proxy_bind directive allows to specify source IP address for proxied
connections.
This directive can be set to local IP address.
I’m wondering if there’s a way to set $remote_addr as proxy_bind
address?
Or any other non-local IP address?
The idea is to see original client source IP address at the server site.
While it’s not http traffic I cannot use XFF header.
Destination MAC address in the response packet from the server is set to
nginx server interface address. So, there’s no problem at layer 2
communication.
Can nginx listen for responses coming to non-local destination address?
On Wed, Dec 16, 2015 at 06:56:02PM +0300, Vsevolod Petrov wrote:
While it’s not http traffic I cannot use XFF header.
Destination MAC address in the response packet from the server is set to
nginx server interface address. So, there’s no problem at layer 2
communication.
Can nginx listen for responses coming to non-local destination address?
In theory this is possible with appropriate OS-level support, and
as long as you are able to route packets properly. In particular,
this should be possible on OpenBSD using SO_BINDANY, on FreeBSD
using IP_BINDANY, and on Linux using IP_TRANSPARENT/IP_FREEBIND.
An erlier attempt to make it work on nginx can be found here
(OpenBSD-specific patch):