Re: log the original source ipaddress

To: "N. A. Hilal" <elc21@telkom.net>
Cc: debian-security@lists.debian.org
Subject: Re: log the original source ipaddress
From: "Christian G. Warden" <cwarden@xerus.org>
Date: Tue, 9 Apr 2002 22:09:23 -0700
Message-id: <[🔎] 20020409220922.C26738@xerus.org>
In-reply-to: <[🔎] web-90917839@m1.plasa.com>
References: <[🔎] web-90917839@m1.plasa.com>

i'm not familiar with rinetd, but if you use netfilter to do dnat the source
address will be maintained.  just make sure internal boxes hit the
webserver directly, on the internal ip, rather than through the external
one so they don't get confused by packets coming back directly from the
web server.
something like this should work:
/sbin/iptables -t nat -A PREROUTING -p tcp -i eth0 -d $EXTIP --dport 80 \
-j DNAT --to-destination $WEBSERVER:80

/sbin/iptables -A FORWARD -p tcp -d $WEBSERVER --destination-port 80 -j ACCEPT

xn

On Wed, Apr 10, 2002 at 11:01:25AM +0700, N. A. Hilal wrote:
> dear,
> 
> i have webserver (running on localnet rfc1918) stay behind a
> firewall (using rinetd for redirecting), the apache's log
> read all access from the internal interface's firewall
> instead of the original source address. 
> 
> any idea how can i log the original source ipaddress's
> anyone who access my webserver even i use redirecting..?
> 
> thx,
> N. A. Hilal
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org


-- 
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- log the original source ipaddress
  - From: "N. A. Hilal" <elc21@telkom.net>

Prev by Date: log the original source ipaddress
Next by Date: php error?!
Previous by thread: log the original source ipaddress
Next by thread: php error?!
Index(es):
- Date
- Thread