On Mon, 29 Jan 2007 17:34:51 +0100 Marian Hettwer <[EMAIL PROTECTED]> wrote:
> > > Pierre-Yves Ritschard schrieb: > > On Mon, 29 Jan 2007 17:20:50 +0100 > > Marian Hettwer <[EMAIL PROTECTED]> wrote: > > > >> Which would mean, I send a SYN to my load balancer, which forwards > >> the SYN to one of my webservers, and the webserver would send a > >> SYN-ACK back to me. But my machine, obviously can't do anything > >> with a SYN-ACK from an IP address it didn't even asked... > >> The client would assume to get a SYN-ACK from the load balancer > >> (which he asked...) > >> > >> understood? > > no you don't get it. > > you setup your webservers with IPs whose default gateway is the > > load-balancer, then use rdr, that's how its done hence all the > > traffic goes through the load-balancer and real client ips are > > preserved. > > > Ah... there we go. > I can't setup the webservers with their default gateway to my load > balancer. The boxes are scattered dedicated servers and I have no > possibility to change the network settings. > These are rented servers (dedicated boxes) at some cheap ISP and all > they have is an official IP address. > Changing the default gateway isn't possible... > Sorry 'bout that. > > ./Marian > You could also do an ugly hack which would consist of attaching a second network on your servers and load balancers (provided they are in the same (v)?lan) like 172.16.1.0/24 and use that for contacting the real, then you'll need to lookup another routing table when being contacted on the 172.16.1.0/24 network (using pf + alternate routing tables in openbsd or iproute2 in linux). Otherwise you're stuck with nat.
