How to pass IP to servers from virtual server forwarders

Home Page Forums Network Management ZeroShell How to pass IP to servers from virtual server forwarders

This topic contains 1 reply, has 0 voices, and was last updated by  ryansw 3 years, 11 months ago.

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • March 16, 2015 at 3:21 am #44245

    ryansw
    Member

    Good evening. I have recently run into an issue with my web server and my new Zeroshell configuration. The Zeroshell system has two NICs installed, one to WAN and one to my switch. I created a virtual server and told it to redirect my public IP address on all NICs on port 80 and 443 to my private network NIC with the IP of my apache server and ports 80 and 443. Everything worked fine until I looked at the logs. All connections show up as coming from the router’s IP on the private network. When the connection is passed through the Zeroshell virtual server routing, the IP address is lost and replaced with the private IP of my router. It is necessary that I see the IP addresses of my clients for logging purposes. Is there something I have set up wrong or is there no way around this? Should I have used a firewall rule instead, and if yes, how would I do that? Also, could the problem be from my NAT configuration, and if so, how could I properly configure it?

    I look forward to your replies. Zeroshell truly is an amazing piece of software and I look forward to using it in many future networking projects.

    March 16, 2015 at 11:46 am #53764

    redfive
    Participant

    Remove the internal interface from ‘Nat Enabled Interfaces’, and add, in Scripts/Cron, NAT and Virtual Servers script,

    iptables -t nat -I POSTROUTING 1 -o internal.iface -s lan.ip addr/mask -d server.private.ip -j MASQUERADE

    Assuming your internal network 192.168.12.0/24 on ETH00, and you ‘real’ server ip address 192.168.12.2

    iptables -t nat -I POSTROUTING 1 -o ETH00 -s 192.168.12.0/24 -d 192.168.12.2 -j MASQUERADE

    enable the script.
    This should translate the source ip address (with the lan side ZS ip address) received from the server only if the packets are coming from the inside lan, leaving unchanged packets which arriving from the wan.
    Regards

    March 18, 2015 at 3:29 am #53765

    ryansw
    Member

    Thank you very much 🙂
    I truly appreciate the help! The script worked great and the ip is now successfully passed on to the actual server and can be recorded in the logs! Thank you again!

  • Author
    Posts
Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.