cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrija Panic <>
Subject Re: Port forwarding (web) - doesnt show real client IP
Date Tue, 09 Dec 2014 07:19:59 GMT
Hi Marcus,
static NAT (outound connections) works fine - when internal VM access
internet, it's source address is replaced with the MAIN public IP of the
VPC VR (call it IP1 in my example - x.x.x.x) - so all fine.

Then I have additional public IPs to be able to do port forwarding... -
when I do port forwarding on IP2 x.x.x.y (additional public IP on VR) to
the internal IP on VM - the VR actually does some kind of proxying so to
speak - so the source IP in the TCP/UDP packet that reach internal VM IP,
appears to be the  IP1 x.x.x.x (main public IP of the VR)‚Äč instead the real
remote IP of the client...

Will check the scripts - but this is serious issue in my opinion. I
understand proxying (haproxy) works like every proxy - so the behaviour for
the proxy is expected. But this behaviour for the port forwarding is NOT
normal at all...


  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message