops working.
My actual setup looks like this:
eth0 192.168.56.101
HA Proxy config:
listen sftp :9222
mode tcp
source 0.0.0.0 usesrc clientip
option tcpka
option tcplog
balance leastconn
server server1 192.168.56.101:22 check
IPTABLES/ROUTING:
iptables -t mangle -N DIVERT
iptables -t mangle -A DIVERT -j MARK --set-mark 1
iptables -t mangle -A DIVERT -j ACCEPT
iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
ip rule add fwmark 1 lookup 100
ip route add local default dev eth0 table 100
It looks like an issue with routing. I've tried lots of rules/scenarios but I'm unable to get it working. Please advise.
Regards,
Filip
