Re: [Zenloadbalancer-support] Passthrough Real IP
You need to collect it in you web server config log Cordialement, Mathieu CHATEAU http://www.lotp.fr 2016-10-06 20:52 GMT+02:00 Aaron Echols <aech...@bfcsmail.com>: > That’s interesting, as this is in the documentation: > > > > Note that in the HTTP farms profile, the HTTP header X-Forwarded-For is > included by default with the IP client address data. > > > > What would be the issue then? > > > > *From:* Mathieu Chateau [mailto:mathieu.chat...@lotp.fr] > *Sent:* Tuesday, September 27, 2016 10:50 PM > *To:* zenloadbalancer-support > > *Subject:* Re: [Zenloadbalancer-support] Passthrough Real IP > > > > Hello, > > > > in http farm, you can use x-forwarded-for to log real ip. > > ZLB add it in http header > > > > > Cordialement, > Mathieu CHATEAU > http://www.lotp.fr > > > > 2016-09-25 21:24 GMT+02:00 Aaron Echols <aech...@bfcsmail.com>: > > Yeah, but I'm using SSL offloading, I'll lose that with that setup. I > don't really feel like managing certs in multiple locations. Is there any > other workaround? Thank you :-) > > On Sep 25, 2016 12:19 PM, Emilio Campos <emilio.campos.mar...@gmail.com> > wrote: > > Dear Aaron, as Chris replied you, the solution is to use DNAT with L4xNAT > profile, more information in the official documentation: > > > > Have a look here and check DNAT section: > > https://www.zenloadbalancer.com/knowledge-base/enterprise- > edition-v3-04-administration-guide/enterprise-edition-v3- > 04-l4xnat-profile-farms/ > > > > Once you apply this your backends will use the Load Balancer as gateway, > it means that the backend ips will be known out of the backend network, so > you have to apply once of those sections: > > > > 1.- Make new route rules in your network for the backend network in order > to be routed along the other networks. > > 2.- Create a special NAT rule in the load balancer. There is a special > file where to setup special routes and rules: > > - Edit the file */usr/local/zenloadbalancer/config/zlb-start* and include > the rule: > > /sbin/iptables -t nat -A POSTROUTING -s -d > -o -j MASQUERADE > > Where: > > -s is the source ip subnet in the form 192.168.0.0/24, > where the backends are located. > > -d is the destination address and it's an optional > parameter. > > -o is the output interface where to perform the masquerade, > (ex: eth0) > > > > I hope it helps you > > > > 2016-09-22 23:01 GMT+02:00 Aaron Echols <aech...@bfcsmail.com>: > > They are pointing directly to the default gateway for that network. L > > > > *From:* Chris Muench [mailto:cmue...@gmail.com] > *Sent:* Thursday, September 22, 2016 1:57 PM > *To:* Aaron Echols > *Subject:* Re: [Zenloadbalancer-support] Passthrough Real IP > > > > Hey, > > I know other load balancer products the server has to use as its default > gateway the ip that the lb has on whatever network they share. > > > > So server1 is 10.1.1.50 gw of 10.1.1.1 > > Lb is 10.1.1.10 > > > > Change server gw to 10.1.1.10 > > > > Try that. Obviously do it during a maint window since it may not work :) > > > > Sent from my BlackBerry 10 smartphone on the Verizon > Wireless 4G LTE network. > > *From: *Aaron Echols > > *Sent: *Thursday, September 22, 2016 1:35 PM > > *To: *zenloadbalancer-support@lists.sourceforge.net > > *Reply To: *zenloadbalancer-support@lists.sourceforge.net > > *Subject: *[Zenloadbalancer-support] Passthrough Real IP > > > > Is there a way to pass through the Real IP vs the Virtual IP from the > loadbalancers? I’m trying to track down some rogue users hammering on the > backend servers, but they are only showing the VIP’s. Thank you J > > > > > > > > -- > > ___ > Zenloadbalancer-support mailing list > Zenloadbalancer-support@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support > > > > > > -- > > Load balancer distribution - Open Source Project > http://www.zenloadbalancer.com > Distribution list (subscribe): zenloadbalancer-support@lists. > sourceforge.net > > > > -- > > ___ > Zenloadbalancer-support mailing list > Zenloadbalancer-support@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support > > > >
Re: [Zenloadbalancer-support] Passthrough Real IP
Hello, in http farm, you can use x-forwarded-for to log real ip. ZLB add it in http header Cordialement, Mathieu CHATEAU http://www.lotp.fr 2016-09-25 21:24 GMT+02:00 Aaron Echols <aech...@bfcsmail.com>: > Yeah, but I'm using SSL offloading, I'll lose that with that setup. I > don't really feel like managing certs in multiple locations. Is there any > other workaround? Thank you :-) > On Sep 25, 2016 12:19 PM, Emilio Campos <emilio.campos.mar...@gmail.com> > wrote: > > Dear Aaron, as Chris replied you, the solution is to use DNAT with L4xNAT > profile, more information in the official documentation: > > Have a look here and check DNAT section: > https://www.zenloadbalancer.com/knowledge-base/enterprise- > edition-v3-04-administration-guide/enterprise-edition-v3- > 04-l4xnat-profile-farms/ > > Once you apply this your backends will use the Load Balancer as gateway, > it means that the backend ips will be known out of the backend network, so > you have to apply once of those sections: > > 1.- Make new route rules in your network for the backend network in order > to be routed along the other networks. > 2.- Create a special NAT rule in the load balancer. There is a special > file where to setup special routes and rules: > - Edit the file */usr/local/zenloadbalancer/config/zlb-start* and include > the rule: > > /sbin/iptables -t nat -A POSTROUTING -s -d > -o -j MASQUERADE > Where: > -s is the source ip subnet in the form 192.168.0.0/24, > where the backends are located. > -d is the destination address and it's an optional > parameter. > -o is the output interface where to perform the masquerade, > (ex: eth0) > > I hope it helps you > > 2016-09-22 23:01 GMT+02:00 Aaron Echols <aech...@bfcsmail.com>: > >> They are pointing directly to the default gateway for that network. L >> >> >> >> *From:* Chris Muench [mailto:cmue...@gmail.com] >> *Sent:* Thursday, September 22, 2016 1:57 PM >> *To:* Aaron Echols >> *Subject:* Re: [Zenloadbalancer-support] Passthrough Real IP >> >> >> >> Hey, >> >> I know other load balancer products the server has to use as its default >> gateway the ip that the lb has on whatever network they share. >> >> >> >> So server1 is 10.1.1.50 gw of 10.1.1.1 >> >> Lb is 10.1.1.10 >> >> >> >> Change server gw to 10.1.1.10 >> >> >> >> Try that. Obviously do it during a maint window since it may not work :) >> >> >> >> Sent from my BlackBerry 10 smartphone on the Verizon Wireles >> s 4G LTE network. >> >> *From: *Aaron Echols >> >> *Sent: *Thursday, September 22, 2016 1:35 PM >> >> *To: *zenloadbalancer-support@lists.sourceforge.net >> >> *Reply To: *zenloadbalancer-support@lists.sourceforge.net >> >> *Subject: *[Zenloadbalancer-support] Passthrough Real IP >> >> >> >> Is there a way to pass through the Real IP vs the Virtual IP from the >> loadbalancers? I’m trying to track down some rogue users hammering on the >> backend servers, but they are only showing the VIP’s. Thank you J >> >> >> >> >> >> >> >> -- >> >> ___ >> Zenloadbalancer-support mailing list >> Zenloadbalancer-support@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support >> >> > > > -- > Load balancer distribution - Open Source Project > http://www.zenloadbalancer.com > Distribution list (subscribe): zenloadbalancer-support@lists. > sourceforge.net > > > > -- > > ___ > Zenloadbalancer-support mailing list > Zenloadbalancer-support@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support > > -- ___ Zenloadbalancer-support mailing list Zenloadbalancer-support@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
Re: [Zenloadbalancer-support] Passthrough Real IP
Yeah, but I'm using SSL offloading, I'll lose that with that setup. I don't really feel like managing certs in multiple locations. Is there any other workaround? Thank you :-) On Sep 25, 2016 12:19 PM, Emilio Campos <emilio.campos.mar...@gmail.com> wrote: Dear Aaron, as Chris replied you, the solution is to use DNAT with L4xNAT profile, more information in the official documentation: Have a look here and check DNAT section: https://www.zenloadbalancer.com/knowledge-base/enterprise-edition-v3-04-administration-guide/enterprise-edition-v3-04-l4xnat-profile-farms/ Once you apply this your backends will use the Load Balancer as gateway, it means that the backend ips will be known out of the backend network, so you have to apply once of those sections: 1.- Make new route rules in your network for the backend network in order to be routed along the other networks. 2.- Create a special NAT rule in the load balancer. There is a special file where to setup special routes and rules: - Edit the file /usr/local/zenloadbalancer/config/zlb-start and include the rule: /sbin/iptables -t nat -A POSTROUTING -s -d -o -j MASQUERADE Where: -s is the source ip subnet in the form 192.168.0.0/24<http://192.168.0.0/24>, where the backends are located. -d is the destination address and it's an optional parameter. -o is the output interface where to perform the masquerade, (ex: eth0) I hope it helps you 2016-09-22 23:01 GMT+02:00 Aaron Echols <aech...@bfcsmail.com<mailto:aech...@bfcsmail.com>>: They are pointing directly to the default gateway for that network. :( From: Chris Muench [mailto:cmue...@gmail.com<mailto:cmue...@gmail.com>] Sent: Thursday, September 22, 2016 1:57 PM To: Aaron Echols Subject: Re: [Zenloadbalancer-support] Passthrough Real IP Hey, I know other load balancer products the server has to use as its default gateway the ip that the lb has on whatever network they share. So server1 is 10.1.1.50 gw of 10.1.1.1 Lb is 10.1.1.10 Change server gw to 10.1.1.10 Try that. Obviously do it during a maint window since it may not work :) Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network. From: Aaron Echols Sent: Thursday, September 22, 2016 1:35 PM To: zenloadbalancer-support@lists.sourceforge.net<mailto:zenloadbalancer-support@lists.sourceforge.net> Reply To: zenloadbalancer-support@lists.sourceforge.net<mailto:zenloadbalancer-support@lists.sourceforge.net> Subject: [Zenloadbalancer-support] Passthrough Real IP Is there a way to pass through the Real IP vs the Virtual IP from the loadbalancers? I’m trying to track down some rogue users hammering on the backend servers, but they are only showing the VIP’s. Thank you :) -- ___ Zenloadbalancer-support mailing list Zenloadbalancer-support@lists.sourceforge.net<mailto:Zenloadbalancer-support@lists.sourceforge.net> https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support -- Load balancer distribution - Open Source Project http://www.zenloadbalancer.com Distribution list (subscribe): zenloadbalancer-support@lists.sourceforge.net<mailto:zenloadbalancer-support@lists.sourceforge.net> -- ___ Zenloadbalancer-support mailing list Zenloadbalancer-support@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
Re: [Zenloadbalancer-support] Passthrough Real IP
Hey,I know other load balancer products the server has to use as its default gateway the ip that the lb has on whatever network they share.So server1 is 10.1.1.50 gw of 10.1.1.1Lb is 10.1.1.10Change server gw to 10.1.1.10 Try that. Obviously do it during a maint window since it may not work :)Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network.From: Aaron EcholsSent: Thursday, September 22, 2016 1:35 PMTo: zenloadbalancer-support@lists.sourceforge.netReply To: zenloadbalancer-support@lists.sourceforge.netSubject: [Zenloadbalancer-support] Passthrough Real IP Is there a way to pass through the Real IP vs the Virtual IP from the loadbalancers? Iâm trying to track down some rogue users hammering on the backend servers, but they are only showing the VIPâs. Thank you J -- ___ Zenloadbalancer-support mailing list Zenloadbalancer-support@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support