- This topic is empty.
March 16, 2015 at 3:21 am #44245ryanswMember
Good evening. I have recently run into an issue with my web server and my new Zeroshell configuration. The Zeroshell system has two NICs installed, one to WAN and one to my switch. I created a virtual server and told it to redirect my public IP address on all NICs on port 80 and 443 to my private network NIC with the IP of my apache server and ports 80 and 443. Everything worked fine until I looked at the logs. All connections show up as coming from the router’s IP on the private network. When the connection is passed through the Zeroshell virtual server routing, the IP address is lost and replaced with the private IP of my router. It is necessary that I see the IP addresses of my clients for logging purposes. Is there something I have set up wrong or is there no way around this? Should I have used a firewall rule instead, and if yes, how would I do that? Also, could the problem be from my NAT configuration, and if so, how could I properly configure it?
I look forward to your replies. Zeroshell truly is an amazing piece of software and I look forward to using it in many future networking projects.March 16, 2015 at 11:46 am #53764redfiveParticipant
Remove the internal interface from ‘Nat Enabled Interfaces’, and add, in Scripts/Cron, NAT and Virtual Servers script,
iptables -t nat -I POSTROUTING 1 -o internal.iface -s lan.ip addr/mask -d server.private.ip -j MASQUERADE
Assuming your internal network 192.168.12.0/24 on ETH00, and you ‘real’ server ip address 192.168.12.2
iptables -t nat -I POSTROUTING 1 -o ETH00 -s 192.168.12.0/24 -d 192.168.12.2 -j MASQUERADE
enable the script.
This should translate the source ip address (with the lan side ZS ip address) received from the server only if the packets are coming from the inside lan, leaving unchanged packets which arriving from the wan.
RegardsMarch 18, 2015 at 3:29 am #53765ryanswMember
Thank you very much 🙂
I truly appreciate the help! The script worked great and the ip is now successfully passed on to the actual server and can be recorded in the logs! Thank you again!
- You must be logged in to reply to this topic.