Hej Berk,
Berk D. Demir schrieb:
Marian Hettwer wrote:
However, one thing is bothering me.
Obviously, my apache access logs on those load balanced machines can
only show the IP address of my load balancer, not the real remote ip
of the request.
This is, to my knowledge, due to the fact that pf(4) is working on the
TCP layer and is doing NAT.
Is there any possible way to get the real ip addresses in my apache
access log?
I don't know what you did for that balancing but surely you're doing it
wrong.
Take a look at the FAQ at
http://www.openbsd.org/faq/pf/pools.html#incoming
rdr just changes the destination address of the packets, not the source
address.
Well, what I did was actually this:
ext_if="fxp0"
web_servers = "{ 193.99.144.85,66.135.208.93 }"
#int_if="int0"
set skip on lo
scrub in
nat on $ext_if proto tcp from !($ext_if) to $web_servers port 80 ->
($ext_if)
rdr on $ext_if proto tcp from any to any port 80 -> $web_servers \
round-robin sticky-address
And it seems that I need NAT, otherwise the communication wouldn't work...
see my eMails from 18.01.2007
cheers,
./Marian
