服务器信息:

CentOS Linux release 7.7.1908 (Core)
192.168.100.100、172.16.10.1TCP转发代理机需要转发的端口:8888、1234
172.16.10.10目的服务器①端口:8888
172.16.10.11目的服务器②端口:1234

开启CentOS7转发功能

vim /etc/sysctl.conf
    net.ipv4.ip_nonlocal_bind = 1
    net.ipv4.ip_forward = 1
#保存并退出
sysctl -p

安装HAProxy并配置HAProxy日志

yum install haproxy -y

vim /etc/rsyslog.d/haproxy.conf
    local2.* /var/log/haproxy.log

systemctl restart rsyslog

配置HAProxy转发

mv /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg.Template

vim /etc/haproxy/haproxy.cfg
global
log 127.0.0.1 local2
ulimit-n 800000
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
stats socket /var/lib/haproxy/stats

defaults
    mode tcp
    log global
    option dontlognull
        retries 3
        maxconn 6000
        timeout queue 1m
        timeout connect 1000s
        timeout client 150000m
        timeout server 150000m
        timeout check 10s

frontend forward8888
    bind *:8888
    acl is_1 hdr_beg(host) -i test.itca.cc      #规则设置,-i后面是要访问的域名;多个域名,就写多个规则,但is_1、is_2、...要与后面的use_backend 对应
    use_backend server8888 if is_1     #如果访问is_1设置的域名,就负载均衡到下面backend设置的对应server8888上,其他的域名同理
    #default_backend server8888     #默认转发到server8888
frontend forward1234
    bind *:1234
    default_backend server1234

backend server8888
    server server1 172.16.10.10:8888 maxconn 3000
backend server1234
    server server2 172.16.10.11:1234 maxconn 3000

启动HAProxy并配置开机自启

systemctl enable haproxy && systemctl start haproxy

透传IP

1、HAProxy配置
vim /etc/haproxy/haproxy.cfg
global
log 127.0.0.1 local2
ulimit-n 800000
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
#user haproxy
#group haproxy
daemon
stats socket /var/lib/haproxy/stats

defaults
    mode tcp
    log global
    # 加上下行关键配置项
    source 0.0.0.0 usesrc clientip
    option dontlognull
        retries 3
        maxconn 6000
        timeout queue 1m
        timeout connect 1000s
        timeout client 150000m
        timeout server 150000m
        timeout check 10s

frontend forward8888
    bind *:8888
    default_backend server8888
frontend forward1234
    bind *:1234
    default_backend server1234

backend server8888
    server server1 172.16.10.10:8888 maxconn 3000
backend server1234
    server server2 172.16.10.11:1234 maxconn 3000
/sbin/iptables -F
/sbin/iptables -t mangle -N DIVERT
/sbin/iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
/sbin/iptables -t mangle -A DIVERT -j MARK --set-mark 1
/sbin/iptables -t mangle -A DIVERT -j ACCEPT
/sbin/ip rule add fwmark 1 lookup 100
/sbin/ip route add local 0.0.0.0/0 dev lo table 100
# 通过以上配置,将所有发往Proxy的tcp包,重定向到本地环路(lo)上。然后由TProxy内核补丁来对这些网络包进行处理,进而成功将后端server返回包路由回源客户端
2、客户端主机配置(172.16.10.10、172.16.10.11)
# 通过添加这条路由,让后端server将返回包路由到Proxy节点,172.16.10.1为Proxy的IP
route add -net 172.16.0.0/16 gw 172.16.10.1
# route add -net 0.0.0.0/0 gw 172.16.10.1
# 或者直接在网卡配置文件设置网关为172.16.10.1