/ Zope / Apsis / Pound Mailing List / Archive / 2009 / 2009-12 / Open letter to Robert Segall

[ << ] [ >> ]

[ hostnames in poundctl / Jason Kronstat ... ] [ ANNOUNCE: Pound - reverse proxy and load balancer ... ]

Open letter to Robert Segall
Jean-Pierre van Melis <jp(at)mirmana.com>		 2009-12-05 13:32:00 [ FULL ] 
Robert,

First off I want to thank you for pound which makes it possible for me to run
several webservers on a consumer DSL-line. 

In the past I expressed my wish to make pound (optionally) truly transparent
using TPROXY. There are more people who would like to have this transparency.
One of them is Mr. Ivancso Krisztian (pound(at)percek.hu) who even successfully
wrote a patch for pound http://poundtp.freeweb.hu/.
I would really like to have this incorporated in the mainline code and I
believe Mr. Ivancso Krisztian would even be honoured if you did.

I never heard any reaction from you, the author of Pound, which leaves us a bit
in the dark. Could you please clear this up? A "no" is of course an option too.
If you also give us a reason would be better and a "I'm already working on it"
is of course the thing we would really like to hear ;-)

I believe the TPROXY method is not cross-platform but this can be easily solved
using compiler directives...
The code will be simply ignored on the other platforms...

Anyway....
Thanks for developing and maintaining pound

JP
 

__________ Informatie van ESET NOD32 Antivirus, versie van database
viruskenmerken 4661 (20091204) __________

Het bericht is gecontroleerd door  ESET NOD32 Antivirus.

http://www.eset.com
Re: [Pound Mailing List] Open letter to Robert Segall
Robert Segall <roseg(at)apsis.ch>		 2009-12-07 17:18:54 [ FULL ] 
On Sat, 2009-12-05 at 13:32 +0100, Jean-Pierre van Melis wrote:[...]

First of all: thanks for the kind words.

Now to the subject matter: I looked at the proposed patch and I can't
see that we'll adopt it. Here is our reasoning:

Benefit(s):
- the back-end sees the true originating IP address.

Disadvantages:
- not portable, single system (Linux only)
- very specific setup: the gateway must also be the Pound server. In
most cases that is not done - you usually have a gateway that does port
forwarding.
- software complexity: additional code is never healthy
- set-up complexity: Pound is dependent on netfilter being present,
correctly configured, with no conflicts

Seeing that the only benefit is that the logs would work with the IP
address rather than the X-Forwarded-for header (which can be configured
in practically all Web servers I know of), I don't think that this is
worth it.

I am aware that you put work into this, and, if you feel this is
important, I would be happy to add a link to the patch on the Pound
site, so people can easily find it.

In the meantime I hope we could concentrate on getting the 2.5 release
out.[...]
MailBoxer