[prev in list] [next in list] [prev in thread] [next in thread]
List: netfilter
Subject: Re: Remote IP in packet sent from WAN to LAN
From: Ambroz Bizjak <ambrop7 () gmail ! com>
Date: 2013-04-19 11:13:04
Message-ID: CAOA3yK+twroq_pO0Y2H0r_b_h19WGBapdAv3dK_8GDbWpp_mfA () mail ! gmail ! com
[Download RAW message or body]
Do you mean that when an internal client connects to the extrernal
address of the server (as forwarded by the router), the server sees
the router itself connecting?
I believe there is no direct solution to this; if the router was to
state the client's IP address as the source, the client would get the
replies from the server (directly over the LAN), *but* they would have
the source address the internal address of the server, so the client
will discard them (because it expects them to arrive from the external
address).
A workaround is to set up DNS so that the domain name of the server
resolves to the internal address for clients on the LAN.
On Fri, Apr 19, 2013 at 9:40 AM, Piotr Pawłowski
<piotr.pawlowski@goyello.com> wrote:
> Hi All,
>
> I have iptables-based router which provides access to the Internet for servers in \
> LAN. Question is: is it possible to somehow 'forward' remote IP address through \
> this router? I have WWW server inside LAN and would like to have reliable access \
> logs. However, right now the only IP address visible in those logs is router one.
> Thank you in advance for information.
>
> Best Regards
> ---
> Piotr Pawłowski
>
>
>
>
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic