[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netfilter
Subject:    Re: Remote IP in packet sent from WAN to LAN
From:       Ambroz Bizjak <ambrop7 () gmail ! com>
Date:       2013-04-19 11:13:04
Message-ID: CAOA3yK+twroq_pO0Y2H0r_b_h19WGBapdAv3dK_8GDbWpp_mfA () mail ! gmail ! com
[Download RAW message or body]

Do you mean that when an internal client connects to the extrernal
address of the server (as forwarded by the router), the server sees
the router itself connecting?

I believe there is no direct solution to this; if the router was to
state the client's IP address as the source, the client would get the
replies from the server (directly over the LAN), *but* they would have
the source address the internal address of the server, so the client
will discard them (because it expects them to arrive from the external
address).

A workaround is to set up DNS so that the domain name of the server
resolves to the internal address for clients on the LAN.

On Fri, Apr 19, 2013 at 9:40 AM, Piotr Pawłowski
<piotr.pawlowski@goyello.com> wrote:
> Hi All,
> 
> I have iptables-based router which provides access to the Internet for servers in \
> LAN. Question is: is it possible to somehow 'forward' remote IP address through \
> this router? I have WWW server inside LAN and would like to have reliable access \
> logs. However, right now the only IP address visible in those logs is router one. 
> Thank you in advance for information.
> 
> Best Regards
> ---
> Piotr Pawłowski
> 
> 
> 
> 
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[prev in list] [next in list] [prev in thread] [next in thread]