Open sonofwill opened 5 years ago
zerodayyy
commented
5 years ago That's not how an L4 load balancer works. If you spoof the source IP, the response will go directly to client from your node itself, which will mess with sessions, as the response will be sent from different IP address than the one the request was sent to. In your case, you need L3 balancing, i.e. a router with anycast IPs on your nodes.
sonofwill
commented
5 years ago I understand this. But it is easy to redirect the packets to return to the client via the load balancer.
On Thu, 22 Aug 2019 at 03:49, Dmitry Kovalenko notifications@github.com wrote:
That's not how an L4 load balancer works. If you spoof the source IP, the response will go directly to client from your node itself, which will mess with sessions, as the response will be sent from different IP address than the request was sent to. In your case, you need L3 balancing, i.e. a router with anycast IPs on your nodes.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/yyyar/gobetween/issues/230?email_source=notifications&email_token=AIH4UIDXZQGUUBQGV2HVOOLQFV53ZA5CNFSM4ILILWG2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD42R6VA#issuecomment-523575124, or mute the thread https://github.com/notifications/unsubscribe-auth/AIH4UIE7VOHDXVT7SQKFSVLQFV53ZANCNFSM4ILILWGQ .
zerodayyy
commented
5 years ago That would only be possible if you configure LB as the default gateway on your node. Again, this requires an L3 balancer, which gobetween is not.
On Wed, Aug 21, 2019 at 9:40 PM sonofwill notifications@github.com wrote:
I understand this. But it is easy to redirect the packets to return to the client via the load balancer.
On Thu, 22 Aug 2019 at 03:49, Dmitry Kovalenko notifications@github.com wrote:
That's not how an L4 load balancer works. If you spoof the source IP, the response will go directly to client from your node itself, which will mess with sessions, as the response will be sent from different IP address than the request was sent to. In your case, you need L3 balancing, i.e. a router with anycast IPs on your nodes.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub < https://github.com/yyyar/gobetween/issues/230?email_source=notifications&email_token=AIH4UIDXZQGUUBQGV2HVOOLQFV53ZA5CNFSM4ILILWG2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD42R6VA#issuecomment-523575124 , or mute the thread < https://github.com/notifications/unsubscribe-auth/AIH4UIE7VOHDXVT7SQKFSVLQFV53ZANCNFSM4ILILWGQ
.
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/yyyar/gobetween/issues/230?email_source=notifications&email_token=AL24WP62XM2HANBGN2FEEZTQFWDYTA5CNFSM4ILILWG2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD42XG3Y#issuecomment-523596655, or mute the thread https://github.com/notifications/unsubscribe-auth/AL24WP2W7AHIJUJ5S6WOWMTQFWDYTANCNFSM4ILILWGQ .
nuttysquirrel
commented
5 years ago @zerodayyy it feels like you're thinking with a L4/TCP hat. UDP can work this way.
sonofwill
commented
5 years ago I have it working using another UDP load balancer.
When the UDP packets return to the client via LB, I use iptables to send it to localhost to have it handled by the application.
On Tue, 27 Aug 2019 at 14:01, quentin notifications@github.com wrote:
it feels like you're thinking with a L4/TCP hat. UDP can work this way.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/yyyar/gobetween/issues/230?email_source=notifications&email_token=AIH4UICO4FKKPM4VGCCXWJLQGSRLNA5CNFSM4ILILWG2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD5GM5EI#issuecomment-525127313, or mute the thread https://github.com/notifications/unsubscribe-auth/AIH4UIDB3QAGKC3DOWA7AY3QGSRLNANCNFSM4ILILWGQ .
nuttysquirrel
commented
5 years ago yep, sorry - not directed at you. clarified my original comment :) i'm playing with udp stuff too... what are you using?
sonofwill
commented
5 years ago Nginx.
On Tue, 27 Aug 2019 at 14:16, quentin notifications@github.com wrote:
yep, sorry - not directed at you. clarified my original comment :) i'm playing with udp stuff too... what are you using?
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/yyyar/gobetween/issues/230?email_source=notifications&email_token=AIH4UICQV3DUXMJGGD3PRDTQGSTBPA5CNFSM4ILILWG2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD5GNP4I#issuecomment-525129713, or mute the thread https://github.com/notifications/unsubscribe-auth/AIH4UICU72U27TXKWFLRA3DQGSTBPANCNFSM4ILILWGQ .
Hello,
I would like the backend server to see the source IP of the client.
Can this be done? I have tried the transparent mode. But with this mode enabled, the backend still only sees the IP of the go-between Load balancer.