* Marian Hettwer <[EMAIL PROTECTED]> [2007-01-29 09:49]:
> Hi OpenBSD'lers,
>
> I'm about to use OpenBSD's pf(4) for load balancing some webservers. So
> far, everything is looking just perfect.
> Compared to pound, pf(4) is incredibly fast with few CPU and memory usage.
> So I'd say: Thats great :)
>
> However, one thing is bothering me.
> Obviously, my apache access logs on those load balanced machines can
> only show the IP address of my load balancer, not the real remote ip of
> the request.
Completely untrue. if you are doing an rdr, it will change the
destination IP, not the source IP
Unless in *addition* to load balancing you are doing NAT.
I'm not using NAT, my load balancer looks like this:
web2# more /etc/pf/webmail_servers
142.244.12.130
142.244.12.132
142.244.12.133
142.244.12.134
142.244.12.135
142.244.12.136
142.244.12.137
142.244.12.138
142.244.12.139
142.244.12.140
pf.conf:
table <webmail_servers> persist file "/etc/pf/webmail_servers"
WEBMAIL_IP = "{129.128.98.89}"
rdr pass on $ext_if proto tcp to $WEBMAIL_IP port 80 -> <webmail_servers> port 8
0 round-robin sticky-address
rdr pass on $ext_if proto tcp to $WEBMAIL_IP port 443 -> <webmail_servers> port
443 round-robin sticky-address
I get the real connection IP's in my apache log.
