www.zeroshell.org Forum Index www.zeroshell.org
Linux Distribution for server and embedded devices
 
 SearchSearch  RegisterRegister  UsergroupsUsergroups 
 ProfileProfile  Log inLog in  Log in to check your private messagesPrivate Message 

How to pass IP to servers from virtual server forwarders

 
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> ZeroShell
View previous topic :: View next topic  
Author Message
ryansw



Joined: 16 Mar 2015
Posts: 2

PostPosted: Mon Mar 16, 2015 3:21 am    Post subject: How to pass IP to servers from virtual server forwarders Reply with quote

Good evening. I have recently run into an issue with my web server and my new Zeroshell configuration. The Zeroshell system has two NICs installed, one to WAN and one to my switch. I created a virtual server and told it to redirect my public IP address on all NICs on port 80 and 443 to my private network NIC with the IP of my apache server and ports 80 and 443. Everything worked fine until I looked at the logs. All connections show up as coming from the router's IP on the private network. When the connection is passed through the Zeroshell virtual server routing, the IP address is lost and replaced with the private IP of my router. It is necessary that I see the IP addresses of my clients for logging purposes. Is there something I have set up wrong or is there no way around this? Should I have used a firewall rule instead, and if yes, how would I do that? Also, could the problem be from my NAT configuration, and if so, how could I properly configure it?

I look forward to your replies. Zeroshell truly is an amazing piece of software and I look forward to using it in many future networking projects.
Back to top
View user's profile Send private message
redfive



Joined: 27 Aug 2009
Posts: 232

PostPosted: Mon Mar 16, 2015 11:46 am    Post subject: Reply with quote

Remove the internal interface from 'Nat Enabled Interfaces', and add, in Scripts/Cron, NAT and Virtual Servers script,
Code:
iptables -t nat -I POSTROUTING 1 -o internal.iface -s lan.ip addr/mask -d server.private.ip -j MASQUERADE

Assuming your internal network 192.168.12.0/24 on ETH00, and you 'real' server ip address 192.168.12.2
Code:
iptables -t nat -I POSTROUTING 1 -o ETH00 -s 192.168.12.0/24 -d 192.168.12.2 -j MASQUERADE

enable the script.
This should translate the source ip address (with the lan side ZS ip address) received from the server only if the packets are coming from the inside lan, leaving unchanged packets which arriving from the wan.
Regards
Back to top
View user's profile Send private message
ryansw



Joined: 16 Mar 2015
Posts: 2

PostPosted: Wed Mar 18, 2015 3:29 am    Post subject: Reply with quote

Thank you very much Smile
I truly appreciate the help! The script worked great and the ip is now successfully passed on to the actual server and can be recorded in the logs! Thank you again!
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> ZeroShell All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group