From: Romain Moyne <aero_climb@yahoo.fr>
To: Cedric Blancher <blancher@cartel-securite.fr>
Cc: netfilter@lists.netfilter.org
Subject: Re: port translation
Date: Sun, 11 Jan 2004 13:53:36 +0100 [thread overview]
Message-ID: <40014750.5000300@yahoo.fr> (raw)
In-Reply-To: <1073825033.761.1.camel@elendil.intranet.cartel-securite.net>
Cedric Blancher a écrit :
>Le dim 11/01/2004 à 11:21, Romain Moyne a écrit :
>
>
>>I have a http server (debian 3.0) behind a router (debian 3.0). I have a
>>problem when I want to log the visitor's IP of my website with PHP or
>>Perl or all language. I have always the IP of my router ! Somebody tell
>>me that I must do port translation but I have searched and I haven't
>>fand anything.
>>Can you help me ?
>>This is the rules of my router :
>>iptables -t nat -A PREROUTING -d MyIP -p tcp --dport 80 -j DNAT
>>--to-destination 192.168.0.3:80
>>
>>
>
>You have a problem here. This single rule does not prevent your
>webserver from seeing client IP as source, as you only modify
>destination IP.
>
>You may have a SNAT rule in POSTROUTING chain that is not restricting
>enough and also SNAT incoming traffic to your router's IP when it should
>not.
>
>
>
Ok. I begin to understand... Now I have corrected my rules :
iptables -t nat -A POSTROUTING -j SNAT -o ppp0 --to-source My_ip_on_internet
But now I have a new problem : My router, my http server and my
workstation are connected with a hub.
ppp0
eth0
INTERNET--------------------192.168.0.1(router)
---------------------------192.168.0.3 (http server)
|
|
|
192.168.0.2 (workstation)
I can't access to my webserver with my workstation and it very painful....
Can you still help me ? :-D
Romain
next prev parent reply other threads:[~2004-01-11 12:53 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-01-11 10:21 port translation Romain Moyne
2004-01-11 10:46 ` [despammed] " Andreas Kretschmer
2004-01-11 11:03 ` Romain Moyne
2004-01-11 11:28 ` Andreas Kretschmer
2004-01-11 11:37 ` Antony Stone
2004-01-11 12:43 ` Cedric Blancher
2004-01-11 12:53 ` Romain Moyne [this message]
2004-01-11 13:03 ` Antony Stone
2004-01-11 13:32 ` Cedric Blancher
2004-01-11 13:45 ` Romain Moyne
2004-01-11 13:55 ` Antony Stone
2004-01-11 14:03 ` Romain Moyne
2004-01-16 22:32 ` Bill Davidsen
-- strict thread matches above, loose matches on Subject: below --
2005-01-05 8:23 Richard
2005-01-05 13:23 ` John A. Sullivan III
2005-01-06 13:34 ` Eric Ellis
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=40014750.5000300@yahoo.fr \
--to=aero_climb@yahoo.fr \
--cc=blancher@cartel-securite.fr \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.