Hello! Is there a way to get load balancers to preserve the external IP address? On my http server it is only seeing the Harvester's IP. Also if I setup a bridge interface on my VM so it has a IP directly on one of my subnets, it blocks packets coming from other subnets. An example: I have a subnet

192.168.0.0/24

. My Harvester cluster is on

192.168.1.0/24

. Devices directly on

192.168.1.0/24

can talk to my VM on

192.168.1.4

, but if a packet originates from lets say

192.168.0.1

it will be blocked. This also goes for external IP addresses. Any solutions? Thank you! I'm on Harvester v1.5.0 tcpdump (allowed):

17:56:14.999633 IP 192.168.1.1.43586 > 192.168.1.4.http: Flags [S], seq 3615024093, win 65228, options [mss 1460,nop,wscale 7,sackOK,TS val 1774607444 ecr 0], length 0

tcpdump (blocked):

17:56:12.897771 IP 192.168.0.1.20473 > 192.168.1.4.http: Flags [S], seq 2384450159, win 64240, options [mss 1460,sackOK,TS val 3392779962 ecr 0,nop,wscale 10], length 0

There's a lot of layers where this could get blocked or just dropped. Your http server should be looking at the X-Forwarded-For header because the traffic will all come from the Harvester IPs and the VIP. If you need to block webtraffic you're gonna need to probably do it via those headers and not source traffic. Depending on how your VM networks are set up in conjunction with the mgmt networks using the LB that's built into harvester may, or may not be possible.

The

X-Forwarded-For

header appears to be empty via a harvester LB on my setup, at least that's what my test python app indicates.