I am trying to setup a loadbalancing lab for HAproxy in single-arm mode (when actual frontend IP and backend servers reside in same subnet, while actual clients are always remote). Another request is to make client source IPs visible to backend nodes. As we load-balance custom tcp-based app, it seems that option 'source 0.0.0.0 usesrc clientip' is a right choice here. Also, I have configured backends to have default-gateways pointing to HAproxy's IP address.
Although strange things happen once I enable this backend option: I see connection to frontend VIP was properly done and 3-way handshake formed. But when HAproxy server is trying to build a 2nd session to reach out to backend servers with spoofed IP of a client, I see exactly this happening:
Proxy is sending SYN with spoofed Client's IP address to one of the backends;
Backend is normally repsonds with SYN-ACK packet;
Proxy is NOT sending last ACK, just blindly sends SYN packets after timeout with same outcome;
On a proxy I see this connection is marked as SYN_SENT in netstat output, so it looks like proxy server doesn't accept actualy SYN-ACK packet for some reason.
Any comment would be appreciated.
The source option makes HAProxy bind to a specific IP address before it relays the request to the server. If you just need to load balance servers over TCP/IP (not HTTP), then you do not need this.
Set mode tcp in your frontend and backend, which enables load balancing of TCP-enabled applications.
To forward the client's IP address to the server, can you modify your custom application to support the Proxy Protocol? https://www.haproxy.com/blog/using-haproxy-with-the-proxy-protocol-to-better-secure-your-database/
how to know what port is used to make http Get request from Postman?
I made this http Get request for example:
http://127.0.0.1:3000/
This request got through to the destination and the client could get response.
You can goto console >network >remote address to know the IP and port of the destination
if you goto localaddress , it shows the network through which it will connect to the destination (Meaning the subnet network ) like wireless network , vlan network etc.
You can goto cmd and type ifconfig or ipconfig and verify this
I want to be able to send POST requests from devices outside of my network to my PC.
I am not able to port forward from the router settings page and all of my previous attempts to use UPnP have not worked.
Is there another way that I can send requests to my PC?
I'm trying to run JMeter on a remote server.
I'm running JMeter-server on a new VM instance, and the GUI client from my desktop.
I edited the jmeter.properties file and inserted the external IP and port of my new VM.
# Remote Hosts - comma delimited
remote_hosts=<my external IP>
#remote_hosts=localhost:1099,localhost:2010
# RMI port to be used by the server (must start rmiregistry with same port)
server_port=1099
I also enabled that specific port and IP on my firewall.
To test I used curl and got a response immediately:
curl <my external IP>:1099
curl: (52) Empty reply from server
When I started the JMeter GUI, I got an exception:
connection refused to host:<Internal IP of my new VM>
My question is - why is the JMeter GUI trying to reach my internal IP instead of the external IP specified in the properties? How does JMeter know my internal IP? What am I missing? Do I need to configure it somewhere else?
In jmeter-server/jmeter-server.bat file uncomment:
RMI_HOST_DEF=-Djava.rmi.server.hostname=
Imagine we have a hosting containing:
a search engine running on port 5678 (it's required this port it's open in order to work).
nginx running on port 80.
When a user connects to our website and search something on it, he is only connecting through port 80, but never through 5678. We can check this running "netstat -an".
So my question is: If the client it's never connecting directly with the search engine's port, why we need to keep it open?
Normally client requests are coming to your web server (port 80 or 443), and your web server (your php,or your java code) has a logic to connect to your search engine and send back the result to the client via port 80/443 (local socket connection, if web server and search server running on the same server). so clients need not to connect directly to your search engine port (5678). (from external networks). may be your web server internal interface and search engines internal interface connect locally via local s socket connection.
I'm not sure how you run your web server and search engine, is it two different servers or nginx act as a load balancer and send the client request to your multiple search servers. i think your search engine port use internally to communicate with your web server hosted software. or may be you run both nginx and search server on the same server.
other guess is your firewall or router forwarding port 80 request to your search server port 5678 (port forwarding).
try this on your search server
netstat -pant
this will give your all connection details, like local address,foreign address,state, and PID/Program name
Hope that helps
You can connect to a webserver using a different port. Port 80 is the default for web servers. (port 443 for secure, https, connections) so it's not normally specified since it's 'understood'
But you can, actually, specify a different port to connect to. In your example, a user would specify which port they want to connect to in the URL
http://www.example.com:5678
The same reason why some services live on other ports, like 22, 3000, 3306, 8080, 9000, you might not access those ports directly but maybe some other apps/services/protocols connect to it internally, or could even be not on the same server, like if you have separate app/db/mail servers, they would contact each others by ports.