Iptables with NAT question 
I sent this note to the debian-user list the other day, and then realized
this would probably be a more appropriate list. Sorry if you're getting
it twice, but since I recieved no responses on the other one, I figured
people were ignoring it since it probably shouldn't have been there.
I set up machine #1 to act as just a packet filtering machine, and
machine #2 to run apache. Machine #1 forwards all port 80 requests to
machine #2. Whenever I look at the apache access logs, the only IP that
shows up is that of the firewall's. Although people can get to the site
this way, I can't analyze where my traffic is coming from, etc. How do I
set it up so that the IP of the actual user shows up in my logs?
Someone in #debian told me that I shouldn't NAT the external addresses.
I don't know what that means. These are the two lines that do the
operation in question:
iptables -A INPUT -i eth0 -m state --state NEW,ESTABLISHED,RELATED -p
tcp -s 0.0.0.0/0 -d 192.168.1.1 --dport 80 -j ACCEPT
iptables -A PREROUTING -t nat -p tcp -d 192.168.1.1 --dport 80 -j DNAT
Thanks in advance!
The dismantled, half-destroyed Dazed Yugo,
amongst the bloody windshields of brothers,
dares not make lamentations audible.
"Maybe I'll become a Lexus," it hopes.