How to configure a transparent proxy with HAProxy

Linux
If you configure HAProxy by default, the backends will receive the IP address of the HAProxy as the incoming IP address. Some applications (or people) don't want that. It is possible to configure HAProxy as a transparent proxy, so that the IP of the client is used. First of all, you need to ensure that you have a Linux kernel with the netfilter_tproxy module enabled. If you use, for example, CentOS 7, which will be used in this example, that will already be the case. If you use another distribution or older version, ensure that the netfilter_tproxy kernel module is available. 1) Ensure that you have enabled forwarding and nonlocal bind in the sysctl.conf:
# echo 1 > /proc/sys/net/ipv4/ip_forward
# echo 1 > /proc/sys/net/ipv4/ip_nonlocal_bind
You can save that in /etc/sysctl.conf for future use (after reboot). 2) Iptables rules need to be configured:
iptables -t mangle -N DIVERT iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT iptables -t mangle -A DIVERT -j MARK --set-mark 1 iptables -t mangle -A DIVERT -j ACCEPT
3) IP rules
#ip rule add fwmark 1 lookup 100 #ip route add local 0.0.0.0/0 dev lo table 100
4) HAProxy configuration can be done by adding 'transparent' to the bind option.
frontend application           bind 192.168.1.1:80 transparent           mode tcp