Return-Path: X-Original-To: apmail-incubator-cloudstack-dev-archive@minotaur.apache.org Delivered-To: apmail-incubator-cloudstack-dev-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 7AE3BD0EF for ; Mon, 16 Jul 2012 17:54:20 +0000 (UTC) Received: (qmail 72283 invoked by uid 500); 16 Jul 2012 17:54:20 -0000 Delivered-To: apmail-incubator-cloudstack-dev-archive@incubator.apache.org Received: (qmail 72223 invoked by uid 500); 16 Jul 2012 17:54:20 -0000 Mailing-List: contact cloudstack-dev-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: cloudstack-dev@incubator.apache.org Delivered-To: mailing list cloudstack-dev@incubator.apache.org Received: (qmail 72207 invoked by uid 99); 16 Jul 2012 17:54:20 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 16 Jul 2012 17:54:20 +0000 X-ASF-Spam-Status: No, hits=-5.0 required=5.0 tests=RCVD_IN_DNSWL_HI,SPF_HELO_PASS,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of Edison.su@citrix.com designates 66.165.176.89 as permitted sender) Received: from [66.165.176.89] (HELO SMTP.CITRIX.COM) (66.165.176.89) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 16 Jul 2012 17:54:15 +0000 X-IronPort-AV: E=Sophos;i="4.77,595,1336363200"; d="scan'208";a="31661087" Received: from sjcpmailmx01.citrite.net ([10.216.14.74]) by FTLPIPO01.CITRIX.COM with ESMTP/TLS/RC4-MD5; 16 Jul 2012 13:53:54 -0400 Received: from SJCPMAILBOX01.citrite.net ([10.216.4.73]) by SJCPMAILMX01.citrite.net ([10.216.14.74]) with mapi; Mon, 16 Jul 2012 10:53:53 -0700 From: Edison Su To: cloudstack , "cloudstack-users@incubator.apache.org" Date: Mon, 16 Jul 2012 10:53:52 -0700 Subject: RE: Client source IP visibility Thread-Topic: Client source IP visibility Thread-Index: Ac1jMG5yCBg/3LWcR5CNGzHQ4S2fcQASkMRw Message-ID: References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Virus-Checked: Checked by ClamAV on apache.org > -----Original Message----- > From: Fabrice Brazier [mailto:fabrice.brazier@apalia.net] > Sent: Monday, July 16, 2012 1:56 AM > To: cloudstack-users@incubator.apache.org > Cc: cloudstack > Subject: Client source IP visibility >=20 > Hi Folks, >=20 >=20 >=20 > we need a way of configuring CloudStack load balancing with the > integrated > ha-proxy load balancer without hiding the client (source) IP. >=20 > We see TPPROXY feature as a way of doing this, see > http://blog.loadbalancer.org/configure-haproxy-with-tproxy-kernel-for- > full-transparent-proxy/ > . >=20 >=20 >=20 > Does this functionality is already implemented ? Will be in the future? >=20 It needs special kernel, not sure it works in debian squeeze kernel or not. >=20 >=20 > A possible workaround would be to use the "X-Forwarded-For" header for > filtering IP addresses. "option forwardfor" is already in haproxy configuration file, by default. Doesn't it work for you? If not, please fire a bug. >=20 >=20 >=20 > Thanks, >=20 > Fabrice >=20 >=20 >=20 > -- > Fabrice Brazier > *Apalia*(tm)* > *FR: +33-632-73-53-00 > *http://www.apalia.net > fabrice.brazier@apalia.net*