Hi,
Pierre-Yves Ritschard schrieb:
On Mon, 29 Jan 2007 16:21:13 +0100
Marian Hettwer <[EMAIL PROTECTED]> wrote:
However, one thing is bothering me.
Obviously, my apache access logs on those load balanced machines can
only show the IP address of my load balancer, not the real remote ip
of the request.
Why are you rewriting the source address ?
A typical rule for redirecting web traffic would be:
rdr on $ext0 from any to $www port 80 -> <webservers>
that's true, but then the communication would look like this:
client --> load balancer --> webserver
webserver --> client
Which would mean, I send a SYN to my load balancer, which forwards the
SYN to one of my webservers, and the webserver would send a SYN-ACK back
to me. But my machine, obviously can't do anything with a SYN-ACK from
an IP address it didn't even asked...
The client would assume to get a SYN-ACK from the load balancer (which
he asked...)
understood?
This rewrite the destination address, not the source.
I know. But I have to use NAT...
Your apache logs are the same than they would have been had you been
directly reachable.
Would be the same, yip...
regards,
./Marian
