On Mon, Nov 11, 2002 at 07:03:16PM -0600, Ian Melnick wrote: > I set up machine #1 to act as just a packet filtering machine, and > machine #2 to run apache. Machine #1 forwards all port 80 requests to > machine #2. Whenever I look at the apache access logs, the only IP that > shows up is that of the firewall's. Although people can get to the site > this way, I can't analyze where my traffic is coming from, etc. How do I > set it up so that the IP of the actual user shows up in my logs? Why are you using port-forwarding to begin with? Only one 'real' IP address? If you can possible avoid it, do so. If not, you might need to add another rule to re-write the packets so they actually have their original IPs. Hmmm...this might not be possible tho, since the source IP will be lost when the packets are mangled originally. If you really care about analysing traffic that much, you might need to set up a reverse Squid cache. I don't know how to do that, but I bet the Squid site does or Google as a last resort. > Someone in #debian told me that I shouldn't NAT the external addresses. > I don't know what that means. NAT stands for Network Address Translation. Since you're port-forwarding above, the firewall machine is re-writing all the packets coming through to have its' own source address. -rob
Attachment:
pgpW3PU1bxGj2.pgp
Description: PGP signature