如何从负载均衡器后面获取客户端的IP地址? [英] How do I get a client's IP address from behind a load balancer?
问题描述
我正在使用TcpClient在端口上侦听请求.当请求来自客户端时,我想知道发出请求的客户端ip.
I am using TcpClient to listen on a port for requests. When the requests come in from the client I want to know the client ip making the request.
我尝试过:
Console.WriteLine(tcpClient.Client.RemoteEndPoint.ToString());
Console.WriteLine(tcpClient.Client.LocalEndPoint.ToString());
var networkStream = tcpClient.GetStream();
var pi = networkStream.GetType().GetProperty("Socket", BindingFlags.NonPublic | BindingFlags.Instance);
var socketIp = ((Socket)pi.GetValue(networkStream, null)).RemoteEndPoint.ToString();
Console.WriteLine(socketIp);
所有这些地址都输出10.x.x.x地址,这些地址是专用地址,显然不是发出请求的我网络外的客户端的地址.我该怎么做才能获得发出请求的客户的公开IP?
All of these addresses output 10.x.x.x addresses which are private addresses and are clearly not the address of the clients off my network making the requests. What can I do to get the public ip of the clients making the requests?
修改:我们正在将Amazon EC2负载均衡器与tcp转发一起使用.在此设置中,有没有办法获得真正的客户端IP?
We are using an Amazon EC2 Load Balancer with tcp forwarding. Is there a way to get the true client ip in this set up?
推荐答案
听起来好像您的服务器使用 NAT .在这种情况下,IP数据包将没有原始客户端的地址,但具有NAT路由器的地址.只有NAT路由器知道发件人的地址(在IP级别上).
It sounds like perhaps your server is behind a load balancer or router using NAT. In this case, the IP packet won't have the originating client's address, but the address of the NAT router. Only the NAT router knows the sender's address (on an IP level).
根据TCP上可能使用的任何更高级别的协议,也许可以从中获取客户端标识,尽管如果担心的话,更容易在更高级别上欺骗此类信息.
Depending on whatever higher-level protocol you might be using on top of TCP, you may be able to get client identification from that, although it's much easier to spoof such information at higher levels, if that may be a concern.
如果仅出于研究目的需要此数据,则您的NAT设备可能会保留日志.
If you need this data only for research purposes, your NAT device may keep a log.
如果要求您实时获取真正的原始IP数据包,则可能必须重新配置路由器或将服务器移至DMZ,但这只是一团糟.与您的网络人员交流,因为他们肯定比我(我不是网络专家)要了解更多.
If it's a requirement that you get the true originating IP packet in real time, you may have to have to reconfigure your router or have your server moved to the DMZ, but that's a whole nother ball of wax. Talk to your network guys, as they would certainly know more about this than I (I'm not a network expert).
这篇关于如何从负载均衡器后面获取客户端的IP地址?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
