* Robb Kidd (rkidd@ncmec.org) [010717 14:40]: > I'm tinkering with a setup at home. I am currently using a Linksys > BEFSR41 4-port Cable/DSL router to share my cable service and have port > 80 forwarded to a Debian potato box running Apache. It seems obvious > now, I suppose, but when reviewing my web logs, all connections are > logged as coming from the Linksys' internal address. It's not a busy > site, but I'd like to keep track of who is connecting and I'd also like > to get my hands dirty by setting up a firewall myself. > Were I to replace the Linksys firewall/router with an ipchains (or > iptables?? recommendations?) firewall on the web server, would the > public source IPs of connections show up in Apache's logs? I imagine > that they would since web connections wouldn't be NAT'd/MASQ'd. > For security's sake, if kept them seperate and ran the > ipchains/iptables on a seperate box using port forwarding to the web > server (using a private IP), would I have the same problem? > > Any advice or guidance is appreciated! Thanks. I'm not at home right now, so I can't compare model numbers, but at home we use my roommate's Linksys cable/DSL router. I have been able to set up port forwarding very easily with it; you should be able to have it do the same (no matter what port/protocol). It doesn't make sense to me that your web logs show the internal address if port 80 were actually being forwarded; it seems that your router is somehow proxying the requests. AFAIK, our linksys router isn't able to serve as a web proxy, but is able to set up actual port forwards, like you're looking to do with a debian router. Try to see if what you're describing is really the case; I'm skeptical that the router is serving as a proxy. I'll post again tomorrow from home when I can verify that we're talking about the same hardware. If not, and your router is indeed serving as a proxy, you should be able to configure to do port forwarding instead, from the web interface. Vineet
Attachment:
pgpUCVOMNzhsc.pgp
Description: PGP signature