Invalid httpd logs with port forwarding

To: debian-firewall@lists.debian.org
Subject: Invalid httpd logs with port forwarding
From: Dominic Duval <dd@dd.qc.ca>
Date: 02 Aug 2003 20:44:44 -0400
Message-id: <[🔎] 1059871483.1218.29.camel@office.dd.qc.ca>

Hi,

Simply put, is there a way to do port forwarding without having the
source address modified?

Here is the problem: I'm using the following rules to forward port 80
trafic to a HTTP server behind a firewall:

iptables -t nat -A PREROUTING -p tcp --dport 80 -d 66.46.180.200 -j DNAT
--to-destination 192.168.1.200:80
iptables -A FORWARD -p tcp --dport 80 -d 192.168.1.200 -m state --state
NEW,ESTABLISHED,RELATED -j ACCEPT

The port forwarding works just fine, but all log entries on the HTTP
server show the same source address, which is the local address of the
firewall (192.168.1.4). I'd like the logs to show the real IP address of
the client from which the connection originates.

Any help, pointer or suggestion would be appreciated.

Thanks!

			-Dominic
-- 
Dominic Duval		
SOLIDD Technologies, www.dd.qc.ca
Cell: 514-581-7975, ICQ: 4251006, MSN: dduval2@hotmail.com

Reply to:

Follow-Ups:
- Re: Invalid httpd logs with port forwarding
  - From: Jean Christophe ANDRÉ <jean-christophe.andre@auf.org>

Prev by Date: polymer
Next by Date: Re: Invalid httpd logs with port forwarding
Previous by thread: polymer
Next by thread: Re: Invalid httpd logs with port forwarding
Index(es):
- Date
- Thread