HAProxy community

How to receive source IP address?


#1

Hello.

Please tell me.

I use a proxy for load balancing (tcp mode, not http) want to initial TCP connection data, including the source IP address, destination IP address and port number, but receive the ip of the balancer.

Set up for this instruction https://www.haproxy.com/blog/using-haproxy-with-the-proxy-protocol-to-better-secure-your-database/ but still receive the ip of the balancer.

Tell me please what should be the settings in haproxy.cfg for obtaining original the source IP address?

Thanks

Ubuntu 16.04.4 LTS
HA-Proxy version 1.6.3 2015/12/25


#2

just add this to your backend
source 0.0.0.0 usesrc client
this should fix your problem


#3

did so

global
maxconn 4096
chroot /usr/share/haproxy
uid 99
gid 99
daemon

frontend test
mode tcp
bind *:6666
default_backend test1

backend test1
source 0.0.0.0 usesrc client
server server 88.94.34.119:6666

did not help
I still get ip of the balancer


#4

Its more complicated than that. Haproxy needs to be in the forwarding path and it needs to be the default-gateway of your backend server, for example.

Please refer to the source keyword documentation for details.

It’s way simpler if your backend supports the PROXY protocol.

What is the protocol and the backend server?


#5

Thank you very much, I read documentation. I found examples, but only for http.

Public HTTP address also used by stunnel on the same machine
frontend www
mode http
option forwardfor except 127.0.0.1 # stunnel already adds the header

Those servers want the IP Address in X-Client
backend www
mode http
option forwardfor header X-Client

Original Destination address
frontend www
mode http
option originalto except 127.0.0.1

Those servers want the IP Address in X-Client-Dst
backend www
mode http
option originalto header X-Client-Dst

this option does not work, but I have tpс traffic

I have an application server, settings

frontend 8111
bind *:8111
mode tcp
maxconn 60
default_backend app_8111

backend app_8111
mode tcp
balance roundrobin
server 1 93.125.1.135:3535 check inter 30000 rise 3 fall 3 backup
server 2 85.238.98.166:3588 check inter 30000 rise 3 fall 3 weight 100

But in server1 and server2 I do not get the source IP address, in the logs only receive the ip of the balancer.

If I add a line source 0.0.0.0 usesrc client does not work

tried to do so, working, but receive the ip of the balancer.

listen 6666
mode tcp
bind *:6666
server 6666 88.49.34.119:6666

If I add a line source 0.0.0.0 usesrc client does not work


#6

I repeat again:

Here’s a blog post describing what I mean:


#7

Maybe you have a full haproxy.cfg for my case?

Set up by link does not work (


#8

It’s not about haproxy.cfg. The haproxy.cfg is simple. Everything else is complicated: setting up your network so that the haproxy box is in the forwarding path, enabling ip forwarding, etc.

There is not shortcut to transparent proxying: either you are willing to read and understand it, or you won’t be able to do it.

It’s way simpler to setup the PROXY protocol, but it is not clear what you are forwarding and what the backend software is.


#9

I have two rdp servers. Tcp rdp traffic.
Soft
client mstsc.exe + win 2008 server

Ubuntu 16.04.4 LTS
HA-Proxy version 1.6.3 2015/12/25

I use haproxy to provide fault tolerance.


I would like to do as on the second part of the picture.
Is this possible?


#10

I don’t think the PROXY protocol is supported there. You’ll have to look at the transparent configuration then, like mentioned above.


#11

Read about the option
OPTIONS = USE_LINUX_TPROXY=1
Now it’s disabled
Can this help? What do you think?


#12

I’m not going to guide you step by step through this setup. The informations are out there, like in the blog posts linked above.