* Gian Piero Carrubba (gpcarrubba@fare-impresa.org) [020809 15:45]: > Il gio, 2002-08-08 alle 23:39, Hereward Cooper ha scritto: > > I've just noticed that my logs from a webserver behind a firewall, say > > the ip address of connections from outside the lan (i.e. traffic coming > > through the firewall) is that of the firewall. > > I'm sure that it didn't used to do that :) > > > > How can I get it to log the true ip of the connection? > > i'm not so sure you can... source address is rewritten as packets flow > trough the firewall, so the only useful(?) action i can think about is > to install an http proxy server on the firewall and relay on the proxy > logs instead of the apache ones... well, some job playing with a sniffer > could achieve the same results without the extra loading of a proxy you > don't need... Well, I'd say just the opposite. Using a proxy of some sort, new connections are made from the firewall to the webserver. Using just DNAT, only the *destination* address of the incoming packets is rewritten (from the firewall's address to the webserver's address). The source remains unchanged, and reply packets go back to the original source, but on the way out, the source addresses are "un-natted" back to the firewall's external address. Of course, that's the way it *should* work, but obviously not the way it is set up in Hereward's network right now (otherwise his logs would be fine). My assumption is that your firewall has an external address and uses DNAT to send incoming packets to a webserver with an internal address. Is my assumption wrong? How is the network really set up? What is your firewall actually doing? just DNAT? A combination of DNAT and SNAT? A proxy? good times, Vineet -- http://www.doorstop.net/ -- "Great spirits have always found violent opposition from mediocre minds. The latter cannot understand it when a man does not thoughtlessly submit to hereditary prejudices but honestly and courageously uses his intelligence." -- Albert Einstein
Attachment:
pgpO5GXECuHan.pgp
Description: PGP signature