From: Ranjeet Shetye <ranjeet.shetye2@zultys.com>
To: netfilter@lists.netfilter.org
Subject: Re: NAT & Homepage Statistics
Date: 30 Jan 2003 13:08:23 +0100 [thread overview]
Message-ID: <1043928504.590.4.camel@ranjeet-linux-1> (raw)
In-Reply-To: <se391cd4.045@mail.bmb-bbm.org>
On Thu, 2003-01-30 at 12:38, Mischa Gossen wrote:
> Hello,
>
> Recently I've installed a webserver behind my firewall. On my website I
> keep statistics where my visitors come from. This is based on the
> IPadrress they have.
> Ever since I run my webserver behind my firewall (which NAT's to the
> inside), all the users come from the IPaddress of my firewall. This way
> I don't have any statistics anymore :(
> Is there any possibility that I can keep my NAT on the inside of my
> firewall and my webserver can retreive the right IP from the visitors.
> And if it isn't possible, is there a elegant workaround for it?
>
>
> Thanks in advance,
>
> Mischa
>
>
Hi,
If your webserver is behind the firewall and people are connecting to it
from the Internet, it means that you are running Destination NAT (DNAT).
So, your source IP for incoming packets should not be affected since you
are doing DNAT only. On the other hand, if you are also doing SNAT for
traffic coming in then you might run into the problem you are running
into. Check your rules. Maybe you need tighter rules. i.e. bind your
DNAT / SNAT rules to specific interfaces ?
Can't help more without details.
HTH
--
Ranjeet Shetye
Senior Software Engineer
Zultys Technologies
Ranjeet dot Shetye2 at Zultys dot com
http://www.zultys.com/
The views, opinions, and judgements expressed in this message are solely
those of
the author. The message contents have not been reviewed or approved by
Zultys.
next prev parent reply other threads:[~2003-01-30 12:08 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-01-30 11:38 NAT & Homepage Statistics Mischa Gossen
2003-01-30 12:08 ` Ranjeet Shetye [this message]
2003-01-31 20:11 ` uniplex
2003-01-30 19:36 ` Athan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1043928504.590.4.camel@ranjeet-linux-1 \
--to=ranjeet.shetye2@zultys.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.