[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netfilter
Subject:    Re: Remote IP in packet sent from WAN to LAN
From:       Ambroz Bizjak <ambrop7 () gmail ! com>
Date:       2013-04-19 13:03:51
Message-ID: CAOA3yKJiHwziR0g3WNSWp0Pz6Z86UA2USUv7LtGaPa=P67O16w () mail ! gmail ! com
[Download RAW message or body]

I think the only way this can happen is if you accidentally did SNAT.
Is there a SNAT (or MASQUERADE) rule somewhere? Make sure it only
applies to packets going *out* into the Internet.

On Fri, Apr 19, 2013 at 2:50 PM, Piotr Pawłowski
<piotr.pawlowski@goyello.com> wrote:
> Not exactly.
> On the iptables-based router there is port forwarding to services running on \
> servers inside LAN. I.e. WWW server is running on 192.168.1.2:80 , in iptables I \
> have port forwarding (nat/prerouting) from external IP (2.3.4.5:80) to \
> 192.168.1.2:80 . Now on 192.168.1.2 in WWW access logs I see internal IP of the \
> router instead of remote IP of the client, which requested 2.3.4.5:80 in browser. 
> Best egards
> ---
> Piotr Pawłowski
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[prev in list] [next in list] [prev in thread] [next in thread]