I am playing with the NLB. One feature is that it can preserve the client source IP. I tested it and it works. However, has anybody been wondering how it works?
Let's say that my home PC is the client for the HTTP request and it is behind the public IP 1.1.1.1
The NLB has an IP of 2.2.2.2 on the public side. The real webserver in the target group is an instance with private IP 192.168.0.10. The instance is also in the public subnet and it has an elastic IP of 2.2.2.10.
I confirmed with my packet capture (tcpdump) on the server that I see requests coming in from 1.1.1.1. I see the response going back to 1.1.1.1 as well. However, my home PC's Wireshark would show traffic to and from 2.2.2.2, and not 2.2.2.10... How's that possible?
From the routing perspective, the server would receive the request from 1.1.1.1 and will send a response back to it. The response would traverse through the IGW, instead of the NLB, and therefore will have 2.2.2.10 when on the Internet. The connection would be rejected by my PC because the response came back from a different IP (2.2.2.10) rather than the original one (2.2.2.2).
Is the NLB somehow tied to the IGW and in this case, the IGW would know to SNAT the response to 2.2.2.2 instead of 2.2.2.10?
Thanks, Difan
