preserve client source address when proxying to upstream

Maxim Dounin mdounin at
Wed Dec 16 16:56:05 UTC 2015


On Wed, Dec 16, 2015 at 06:56:02PM +0300, Vsevolod Petrov wrote:

> Hello,
> proxy_bind directive allows to specify source IP address for proxied
> connections.
> This directive can be set to local IP address.
> I'm wondering if there's a way to set $remote_addr as proxy_bind address?
> Or any other non-local IP address?
> The idea is to see original client source IP address at the server site.
> While it's not http traffic I cannot use XFF header.
> Destination MAC address in the response packet from the server is set to
> nginx server interface address. So, there's no problem at layer 2
> communication.
> Can nginx listen for responses coming to non-local destination address?

In theory this is possible with appropriate OS-level support, and 
as long as you are able to route packets properly.  In particular, 
this should be possible on OpenBSD using SO_BINDANY, on FreeBSD 

An erlier attempt to make it work on nginx can be found here 
(OpenBSD-specific patch):

As far as I understand, doing proper support should be mostly 
trivial now with variables support in proxy_bind.

Maxim Dounin

More information about the nginx mailing list