Network Load Balancer SSH with Proxy V2 and Client IP Preserving

0

In extend to following question, https://repost.aws/questions/QUL1n0UH_ITzCNSZ5d_NR1Qg/proxy-protocol-v-2-with-disabling-client-ip-preservation-in-nlb-target-groups

I have configured a network load balancer disabling client IP preservation and enabling proxy V2. Idea is to only allow requests from Load balancer to EC2 instance behind. All the configurations are in a private network and security groups have attached to EC2 instance to allow traffic only from load balancer for SSH and HTTP.

I could find a way to get the client ip address in http using the configurations in nginx.*** Is there a way to get the original client ip address in SSH request and log it to a file?***

1개 답변
2

The reason that you can do that in Nginx is because Nginx has support for Proxy Protocol v2. You'll need to find a SSH server/daemon that provides support and performs the logging you require.

Why disable Client IP Preservation and then use Protocol Proxy v2? It seems like extra work when NLB will preserve the client IP for you.

profile pictureAWS
전문가
답변함 2년 전
  • Disabling client IP preservation to make the request looks like coming from NLB. So I can add NLB private ip to security group to only allow traffic from it.

  • But if your targets are in a private subnet then they can only receive traffic from the NLB or other sources in that VPC (or on your network). Seems like an easier path to go.

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인