I need to configure a HAProxy frontend like this:
frontend web-server option forwardfor except 127.0.0.0/8 bind :8080 bind :32768-65535 default_backend service
But, that configuration don’t let me connect to other servers, internal or external.
$ wget www.google.com --2016-12-22 23:21:13-- http://www.google.com/ Resolving www.google.com (www.google.com)... 184.108.40.206, 2607:f8b0:4006:804::2004 Connecting to www.google.com (www.google.com)|220.127.116.11|:80... failed: Cannot assign requested address. Connecting to www.google.com (www.google.com)|2607:f8b0:4006:804::2004|:80... failed: Network is unreachable.
If I comment the line
bind :32768_65535 and restart HAProxy, I can connect to other servers again.
I think I’m making HAProxy binds to ports that are necessary to start a connection, and that’s the reason why that configuration is causing this problem.
How can I configure HAProxy to listen in those ports, without that connection problem?
- HAProxy 1.6
- Ubuntu 16.04 (it’s a clean installation)
So, haproxy is binding every local port from 32768 to 65535 inclusive. This is a problem because, by default, outgoing connections bind a local port within this range:
# sysctl net.ipv4.ip_local_port_range net.ipv4.ip_local_port_range = 32768 60999
To resolve the issue you will need to select a local port range that is not otherwise going to be used on your system and reconfigure this sysctl to use it. For example:
sudo sysctl -w net.ipv4.ip_local_port_range="24576 32767"
(And make it persistent in
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.