Preserve client ip through load-balancer firewall
30 views
Skip to first unread message
Nuthan Kumar
Jun 20, 2017, 2:23:03 PM6/20/17
to gce-discussion
Hi,
In the web server access logs, the client ip is always of the range 130.211.0.0/22. Learnt. thats load-balancer IP. Is there any other rule that I need to add to forward the IPs from the firewall.
Please help.
Thanks,
Nuthan.
Carlos (Cloud Platform Support)
Jun 20, 2017, 4:52:42 PM6/20/17
to gce-discussion
Hi Nuthan,
The Google network load balancer does not proxy the connections and the client IP is not changed.
The behavior of the HTTP load balancer is quite different since it proxies the connections. You can always retrieve the original client IP from the X-Forwarded-For HTTP header parse by the the Target proxy. As explained in the same article you must allow traffic from 130.211.0.0/22 and 35.191.0.0/16 subnets for the HC and the traffic coming from the LB to reach your backends.
The Google network load balancer does not proxy the connections and the client IP is not changed.
The behavior of the HTTP load balancer is quite different since it proxies the connections. You can always retrieve the original client IP from the X-Forwarded-For HTTP header parse by the the Target proxy. As explained in the same article you must allow traffic from 130.211.0.0/22 and 35.191.0.0/16 subnets for the HC and the traffic coming from the LB to reach your backends.
Message has been deleted
Nuthan Kumar
Jun 22, 2017, 9:53:29 AM6/22/17
to gce-discussion
Thanks Carlos, Client IP retrieved from X-Forwarded-For HTTP header.
Reply all
Reply to author
Forward
0 new messages