Beantwoorden Allen beantwoorden Doorsturen Van: Mike Hoffs <[email protected]> Aan: Willy Tarreau <[email protected]> Datum: 10/17/2010 09:40 PM Onderwerp: Re: ipv6 implementation forwardfor except > > > Hi Mike, > > > > > > > Is it possible to implement at forwardfor except ipv6 ? > > > > > > It should not be hard to do. However, as noted in the source, it's a bit > > > useless, because while IPv6 is used over the net, it's particularly rare > > > on the local network, and the "except" keyword is only used to reference > > > your local SSL proxies. Most often, it will only contain 127.0.0.0/8 or > > > your local LAN address. > > > > I know but then we need two entry's for haproxy for one single ipv6 > address that we tunnel to ipv4. > > > > > > > > > Now it is only possible to except a ipv4 address. If that is possible > we > > > can also make the legacy stuff with ssl ipv6 reachable. > > > > > > In my opinion, this is independant. You can very well have your SSL > reverse > > > proxy receive IPv6 traffic and forward it to haproxy on 127.0.0.1 > (IPv4). > > > > > > Do you have a concrete example where it's really needed ? > > > > Yes; > > > > Haproxy is configured to listen on ipv6 at port 80, both should be > reachable (80 & 443). With stunnel we capture 443 traffic, and tunnel it to > the single entry in haproxy. Haproxy is configured with forwardfor, stunnel > also. Now we have 2 ipv6 in the headers, and it would be nice to except the > local ipv6. With the solution to handle it on the local ipv4 should do the > trick but with many ssl hosts its a bit messy. With single entry we keep te > haproxy config clean. > > OK I see. I agree with you that if your setup is IPv6-only, then it makes > sense. It's not a common setup though. I'll try to figure out the required > changes to support that.
I think more hosters in the same situation who want to adopt ipv6 also for the legacy stuff will run in this situation. It will be a great addition for us and hopefully for others. We run version 1.4.8 if u want i can test the changes. > > Regards, > Willy > Thanks in advance, Regards, Mike
