NAT & Homepage Statistics

NAT & Homepage Statistics

[Mischa Gossen]

Hello,

Recently I've installed a webserver behind my firewall. On my website I
keep statistics where my visitors come from. This is based on the
IPadrress they have. 
Ever since I run my webserver behind my firewall (which NAT's to the
inside), all the users come from the IPaddress of my firewall. This way
I don't have any statistics anymore :(
Is there any possibility that I can keep my NAT on the inside of my
firewall and my webserver can retreive the right IP from the visitors.
And if it isn't possible, is there a elegant workaround for it?


Thanks in advance,

Mischa

Re: NAT & Homepage Statistics

[Ranjeet Shetye]

On Thu, 2003-01-30 at 12:38, Mischa Gossen wrote:
> Hello,
> 
> Recently I've installed a webserver behind my firewall. On my website I
> keep statistics where my visitors come from. This is based on the
> IPadrress they have. 
> Ever since I run my webserver behind my firewall (which NAT's to the
> inside), all the users come from the IPaddress of my firewall. This way
> I don't have any statistics anymore :(
> Is there any possibility that I can keep my NAT on the inside of my
> firewall and my webserver can retreive the right IP from the visitors.
> And if it isn't possible, is there a elegant workaround for it?
> 
> 
> Thanks in advance,
> 
> Mischa
> 
> 

Hi,

If your webserver is behind the firewall and people are connecting to it
from the Internet, it means that you are running Destination NAT (DNAT).
So, your source IP for incoming packets should not be affected since you
are doing DNAT only. On the other hand, if you are also doing SNAT for
traffic coming in then you might run into the problem you are running
into. Check your rules. Maybe you need tighter rules. i.e. bind your
DNAT / SNAT rules to specific interfaces ?

Can't help more without details.

HTH

-- 
Ranjeet Shetye
Senior Software Engineer
Zultys Technologies
Ranjeet dot Shetye2 at Zultys dot com
http://www.zultys.com/

The views, opinions, and judgements expressed in this message are solely
those of
the author. The message contents have not been reviewed or approved by
Zultys.

Re: NAT & Homepage Statistics

[uniplex]

Ranjeet Shetye wrote:

> If your webserver is behind the firewall and people are connecting to it
> from the Internet, it means that you are running Destination NAT (DNAT).
> So, your source IP for incoming packets should not be affected since you
> are doing DNAT only. On the other hand, if you are also doing SNAT for
> traffic coming in then you might run into the problem you are running
> into. Check your rules. Maybe you need tighter rules. i.e. bind your
> DNAT / SNAT rules to specific interfaces ?
> 
> Can't help more without details.
> 
> HTH
> 

yeah, any snat rules would be suspect. and also a misconfigured 
postrouting rule.

Re: NAT & Homepage Statistics

[Athan]

[-- Attachment #1: Type: text/plain, Size: 1000 bytes --]

On Thu, Jan 30, 2003 at 12:38:35PM +0100, Mischa Gossen wrote:
> Recently I've installed a webserver behind my firewall. On my website I
> keep statistics where my visitors come from. This is based on the
> IPadrress they have. 
> Ever since I run my webserver behind my firewall (which NAT's to the
> inside), all the users come from the IPaddress of my firewall. This way
> I don't have any statistics anymore :(

  What are the specific rule(s) you're using to do this?  I have some
DNAT rules to allow gnutella behind my firewall and the client sees the
original source IP fine.  I've doublechecked this with tcpdump on the
'inside' host, telnet to the port from outside does show up the IP of
the machine I telnet from.

-Ath
-- 
- Athanasius = Athanasius(at)miggy.org / http://www.miggy.org/
                  Finger athan(at)fysh.org for PGP key
	   "And it's me who is my enemy. Me who beats me up.
Me who makes the monsters. Me who strips my confidence." Paula Cole - ME

[-- Attachment #2: Type: application/pgp-signature, Size: 240 bytes --]