I think the only way this can happen is if you accidentally did SNAT.
Is there a SNAT (or MASQUERADE) rule somewhere? Make sure it only
applies to packets going *out* into the Internet.

On Fri, Apr 19, 2013 at 2:50 PM, Piotr Pawłowski
<piotr.pawlowski@goyello.com> wrote:
> Not exactly.
> On the iptables-based router there is port forwarding to services running on servers inside LAN. I.e. WWW server is running on 192.168.1.2:80 , in iptables I have port forwarding (nat/prerouting) from external IP (2.3.4.5:80) to 192.168.1.2:80 . Now on 192.168.1.2 in WWW access logs I see internal IP of the router instead of remote IP of the client, which requested 2.3.4.5:80 in browser.
>
> Best egards
> ---
> Piotr Pawłowski
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html