Hi Joseph, On Mon, Apr 05, 2010 at 11:28:49PM -0400, Joseph Hardeman wrote: > Hi Guys, > > I got asked if there is a way to make haproxy set the requesting IP it sends > to the backends to the ip address of the visitor instead of the ip address > of the haproxy server. I know I can do this with LVS, I did that for > another company several years ago, simply by changing ipv4.ip_forward to 1. > They are wanting their systems to send the data back to the visitor instead > of passing it back through haproxy.
yes you can do that if you build it with the LINUX_TPROXY setting. But you must be aware that this requires a kernel patch (because obviously, by default the kernel will not be able to connect to another machine from an IP address it does not own). There's a nice howto on loadbalancer.org's blogs on this subject : http://blog.loadbalancer.org/configure-haproxy-with-tproxy-kernel-for-full-transparent-proxy/ Once you've patched your kernel to support the feature, you can achieve that by specifying "source 0.0.0.0 usesrc clientip" in haproxy's config. Please note that this requires root privileges and a bunch of iptables rules. Regards, Willy
