[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Iptables with NAT question [2]



On Mon, Nov 11, 2002 at 07:03:16PM -0600, Ian Melnick wrote:
> I set up machine #1 to act as just a packet filtering machine, and
> machine #2 to run apache. Machine #1 forwards all port 80 requests to
> machine #2. Whenever I look at the apache access logs, the only IP that
> shows up is that of the firewall's. Although people can get to the site
> this way, I can't analyze where my traffic is coming from, etc. How do I
> set it up so that the IP of the actual user shows up in my logs?

Why are you using port-forwarding to begin with?  Only one 'real' IP
address?  If you can possible avoid it, do so.  If not, you might need
to add another rule to re-write the packets so they actually have their
original IPs.  Hmmm...this might not be possible tho, since the source
IP will be lost when the packets are mangled originally.

If you really care about analysing traffic that much, you might need to
set up a reverse Squid cache.  I don't know how to do that, but I bet
the Squid site does or Google as a last resort.

> Someone in #debian told me that I shouldn't NAT the external addresses.
> I don't know what that means.

NAT stands for Network Address Translation.  Since you're
port-forwarding above, the firewall machine is re-writing all the
packets coming through to have its' own source address.

-rob

Attachment: pgpRlumr5slMS.pgp
Description: PGP signature


Reply to: