Varnish and multiple interfaces

Henry M. Umansky humansky at Princeton.EDU
Tue Oct 4 04:57:07 CEST 2011 

According to tcpdump, traffic from varnish is coming from eth0 (incorrect IP) and traffic coming from nginx is coming from eth0:0 (correct IP). Apache logs are also confirming the IP information.

Henry Umansky
Web Development Services
Princeton University
humansky at princeton.edu
609-258-1674

On Oct 3, 2011, at 10:34 PM, David Birdsong wrote:

> Are the remote backends by chance looking at either the layer 4 (ip
> level) address OR if present, a value found in an http header such as
> X-Forwarded-For?
> 
> On Mon, Oct 3, 2011 at 7:31 PM, Henry M. Umansky <humansky at princeton.edu> wrote:
>> That's what I thought too, but I'm also running nginx on the same machine. I
>> set up nginx to listen to eth0:0,  and all traffic to the remote backend
>> sees the IP address of eth0:0. However, when I try to do the same with
>> Varnish, the backends sees the IP address of eth0.
>> 
>> Henry Umansky
>> Web Development Services
>> Princeton University
>> humansky at princeton.edu
>> 609-258-1674
>> 
>> On Oct 3, 2011, at 10:02 PM, David Birdsong wrote:
>> 
>> Varnish doesn't send traffic out of interfaces, the OS does. Your
>> kernel routing table will determine which device is part of a
>> particular route. For most traffic, the 'default' route is the route
>> that matches outbound traffic.  You can change your default route to
>> exit a particular interface--though I'm not sure if an ethernet alias
>> will work. Try it out.
>> 
>> On Mon, Oct 3, 2011 at 6:26 PM, Henry M. Umansky <humansky at princeton.edu>
>> wrote:
>> 
>> Hello,
>> 
>> I'm running Varnish 2.1.5 on Red Hat Enterprise Linux Server release 6.1.
>> Currently I have two interfaces: eth0 and an alias eth0:0. I need Varnish to
>> bind to eth0:0, which it does perfectly, however, outgoing traffic is going
>> through eth0. Is there anyway to tell Varnish to send outgoing traffic
>> through the same IP address I tell varnish to "listen" to? I guess I can
>> route the traffic accordingly via iptables, but I'd prefer to do it at the
>> application layer if possible.
>> 
>> Any help would be much appreciated, varnish is an amazing product!!!
>> 
>> Henry Umansky
>> 
>> Web Development Services
>> 
>> Princeton University
>> 
>> humansky at princeton.edu
>> 
>> 609-258-1674
>> 
>> 
>> _______________________________________________
>> 
>> varnish-misc mailing list
>> 
>> varnish-misc at varnish-cache.org
>> 
>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
>> 
>> 
>> 
>> _______________________________________________
>> varnish-misc mailing list
>> varnish-misc at varnish-cache.org
>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
>>

More information about the varnish-misc mailing list