If you have configured Anti-DDoS Pro for your hosts outside Alibaba Cloud, you can use the methods introduced in this document to obtain the clients’ real IP addresses.
The methods described in this document support the following operating systems: Redhat Linux and Centos 6.x
Consider these recommendations before you proceed with the steps:
- Perform a demo in a test environment. Make sure the business is stable before making the official release.
- Keep the original kernel. You can switch to the original kernel for recovery in case of restart failure.
Follow these steps to obtain the clients’ real IP addresses:
Download the following kernel installation files:
Install the kernel. Locate the installation directory and run the following command:
rpm -ivh kernel-2.6.32-220.23.2.ali_github.el6.x86_64.rpm
Note: You do not need to install kernel-firmware for CentOS 6.2 and later versions.
Configure the toa module to enable auto-load.
Create a file
/etc/sysconfig/modules/toa.modules, and add the following content:
if [ -e /lib/modules/uname -r/kernel/net/toa/toa.ko ] ;
modprobe toa > /dev/null 2>&1
Run the following command to grant the executable permission to the toa module.
sudo chmod +x /etc/sysconfig/modules/toa.modules
- Run the
rebootcommand to restart the system.
In general, the host can obtain the clients’ real IP addresses once you complete the installation. If the host cannot retrieve the clients’ IP addresses, you can run the
lsmod|grep toa command to check the loading status of the toa module.
- If the toa module is not loaded, run the
modprobe toacommand to manually load it.
- When the module is loaded successfully, test the host again and see if it can get the clients’ real IP addresses.
Will the network performance be slowed down when network connection has to pass through the toa module?
The toa module is deployed on the supplementary access, and has little influence on the network performance.
We recommend that you keep the original kernel. You can switch to the original kernel for recovery in case of restart failure. Additionally, you can find the source code of the current version on Github.