HAProxy TProxy support CentOS 7
PER: Howto Transparent proxying and binding with HAProxy and ALOHA load-balancer
Says following kernel flags set:
CONFIG_NETFILTER_TPROXYCONFIG_NETFILTER_XT_TARGET_TPROXY
in /boot/config-<kernel> (3.10.299---something_x86_64) I see:
CONFIG_NETFILTER_XT_TARGET_TPROXY
Build kernel following steps to add TProxy support for a post was for CentOS 6 and I'm left with the same CONFIG_NETFILTER_XT_TARGET_TPROXY flag set.
Do I have enough for transparent proxy already? Is there a difference for CONFIG_NETFILTER_TPROXY kernel flag from kernel in CentOS 6 2.x vs 3.10.x that I'm missing?
Solution 1:
Check if it is already there:
grep TPROX /boot/config-`uname -r`
it is
CONFIG_NETFILTER_XT_TARGET_TPROXY=m
CONFIG_NF_TPROXY_IPV4=m
CONFIG_NF_TPROXY_IPV6=m
m means it is compiled as a kernel module
Check for the module file:
find /lib/modules/`uname -r` | grep -i tproxy
They are there:
/lib/modules/4.18.0-147.5.1.el8_1.x86_64/kernel/net/ipv4/netfilter/nf_tproxy_ipv4.ko.xz
/lib/modules/4.18.0-147.5.1.el8_1.x86_64/kernel/net/ipv6/netfilter/nf_tproxy_ipv6.ko.xz
/lib/modules/4.18.0-147.5.1.el8_1.x86_64/kernel/net/netfilter/xt_TPROXY.ko.xz
Is it already loaded ?
lsmod | grep tproxy
(no output means: not loaded)
See which ones we can load:
modprobe -c | grep tproxy
Shows:
alias symbol:nf_tproxy_get_sock_v4 nf_tproxy_ipv4
alias symbol:nf_tproxy_get_sock_v6 nf_tproxy_ipv6
alias symbol:nf_tproxy_handle_time_wait4 nf_tproxy_ipv4
alias symbol:nf_tproxy_handle_time_wait6 nf_tproxy_ipv6
alias symbol:nf_tproxy_laddr4 nf_tproxy_ipv4
alias symbol:nf_tproxy_laddr6 nf_tproxy_ipv6
Load the one(s) we want:
modprobe nf_tproxy_ipv6
Now check again to see if it is loaded:
lsmod | grep tprox
Yes this time:
nf_tproxy_ipv6 16384 0