- This topic is empty.
-
Posts
-
Good evening. I have recently run into an issue with my web server and my new Zeroshell configuration. The Zeroshell system has two NICs installed, one to WAN and one to my switch. I created a virtual server and told it to redirect my public IP address on all NICs on port 80 and 443 to my private network NIC with the IP of my apache server and ports 80 and 443. Everything worked fine until I looked at the logs. All connections show up as coming from the router’s IP on the private network. When the connection is passed through the Zeroshell virtual server routing, the IP address is lost and replaced with the private IP of my router. It is necessary that I see the IP addresses of my clients for logging purposes. Is there something I have set up wrong or is there no way around this? Should I have used a firewall rule instead, and if yes, how would I do that? Also, could the problem be from my NAT configuration, and if so, how could I properly configure it?
I look forward to your replies. Zeroshell truly is an amazing piece of software and I look forward to using it in many future networking projects.
Remove the internal interface from ‘Nat Enabled Interfaces’, and add, in Scripts/Cron, NAT and Virtual Servers script,
iptables -t nat -I POSTROUTING 1 -o internal.iface -s lan.ip addr/mask -d server.private.ip -j MASQUERADEAssuming your internal network 192.168.12.0/24 on ETH00, and you ‘real’ server ip address 192.168.12.2
iptables -t nat -I POSTROUTING 1 -o ETH00 -s 192.168.12.0/24 -d 192.168.12.2 -j MASQUERADEenable the script.
This should translate the source ip address (with the lan side ZS ip address) received from the server only if the packets are coming from the inside lan, leaving unchanged packets which arriving from the wan.
Regards
- You must be logged in to reply to this topic.