[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netfilter
Subject:    Re: Remote IP in packet sent from WAN to LAN
From:       Vigneswaran R <vignesh () atc ! tcs ! com>
Date:       2013-04-23 4:53:19
Message-ID: 517610EF.2020009 () atc ! tcs ! com
[Download RAW message or body]

On 04/19/2013 06:20 PM, Piotr Pawłowski wrote:
> Not exactly.
> On the iptables-based router there is port forwarding to services running on \
> servers inside LAN. I.e. WWW server is running on 192.168.1.2:80 , in iptables I \
> have port forwarding (nat/prerouting) from external IP (2.3.4.5:80) to \
> 192.168.1.2:80 . Now on 192.168.1.2 in WWW access logs I see internal IP of the \
> router instead of remote IP of the client, which requested 2.3.4.5:80 in browser.

1. Instead of using iptables-based port forwarding (DNAT), if you use 
some reverse proxy (eg., apache) on the router, I think you can log the 
actual client IP by following the instructions in the below URL (taken 
from Humberto Juca's mail).

http://engi.neir.org/tips-tricks/fix-apache-proxy-logging/

2. Otherwise, you can LOG the packet on the router before doing DNAT. 
Then the router log and webserver log together can make some sense 
(provided that the servers are time synchronized).


Regards,
Vignesh

--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[prev in list] [next in list] [prev in thread] [next in thread]