Iptables with NAT question

To: debian-user@lists.debian.org
Subject: Iptables with NAT question
From: Ian Melnick <dazed@vonsteuben.cps.k12.il.us>
Date: Fri, 8 Nov 2002 09:49:52 -0600
Message-id: <[🔎] 20021108154952.GA17393@vonsteuben.cps.k12.il.us>

Hello,

I set up machine #1 to act as just a packet filtering machine, and
machine #2 to run apache. Whenever I look at the apache access logs, the
only IP that shows up is that of the firewall's. Although people can get
to the site this way, I can't analyze where my traffic is coming from,
etc. How do I set it up so that the IP of the actual user shows up in my
logs?
Someone in #debian told me that I shouldn't NAT the external
addresses. I don't know what that means. These are the two lines that do
the operation in question.

iptables -A INPUT -i eth0 -m state --state NEW,ESTABLISHED,RELATED -p
tcp -s 0.0.0.0/0 -d 192.168.1.1 --dport 80 -j ACCEPT

iptables -A PREROUTING -t nat -p tcp -d 192.168.1.1 --dport 80 -j DNAT
--to 192.168.1.2:80


Thanks in advance!

Reply to:

Prev by Date: Re: Linux installs but does not "see" NIC
Next by Date: Noob question -- setting up home folders
Previous by thread: Re: Re: Woody - XFree86 4.1.0.1: Screen Freezing, fsck 3 times/day
Next by thread: Noob question -- setting up home folders
Index(es):
- Date
- Thread