HAProxy community

Source IP in backend

I’m using HAProxy to load balance client requests to two backend servers (TCP mode). The backend servers see incoming requests as coming from the HAProxy host (which is expected). I’m trying to configure the setup so that the backend servers receive the client IP rather than HAProxy’s IP.

Please let me know if I’ve understood correctly

  1. HAProxy can be configured to send the client’s IP using proxy protocol, but the backend server must support this protocol
  2. HAProxy can spoof the client’s IP to the backend, but the backend must have its default gateway as the HAProxy host

Given that the backend servers do not support proxy protocol, and default gateway cannot be set to the HAProxy host, is there any other way to achieve this?

No.

If you cannot transport the information in-band (via PROXY protocol for any protocol, or via L7 header like X-Forwarded-For in HTTP), and you cannot use the actual Layer 3 IPs (via transparent configuration where haproxy would indeed be the default-gateway), then no other options remain, not even theoretically.