Re: [Zenloadbalancer-support] HTTPS X-Forwarded-For

[Steffen Höhne]

Hi Emilio

Okay, With DNAT it works fine.

But only inbound connections from wan to server with client IP is possible.
Outbound connections from server to wan doesn’t work.

If I add “iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE” at 
Loadbalancer, the server can connect outbound, but the inbound client IP is 
again the IP from the load balancer.

Any help?

Thank you

Steffen

From: Emilio Campos [mailto:emilio.campos.mar...@gmail.com]
Sent: Mittwoch, 15. Juni 2016 21:26
To: zenloadbalancer-support@lists.sourceforge.net
Subject: Re: [Zenloadbalancer-support] HTTPS X-Forwarded-For


Not possible, l4xnat doesn't modify anything in application layer

Have a look to l4xnat with DNAT if you need source ip

Sent from mobile
El 15 jun. 2016 10:05 a. m., "Steffen Höhne" 
<steffen.hoe...@jmc-software.ch<mailto:steffen.hoe...@jmc-software.ch>> 
escribió:
Hi together

Is it possible to add X-Forwarded-For to L4xNAT ?

Thank you for any help

Steffen

From: Emilio Campos 
[mailto:emilio.campos.mar...@gmail.com<mailto:emilio.campos.mar...@gmail.com>]
Sent: Dienstag, 5. April 2016 16:25
To: 
zenloadbalancer-support@lists.sourceforge.net<mailto:zenloadbalancer-support@lists.sourceforge.net>
Subject: Re: [Zenloadbalancer-support] HTTPS X-Forwarded-For

X-Forwarded-For header is added by default for any HTTP[S] farm
L4xNAT profile can work in NAT mode, similar behaviour to Profiles HTTP or TCP

Use Profile L4xNAT with NAT instead of TCP Profile

Regards!

2016-04-05 14:51 GMT+02:00 Mathieu Chateau 
<mathieu.chat...@lotp.fr<mailto:mathieu.chat...@lotp.fr>>:
Good Question :)

Cordialement,
Mathieu CHATEAU
http://www.lotp.fr

2016-04-05 14:34 GMT+02:00 Steffen Höhne 
<steffen.hoe...@jmc-software.ch<mailto:steffen.hoe...@jmc-software.ch>>:
Hi Mathieu

why does the TCP Farm have the option “Add X-Forwarded-For header to http 
requests.” ?

best regards
Freundliche Grüsse
Steffen Höhne
System Engineer
--------------------------------------------------------------------------------------------------------------
JMC Software AG * Riedstrasse 1 * 6343 Rotkreuz * Switzerland
IT-Systems Nottwil GmbH * Kantonsstrasse 11b * 6207 Nottwil * Switzerland
Phone: +41 41 937 29 61<tel:%2B41%2041%C2%A0937%2029%2061>
Internet: http://www.jmc-software.ch<http://www.jmc-software.ch/> * Email: 
supp...@jmc-software.ch<mailto:supp...@jmc-software.ch>
PC Fernwartung: Teamviewer<http://pcsn.ch/media/38904/jmc_quicksupport.exe>
MAC Fernwartung: 
Teamviewer<http://download.teamviewer.com/download/version_9x/TeamViewerQS.dmg>
--------------------------------------------------------------------------------------------------------------




From: Mathieu Chateau 
[mailto:mathieu.chat...@lotp.fr<mailto:mathieu.chat...@lotp.fr>]
Sent: Dienstag, 5. April 2016 14:01
To: zenloadbalancer-support 
<zenloadbalancer-support@lists.sourceforge.net<mailto:zenloadbalancer-support@lists.sourceforge.net>>
Subject: Re: [Zenloadbalancer-support] HTTPS X-Forwarded-For

Hello,

not sure to get what you want. If ZLB is in TCP mode, it does NOT know what 
flow are inside and don't touch anything. So it's not going to add any http 
header.


Cordialement,
Mathieu CHATEAU
http://www.lotp.fr

2016-04-05 13:50 GMT+02:00 Steffen Höhne 
<steffen.hoe...@jmc-software.ch<mailto:steffen.hoe...@jmc-software.ch>>:
Hey Guys

We have installed a two node cluster with zenlb 3.7.

Recently we had problems with https encryption and high cpu usaged – so we 
changed the farm to tcp.

Behind the lb are two https backends IIS server.  With http the option“Add 
X-Forwarded-For header to http requests.” works fine. But the development unit 
have a new website “only https” – and that option doesn’t work.

l4xnat with dnat isn’t an option for us, because the lb can’t be the main 
gateway.

Do you guys have any idea for me pls?

Thank you

Freundliche Grüsse
Steffen Höhne
System Engineer
--------------------------------------------------------------------------------------------------------------
JMC Software AG * Riedstrasse 1 * 6343 Rotkreuz * Switzerland
IT-Systems Nottwil GmbH * Kantonsstrasse 11b * 6207 Nottwil * Switzerland
Phone: +41 41 937 29 61<tel:%2B41%2041%C2%A0937%2029%2061>
Internet: http://www.jmc-software.ch<http://www.jmc-software.ch/> * Email: 
supp...@jmc-software.ch<mailto:supp...@jmc-software.ch>
PC Fernwartung: Teamviewer<http://pcsn.ch/media/38904/jmc_quicksupport.exe>
MAC Fernwartung: 
Teamviewer<http://download.teamviewer.com/download/version_9x/TeamViewerQS.dmg>
--------------------------------------------------------------------------------------------------------------


------------------------------------------------------------------------------

_______________________________________________
Zenloadbalancer-support mailing list
Zenloadbalancer-support@lists.sourceforge.net<mailto:Zenloadbalancer-support@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support


------------------------------------------------------------------------------

_______________________________________________
Zenloadbalancer-support mailing list
Zenloadbalancer-support@lists.sourceforge.net<mailto:Zenloadbalancer-support@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support


------------------------------------------------------------------------------

_______________________________________________
Zenloadbalancer-support mailing list
Zenloadbalancer-support@lists.sourceforge.net<mailto:Zenloadbalancer-support@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support



--
Load balancer distribution - Open Source Project
http://www.zenloadbalancer.com
Distribution list (subscribe): 
zenloadbalancer-support@lists.sourceforge.net<mailto:zenloadbalancer-support@lists.sourceforge.net>

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports. http://pubads.g.doubleclick.net/gampad/clk?id=1444514421&iu=/41014381
_______________________________________________
Zenloadbalancer-support mailing list
Zenloadbalancer-support@lists.sourceforge.net<mailto:Zenloadbalancer-support@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports. http://pubads.g.doubleclick.net/gampad/clk?id=1444514421&iu=/41014381
_______________________________________________
Zenloadbalancer-support mailing list
Zenloadbalancer-support@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support