Hello, in http farm, you can use x-forwarded-for to log real ip. ZLB add it in http header
Cordialement, Mathieu CHATEAU http://www.lotp.fr 2016-09-25 21:24 GMT+02:00 Aaron Echols <aech...@bfcsmail.com>: > Yeah, but I'm using SSL offloading, I'll lose that with that setup. I > don't really feel like managing certs in multiple locations. Is there any > other workaround? Thank you :-) > On Sep 25, 2016 12:19 PM, Emilio Campos <emilio.campos.mar...@gmail.com> > wrote: > > Dear Aaron, as Chris replied you, the solution is to use DNAT with L4xNAT > profile, more information in the official documentation: > > Have a look here and check DNAT section: > https://www.zenloadbalancer.com/knowledge-base/enterprise- > edition-v3-04-administration-guide/enterprise-edition-v3- > 04-l4xnat-profile-farms/ > > Once you apply this your backends will use the Load Balancer as gateway, > it means that the backend ips will be known out of the backend network, so > you have to apply once of those sections: > > 1.- Make new route rules in your network for the backend network in order > to be routed along the other networks. > 2.- Create a special NAT rule in the load balancer. There is a special > file where to setup special routes and rules: > - Edit the file */usr/local/zenloadbalancer/config/zlb-start* and include > the rule: > > /sbin/iptables -t nat -A POSTROUTING -s <backends_subnet> -d > <destination_subnet> -o <output_if> -j MASQUERADE > Where: > -s <backends_subnet> is the source ip subnet in the form 192.168.0.0/24, > where the backends are located. > -d <destination_subnet> is the destination address and it's an optional > parameter. > -o <output_if> is the output interface where to perform the masquerade, > (ex: eth0) > > I hope it helps you > > 2016-09-22 23:01 GMT+02:00 Aaron Echols <aech...@bfcsmail.com>: > >> They are pointing directly to the default gateway for that network. L >> >> >> >> *From:* Chris Muench [mailto:cmue...@gmail.com] >> *Sent:* Thursday, September 22, 2016 1:57 PM >> *To:* Aaron Echols >> *Subject:* Re: [Zenloadbalancer-support] Passthrough Real IP >> >> >> >> Hey, >> >> I know other load balancer products the server has to use as its default >> gateway the ip that the lb has on whatever network they share. >> >> >> >> So server1 is 10.1.1.50 gw of 10.1.1.1 >> >> Lb is 10.1.1.10 >> >> >> >> Change server gw to 10.1.1.10 >> >> >> >> Try that. Obviously do it during a maint window since it may not work :) >> >> >> >> Sent from my BlackBerry 10 smartphone on the Verizon Wireles >> s 4G LTE network. >> >> *From: *Aaron Echols >> >> *Sent: *Thursday, September 22, 2016 1:35 PM >> >> *To: *zenloadbalancer-support@lists.sourceforge.net >> >> *Reply To: *zenloadbalancer-support@lists.sourceforge.net >> >> *Subject: *[Zenloadbalancer-support] Passthrough Real IP >> >> >> >> Is there a way to pass through the Real IP vs the Virtual IP from the >> loadbalancers? I’m trying to track down some rogue users hammering on the >> backend servers, but they are only showing the VIP’s. Thank you J >> >> >> >> >> >> >> ------------------------------------------------------------ >> ------------------ >> >> _______________________________________________ >> Zenloadbalancer-support mailing list >> Zenloadbalancer-support@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support >> >> > > > -- > Load balancer distribution - Open Source Project > http://www.zenloadbalancer.com > Distribution list (subscribe): zenloadbalancer-support@lists. > sourceforge.net > > > ------------------------------------------------------------ > ------------------ > > _______________________________________________ > Zenloadbalancer-support mailing list > Zenloadbalancer-support@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support > >
------------------------------------------------------------------------------
_______________________________________________ Zenloadbalancer-support mailing list Zenloadbalancer-support@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support