Another option if proxy protocol isn't available for the server software
is to use "source 0.0.0.0 usesrc clientip".
You need to combine that with the correct firewall divert rules to make
it work... This will make haproxy seem to connect from the original
clientip.
See: http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#4.2-source
Greets PiBa-NL
Patrick Hemmer schreef op 27-1-2014 15:34:
You can use the "proxy protocol" for this. Haproxy doesn't allow
manipulation of the TCP stream itself as it could be any number of
protocols which haproxy doesn't support. However the proxy protocol
sends a line at the very beginning of the stream containing the client
source IP, port, destination, & destination port, then it starts
sending the data. As such, whatever you're sending to has to be
capable of handling the proxy protocol header (and be configured to do
so).
See
http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#5.2-send-proxy
and http://haproxy.1wt.eu/download/1.5/doc/proxy-protocol.txt
-Patrick
------------------------------------------------------------------------
*From: *Semenov, Evgeny <[email protected]>
*Sent: * 2014-01-27 09:06:59 E
*To: *[email protected] <[email protected]>
*Subject: *Real client IP address question
Hi,
There is a setting('forward for' option)in haproxy allowing to
forward the traffic with the real client IP address to the end
server. This setting works only for HTTP traffic. Is there a way to
make a similar setting for TCP?
I run haproxy on Linux OS.
Best regards,
Evgeny Semenov
