From: Grant Taylor <gtaylor@riverviewtech.net>
To: Mail List - Netfilter <netfilter@vger.kernel.org>
Subject: Re: IP gets lost during redirection
Date: Thu, 14 Aug 2008 20:21:25 -0500 [thread overview]
Message-ID: <48A4DA15.60603@riverviewtech.net> (raw)
In-Reply-To: <g82aqt$kes$1@ger.gmane.org>
On 8/14/2008 5:15 PM, John Smith wrote:
> I got a server (first machine) which is reachable via the internet.
> Depending on kind of Request (HTTP, FTP...) it redirects internally
> to a different machine. This machine (second machine) is running
> apache2 for example. Everthing works fine. Yet the apache logs on the
> second machine always list the redirecting machine (first machine) as
> the requesting adress/ip and not the ip adress of the requesting
> client from the internet.
Ok...
What happens if an internal client tries to connect to an ""external
service? I.e. the FTP server tries to HTTP to your ""external service?
Will the HTTP connection work? What source IP do you see in Apache's
logs then?
I'm wondering if the packets are being redirected (as in NATed) or if
they are being proxied in. If they are proxied in, you would naturally
see the internal source IP of the proxying host.
> How can I fix this? I'm sorry to be so unspecific about the
> configuration of iptables on the redirecting machine, but this is all
> I know about it. However I can get more information if it is needed
> for the solution and you can exactly say what you need.
It depends on what is really being done. Find out if IPTables really is
being used to do the ""redirecting on the first machine. If IPTables is
being used to do the ""redirecting (as opposed to just filtering for a
proxy) see what the contents of the NAT table is on the first system.
(The output of iptables-save would be great.)
Grant. . . .
prev parent reply other threads:[~2008-08-15 1:21 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-08-14 22:15 IP gets lost during redirection John Smith
2008-08-14 22:43 ` Billy Crook
2008-08-15 1:21 ` Grant Taylor [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=48A4DA15.60603@riverviewtech.net \
--to=gtaylor@riverviewtech.net \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox