How to see the Client's Source IP Address on the Real Server
There are a few options to see the client's IP address on a Real Server. These are listed below.
Transparency
For transparency, two rules must be followed:
- The clients must be on a different subnet to the Real Server
- The Real Server’s default gateway must be the LoadMaster’s interface address
For further details on transparency, refer to the following document:
https://support.kemptechnologies.com/hc/en-us/articles/203126369-Transparency
Direct Server Return (DSR)
For DSR the Virtual Service must be running at Layer 4. This can only be used in a one-armed scenario.
For further details on DSR, refer to the following document:
https://support.kemptechnologies.com/hc/en-us/articles/203861685-Configuring-DSR
X-Forward-For header
With the X-forward-for header, the LoadMaster places the client's IP address in a header called “X-Forward-For”.
From a networking point of view, the Real Server sees traffic originating from the LoadMaster but it can read the X-forward-for header to record the client’s IP
Note: This can only be used for HTTP, SSL-offloaded or SSL re-encrypted HTTPS services.
For further details, refer to the following article:
https://support.kemptechnologies.com/hc/en-us/articles/202744899-X-Forwarding-For-and-IIS-logging-for-non-transparent-services
Edge Security Pack (ESP)
ESP can be setup to record the client’s IP address. This information is never sent to the Real Server but you are able to see which clients made a request to the LoadMaster.
For further details, refer to the following article:
https://support.kemptechnologies.com/hc/en-us/articles/205844396-Log-Virtual-Service-Connections-Using-ESP-without-authentication