: Tom Maher
Date: 2018-02-26 20:07
To: mingbei...@baifendian.com; Aaron West
CC: Wang Bin; haproxy
Subject: RE: Re: haproxy tcp mode source ip
We had a similar requirement. We developed a patch (on 1.8.3) that allows the
Proxy Protocol TLV PP2_TYPE_NETNS to be configured as part of a bind w
Thanks Aaron. Our specific purpose is slightly different, and our network
topology means TPROXY doesn't work for us.
Regards,
Tom
-Original Message-
From: Aaron West
Sent: 26 February 2018 13:28
To: mingbei...@baifendian.com
Cc: Wang Bin ; haproxy
Subject: Re: Re: haproxy tcp
Hi,
The TPROXY method truly makes it source IP transparent(Your real
servers will see the connection as coming from the client's IP) so it
will be fine for IP based privileges I think.
Aaron West
Loadbalancer.org Ltd.
www.loadbalancer.org
+1 888 867 9504 / +44 (0)330 380 1064
aa...@loadbalance
Aaron West
CC: Wang Bin; haproxy
Subject: RE: Re: haproxy tcp mode source ip
We had a similar requirement. We developed a patch (on 1.8.3) that allows the
Proxy Protocol TLV PP2_TYPE_NETNS to be configured as part of a bind with a
“send_netns ”, e.g.:
frontend cfe
bind 192.168.1.20:3128 send_
i_conn->target = &l->obj_type;
cli_conn->proxy_netns = l->netns;
+ cli_conn->send_netns = l->send_netns;
conn_ctrl_init(cli_conn);
--- ../../../haproxy-1.8.3/include/types/connection.h 2017-12-30
17:13:19.00000 +
Regards,
Tom
From: mingbei..
: 2018-02-26 18:14
To: mingbei...@baifendian.com
CC: Wang Bin; haproxy
Subject: Re: Re: haproxy tcp mode source ip
Yes, you can use TPROXY instead of Proxy Protocol if you don't mind
the additional routing changes(Need to move to two-arm with real
servers setting the GW to be the HAProxy s
Yes, you can use TPROXY instead of Proxy Protocol if you don't mind
the additional routing changes(Need to move to two-arm with real
servers setting the GW to be the HAProxy server).
You can see an example in this short Blog here:
https://loadbalancer.org/blog/setting-up-haproxy-with-transparent-m
> - Big Data Practitioner
>
> 北京市朝阳区北辰西路8号院2号楼北辰世纪中心A座16层
>
>
>
> *From:* Wang Bin
> *Date:* 2018-02-26 17:10
> *To:* mingbei...@baifendian.com
> *CC:* haproxy
> *Subject:* Re: haproxy tcp mode source ip
> It's not possible to obtain original IP address in TCP proxy mo
: mingbei...@baifendian.com
CC: haproxy
Subject: Re: haproxy tcp mode source ip
It's not possible to obtain original IP address in TCP proxy mode.
If your backend supports proxy protocol, you can enable proxy protocol
to pass original IP to your backend.
2018-02-26 16:06 GMT+08:00 mi
TCP代理模式没法获得原始的IP,如果你的后端程序支持 proxy protocol,用这个。
怎么用自己查文档吧。
2018-02-26 17:10 GMT+08:00 Wang Bin :
> It's not possible to obtain original IP address in TCP proxy mode.
> If your backend supports proxy protocol, you can enable proxy protocol
> to pass original IP to your backend.
>
> 2018-02-26 16:06
It's not possible to obtain original IP address in TCP proxy mode.
If your backend supports proxy protocol, you can enable proxy protocol
to pass original IP to your backend.
2018-02-26 16:06 GMT+08:00 mingbei...@baifendian.com
:
> Hi:
> Hello, great big brother, haproxy gets the source IP in
Hi:
Hello, great big brother, haproxy gets the source IP in the TCP mode, not
the IP address of the haproxy, Thanks;
徐铭贝
Mobile: +86-15801118167
12 matches
Mail list logo