From: Bill Davidsen <davidsen@tmr.com>
To: netfilter@lists.netfilter.org
Subject: Re: port translation
Date: Fri, 16 Jan 2004 17:32:10 -0500 [thread overview]
Message-ID: <bu9oqk$e1j$1@gatekeeper.tmr.com> (raw)
In-Reply-To: <4001239D.7010904@yahoo.fr>
Romain Moyne wrote:
> Hello,
>
> I'm French and my english is bad ;)
>
> I have a http server (debian 3.0) behind a router (debian 3.0). I have a
> problem when I want to log the visitor's IP of my website with PHP or
> Perl or all language. I have always the IP of my router ! Somebody tell
> me that I must do port translation but I have searched and I haven't
> fand anything.
> Can you help me ?
> This is the rules of my router :
>
> iptables -t nat -A PREROUTING -d MyIP -p tcp --dport 80 -j DNAT
> --to-destination 192.168.0.3:80
Something wrong here... you would see the IP of the router if you were
doing MASQUERADE, but not with DNAT. I have a similar setup, and my mail
server filters LOTS of addresses by IP.
You should be sure you don't have a leftover MASQUERADE (or SNAT) rule
which is being used, then run tcpdump on the internal NIC of the router
and catch the packets as they leave. DNAT does just what you want, and I
have a fair number of machines running as routers which don't have this
problem.
--
bill davidsen <davidsen@tmr.com>
CTO TMR Associates, Inc
Doing interesting things with small computers since 1979
next prev parent reply other threads:[~2004-01-16 22:32 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-01-11 10:21 port translation Romain Moyne
2004-01-11 10:46 ` [despammed] " Andreas Kretschmer
2004-01-11 11:03 ` Romain Moyne
2004-01-11 11:28 ` Andreas Kretschmer
2004-01-11 11:37 ` Antony Stone
2004-01-11 12:43 ` Cedric Blancher
2004-01-11 12:53 ` Romain Moyne
2004-01-11 13:03 ` Antony Stone
2004-01-11 13:32 ` Cedric Blancher
2004-01-11 13:45 ` Romain Moyne
2004-01-11 13:55 ` Antony Stone
2004-01-11 14:03 ` Romain Moyne
2004-01-16 22:32 ` Bill Davidsen [this message]
-- strict thread matches above, loose matches on Subject: below --
2005-01-05 8:23 Richard
2005-01-05 13:23 ` John A. Sullivan III
2005-01-06 13:34 ` Eric Ellis
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='bu9oqk$e1j$1@gatekeeper.tmr.com' \
--to=davidsen@tmr.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.