Yeah, but I'm using SSL offloading, I'll lose that with that setup. I don't really feel like managing certs in multiple locations. Is there any other workaround? Thank you :-)
On Sep 25, 2016 12:19 PM, Emilio Campos <emilio.campos.mar...@gmail.com> wrote: Dear Aaron, as Chris replied you, the solution is to use DNAT with L4xNAT profile, more information in the official documentation: Have a look here and check DNAT section: https://www.zenloadbalancer.com/knowledge-base/enterprise-edition-v3-04-administration-guide/enterprise-edition-v3-04-l4xnat-profile-farms/ Once you apply this your backends will use the Load Balancer as gateway, it means that the backend ips will be known out of the backend network, so you have to apply once of those sections: 1.- Make new route rules in your network for the backend network in order to be routed along the other networks. 2.- Create a special NAT rule in the load balancer. There is a special file where to setup special routes and rules: - Edit the file /usr/local/zenloadbalancer/config/zlb-start and include the rule: /sbin/iptables -t nat -A POSTROUTING -s <backends_subnet> -d <destination_subnet> -o <output_if> -j MASQUERADE Where: -s <backends_subnet> is the source ip subnet in the form 192.168.0.0/24<http://192.168.0.0/24>, where the backends are located. -d <destination_subnet> is the destination address and it's an optional parameter. -o <output_if> is the output interface where to perform the masquerade, (ex: eth0) I hope it helps you 2016-09-22 23:01 GMT+02:00 Aaron Echols <aech...@bfcsmail.com<mailto:aech...@bfcsmail.com>>: They are pointing directly to the default gateway for that network. :( From: Chris Muench [mailto:cmue...@gmail.com<mailto:cmue...@gmail.com>] Sent: Thursday, September 22, 2016 1:57 PM To: Aaron Echols Subject: Re: [Zenloadbalancer-support] Passthrough Real IP Hey, I know other load balancer products the server has to use as its default gateway the ip that the lb has on whatever network they share. So server1 is 10.1.1.50 gw of 10.1.1.1 Lb is 10.1.1.10 Change server gw to 10.1.1.10 Try that. Obviously do it during a maint window since it may not work :) Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network. From: Aaron Echols Sent: Thursday, September 22, 2016 1:35 PM To: zenloadbalancer-support@lists.sourceforge.net<mailto:zenloadbalancer-support@lists.sourceforge.net> Reply To: zenloadbalancer-support@lists.sourceforge.net<mailto:zenloadbalancer-support@lists.sourceforge.net> Subject: [Zenloadbalancer-support] Passthrough Real IP Is there a way to pass through the Real IP vs the Virtual IP from the loadbalancers? I’m trying to track down some rogue users hammering on the backend servers, but they are only showing the VIP’s. Thank you :) ------------------------------------------------------------------------------ _______________________________________________ Zenloadbalancer-support mailing list Zenloadbalancer-support@lists.sourceforge.net<mailto:Zenloadbalancer-support@lists.sourceforge.net> https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support -- Load balancer distribution - Open Source Project http://www.zenloadbalancer.com Distribution list (subscribe): zenloadbalancer-support@lists.sourceforge.net<mailto:zenloadbalancer-support@lists.sourceforge.net>
------------------------------------------------------------------------------
_______________________________________________ Zenloadbalancer-support mailing list Zenloadbalancer-support@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
