From netfilter  Fri Apr 19 13:03:51 2013
From: Ambroz Bizjak <ambrop7 () gmail ! com>
Date: Fri, 19 Apr 2013 13:03:51 +0000
To: netfilter
Subject: Re: Remote IP in packet sent from WAN to LAN
Message-Id: <CAOA3yKJiHwziR0g3WNSWp0Pz6Z86UA2USUv7LtGaPa=P67O16w () mail ! gmail ! com>
X-MARC-Message: https://marc.info/?l=netfilter&m=136637663524437

I think the only way this can happen is if you accidentally did SNAT.
Is there a SNAT (or MASQUERADE) rule somewhere? Make sure it only
applies to packets going *out* into the Internet.

On Fri, Apr 19, 2013 at 2:50 PM, Piotr Pawłowski
<piotr.pawlowski@goyello.com> wrote:
> Not exactly.
> On the iptables-based router there is port forwarding to services running on servers inside LAN. I.e. WWW server is running on 192.168.1.2:80 , in iptables I have port forwarding (nat/prerouting) from external IP (2.3.4.5:80) to 192.168.1.2:80 . Now on 192.168.1.2 in WWW access logs I see internal IP of the router instead of remote IP of the client, which requested 2.3.4.5:80 in browser.
>
> Best egards
> ---
> Piotr Pawłowski
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html