Hi Joseph,
On Mon, Apr 05, 2010 at 11:28:49PM -0400, Joseph Hardeman wrote:
> Hi Guys,
>
> I got asked if there is a way to make haproxy set the requesting IP it sends
> to the backends to the ip address of the visitor instead of the ip address
> of the haproxy server. I know I can do this with LVS, I did that for
> another company several years ago, simply by changing ipv4.ip_forward to 1.
> They are wanting their systems to send the data back to the visitor instead
> of passing it back through haproxy.
yes you can do that if you build it with the LINUX_TPROXY setting. But you must be aware that this requires a kernel patch (because obviously, by default the kernel will not be able to connect to another machine from an IP address it does not own).
There's a nice howto on loadbalancer.org's blogs on this subject :
http://blog.loadbalancer.org/configure-haproxy-with-tproxy-kernel-for-full-transparent-proxy/
Once you've patched your kernel to support the feature, you can achieve that by specifying "source 0.0.0.0 usesrc clientip" in haproxy's config. Please note that this requires root privileges and a bunch of iptables rules.
Regards,
Willy
Received on 2010/04/06 07:02
This archive was generated by hypermail 2.2.0 : 2010/04/06 07:15 CEST