Return-Path: X-Original-To: apmail-cloudstack-dev-archive@www.apache.org Delivered-To: apmail-cloudstack-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id A3D579FFD for ; Mon, 8 Dec 2014 23:04:21 +0000 (UTC) Received: (qmail 83889 invoked by uid 500); 8 Dec 2014 23:04:21 -0000 Delivered-To: apmail-cloudstack-dev-archive@cloudstack.apache.org Received: (qmail 83839 invoked by uid 500); 8 Dec 2014 23:04:20 -0000 Mailing-List: contact dev-help@cloudstack.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cloudstack.apache.org Delivered-To: mailing list dev@cloudstack.apache.org Received: (qmail 83827 invoked by uid 99); 8 Dec 2014 23:04:19 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 08 Dec 2014 23:04:19 +0000 X-ASF-Spam-Status: No, hits=1.5 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of terbolous@gmail.com designates 209.85.212.178 as permitted sender) Received: from [209.85.212.178] (HELO mail-wi0-f178.google.com) (209.85.212.178) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 08 Dec 2014 23:03:53 +0000 Received: by mail-wi0-f178.google.com with SMTP id em10so6266961wid.17 for ; Mon, 08 Dec 2014 15:02:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=YX54CwOTytrNlq00R00zSJa2/g3QuZLI71Kko/zx6nQ=; b=tnHgLELC4KDEE1u5T9UMyA4YW30c2lpAeLblQfEblpD0BiDTmE0KYpHmcYu5aLxoNG h7/QOmnh1R5RGkj/MRipzLUlUDJBSXnuLpnRIGQeyfC7o4me2xPUzJ9UR2LzbpJDkBu/ Vs7RSjuHWXbFLVrg/GQGKTkfPWY6D8RC7DZlW2KiLABazguemzISWj4wt6iCacNXp4Ae gAnXPRyqSIYVHiIMKxJq2qVjiuc8kaKRGELEZg1BoxV40H7vO+u2SxbYw/YHRWaiVmiu AIIZnbUcikjwjwk4Ry8OBKBCWAE9Tv4oWCeypRKF6LImtAkka1D5QwozEg6vDiz/v3E/ aENA== MIME-Version: 1.0 X-Received: by 10.180.90.133 with SMTP id bw5mr28040037wib.50.1418079742412; Mon, 08 Dec 2014 15:02:22 -0800 (PST) Received: by 10.15.48.4 with HTTP; Mon, 8 Dec 2014 15:02:22 -0800 (PST) In-Reply-To: References: Date: Tue, 9 Dec 2014 00:02:22 +0100 Message-ID: Subject: Re: Port forwarding (web) - doesnt show real client IP From: Erik Weber To: dev Content-Type: multipart/alternative; boundary=f46d043be1aa4f4e210509bc6bf2 X-Virus-Checked: Checked by ClamAV on apache.org --f46d043be1aa4f4e210509bc6bf2 Content-Type: text/plain; charset=UTF-8 On Mon, Dec 8, 2014 at 11:42 PM, Andrija Panic wrote: > Hi, > > when doing port forwarding on VPC VR - port 80 - when some client access > web site - only the main Public IP of the VPC is logged in apache access > logs as remote IP. > > Why is this behaviour - and can this be changed ? > My understanding is that this is kind of bug (unless needed for some other > reasons) - port forwading is DNAT in essence, so only the destination > IP/port should be changed, not proxied all the way, as it seems to be the > case here... > > I read on other guys mailing list - same behavior for loadbalancer... > > This is common for all load balancers. Haven't checked, but you could see if the CloudStack LB expose the client IP as X-Forwarded-For header, which is the normal way of doing it. -- Erik --f46d043be1aa4f4e210509bc6bf2--