From owner-freebsd-stable@freebsd.org Tue Jan 15 15:36:57 2019 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 40E94148E02D for ; Tue, 15 Jan 2019 15:36:57 +0000 (UTC) (envelope-from petefrench@ingresso.co.uk) Received: from constantine.ingresso.co.uk (unknown [IPv6:2a02:b90:3002:411::3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 44FAF8BB2D for ; Tue, 15 Jan 2019 15:36:56 +0000 (UTC) (envelope-from petefrench@ingresso.co.uk) Received: from dilbert.london-internal.ingresso.co.uk ([10.64.50.6]) by constantine.ingresso.co.uk with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.91 (FreeBSD)) (envelope-from ) id 1gjQlr-000I2H-8J; Tue, 15 Jan 2019 15:36:55 +0000 Subject: Re: Any suggestions for a layer 3 load ablancer for 12, as relayd doesnt work anymore To: Matt Garber Cc: freebsd-stable@freebsd.org References: <1547491459.1113392.1634330440.3BE6B9CF@webmail.messagingengine.com> <3CD6B22B-B35C-4B9C-BDBA-D2E928435F91@exonetric.com> <0EAFBB2F-859A-4B3D-9CF4-F4343A97285D@gmail.com> From: Pete French Message-ID: Date: Tue, 15 Jan 2019 15:36:55 +0000 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:60.0) Gecko/20100101 Thunderbird/60.4.0 MIME-Version: 1.0 In-Reply-To: <0EAFBB2F-859A-4B3D-9CF4-F4343A97285D@gmail.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 44FAF8BB2D X-Spamd-Bar: + Authentication-Results: mx1.freebsd.org; dmarc=pass (policy=none) header.from=ingresso.co.uk; spf=pass (mx1.freebsd.org: domain of petefrench@ingresso.co.uk designates 2a02:b90:3002:411::3 as permitted sender) smtp.mailfrom=petefrench@ingresso.co.uk X-Spamd-Result: default: False [1.94 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCVD_TLS_ALL(0.00)[]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2a02:b90:3002:411::3]; NEURAL_HAM_LONG(-0.25)[-0.250,0]; TAGGED_RCPT(0.00)[]; MIME_GOOD(-0.10)[text/plain]; RDNS_NONE(1.00)[]; NEURAL_SPAM_SHORT(0.00)[0.000,0]; TO_MATCH_ENVRCPT_SOME(0.00)[]; MX_GOOD(-0.01)[cached: ingresso-co-uk.mail.protection.outlook.com]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[ingresso.co.uk,none]; NEURAL_HAM_MEDIUM(-0.48)[-0.480,0]; IP_SCORE(-0.02)[country: GB(-0.09)]; FREEMAIL_TO(0.00)[gmail.com]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:16082, ipnet:2a02:b90::/32, country:GB]; HFILTER_HOSTNAME_UNKNOWN(2.50)[]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Jan 2019 15:36:57 -0000 On 15/01/2019 14:48, Matt Garber wrote: > For what it’s worth, HAProxy has the PROXY protocol for exactly the scenario you’re describing; I’ve heard it’s very straightforward and powerful to use, although haven’t had to use it on any of my HAProxy instances which are primarily doing L7. > > https://www.haproxy.com/blog/preserve-source-ip-address-despite-reverse-proxies/ ooh!thats very interesting, thankyou.... -pete.