nverhaar
November 22nd, 2005, 02:03 AM
Hey all, I am having a minor drama with forwarding traffic on port 80 on my ubuntu gateway/firewall to an internal ubuntu web server.
I am currently using the following rules in IPTABLES to forward traffic to the web server, and it works great.
iptables -A FORWARD -i eth1 -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp -i eth1 --dport 80 -j DNAT --to-destination 10.0.0.80:80
My problem is, every connection to the web server from the outside world is being logged as the IP address of my gateway/firewall box, as opposed to logging the REAL client IP's. We need to run webalizer to determine hit counts and other statistics on our web server, however this is causing problems as all connections to the web server from the outside world are considered as a single connection. This is resulting in invalid statistics.
Does anyone know how I can somehow force the use of real IP's either with IPTABLES, or some other method?
Ive also tried running apache on the gateway/firewall machine and using the ProxyPass module to forward requests on to the internal web server, which also gave the same results.
I am currently using the following rules in IPTABLES to forward traffic to the web server, and it works great.
iptables -A FORWARD -i eth1 -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp -i eth1 --dport 80 -j DNAT --to-destination 10.0.0.80:80
My problem is, every connection to the web server from the outside world is being logged as the IP address of my gateway/firewall box, as opposed to logging the REAL client IP's. We need to run webalizer to determine hit counts and other statistics on our web server, however this is causing problems as all connections to the web server from the outside world are considered as a single connection. This is resulting in invalid statistics.
Does anyone know how I can somehow force the use of real IP's either with IPTABLES, or some other method?
Ive also tried running apache on the gateway/firewall machine and using the ProxyPass module to forward requests on to the internal web server, which also gave the same results.