On Sat, 2009-12-05 at 13:32 +0100, Jean-Pierre van Melis wrote: > Robert, > > First off I want to thank you for pound which makes it possible for me to run > several webservers on a consumer DSL-line. > > In the past I expressed my wish to make pound (optionally) truly transparent > using TPROXY. There are more people who would like to have this transparency. > One of them is Mr. Ivancso Krisztian ([email protected]) who even successfully > wrote a patch for pound http://poundtp.freeweb.hu/. > I would really like to have this incorporated in the mainline code and I > believe Mr. Ivancso Krisztian would even be honoured if you did. > > I never heard any reaction from you, the author of Pound, which leaves us a > bit in the dark. Could you please clear this up? A "no" is of course an > option too. If you also give us a reason would be better and a "I'm already > working on it" is of course the thing we would really like to hear ;-) > > I believe the TPROXY method is not cross-platform but this can be easily > solved using compiler directives... > The code will be simply ignored on the other platforms... > > Anyway.... > Thanks for developing and maintaining pound
First of all: thanks for the kind words. Now to the subject matter: I looked at the proposed patch and I can't see that we'll adopt it. Here is our reasoning: Benefit(s): - the back-end sees the true originating IP address. Disadvantages: - not portable, single system (Linux only) - very specific setup: the gateway must also be the Pound server. In most cases that is not done - you usually have a gateway that does port forwarding. - software complexity: additional code is never healthy - set-up complexity: Pound is dependent on netfilter being present, correctly configured, with no conflicts Seeing that the only benefit is that the logs would work with the IP address rather than the X-Forwarded-for header (which can be configured in practically all Web servers I know of), I don't think that this is worth it. I am aware that you put work into this, and, if you feel this is important, I would be happy to add a link to the patch on the Pound site, so people can easily find it. In the meantime I hope we could concentrate on getting the 2.5 release out. -- Robert Segall Apsis GmbH Postfach, Uetikon am See, CH-8707 Tel: +41-44-920 4904 -- To unsubscribe send an email with subject unsubscribe to [email protected]. Please contact [email protected] for questions.
