This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Logging actual source IP

Hi all. Here's a real dumb question...

I have several applications like phpBB, Gallery, Chat, FileShares, Squirelmail etc, behind ASL and I noticed recently, doooh!, that if an internet user goes into any of these apps, the IP that is logged is my firewall's 192. network instead of their actual IP.

So, for example, my firewalls internal IP is 192.168.1.1 and my apps server is 192.168.1.3. A user coming in browsing my BB is logged as 192.168.1.1 and not his actual internet IP.

Have I misconfigured something or is that how it is with ASL?

Any suggestion or recommendation is mucho appreciated.

Thanks!
jav

This thread was automatically locked due to age.

Parents

0 javelin over 20 years ago
Hello again.

I've been away for sometime and didn't get a chance to implement everyone's suggestion. I appreciate everyone's time for helping me out.

I used the following NAT as some have suggested but I can't get to my webserver from the internet:

Code:

Name Match Parameters SRC Translation DST Translation
web_services Any -> inwall (Address) / HTTP None amed/HTTP

Packet Filter Rules:
Source             Service              Destination
Any    0.0.0.0/0   HTTP    0.0.0.0/0    amed

Here's my network configuration. To the eye of the experienced, you may see the problem right away. But for a novice like me, I'm still wondering around.

ASL SERVER:Code:

# netstat -rn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
24.nnn.nn.1     0.0.0.0         255.255.255.255 UH        0 0          0 eth2
192.168.1.0     0.0.0.0         255.255.255.0   U         0 0          0 eth0
68.nnn.nn.0     0.0.0.0         255.255.254.0   U         0 0          0 eth2
127.0.0.0       0.0.0.0         255.0.0.0       U         0 0          0 lo
0.0.0.0         24.nnn.nn.1     0.0.0.0         UG        0 0          0 eth2

where:
24.nnn.nn.1 is my Forwarding Name Servers or eth2
192.168.1.0 is my internal network or eth0
68.nnn.nn.0 is my external network or eth2

ifconfig eth0:
eth0    Link encap:Ethernet  HWaddr 00:03:6D:10:93:96
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

ifconfig eth2:
eth2    Link encap:Ethernet  HWaddr 00:50:FC:78:3D:41
          inet addr:68.n.n.n  Bcast:255.255.255.255  Mask:255.255.254.0
          UP BROADCAST NOTRAILERS RUNNING MULTICAST  MTU:1500  Metric:1

WEBSERVER:
# netstat -rn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
192.168.1.0     0.0.0.0         255.255.255.0   U         0 0          0 eth1

ifconfig eth1:
eth1    Link encap:Ethernet  HWaddr 00:20:35:68:6B:3A
          inet addr:192.168.1.3  Bcast:192.168.1.255  Mask:255.255.255.0

Any suggestion and ideas you can provide me is greatly appreciated...

Thanks!
jav
Cancel
Vote Up 0 Vote Down

Cancel
0 BarryG over 20 years ago in reply to javelin

Looks like you don't have a gateway set on your webserver!

set it to the DMZ ASL address (192.168.1.1 probably)

Barry
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BarryG over 20 years ago in reply to javelin

Looks like you don't have a gateway set on your webserver!

set it to the DMZ ASL address (192.168.1.1 probably)

Barry
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 javelin over 20 years ago in reply to BarryG
[ QUOTE ]
Looks like you don't have a gateway set on your webserver!

set it to the DMZ ASL address (192.168.1.1 probably)

Barry

[/ QUOTE ]

Barry, you're a wonderful person! You and everyone who have put time and effort to help me out I hereby extend my humble gratitude.

With your last suggestion, and my thanks to firebear as well who had the right idea but I've managed to overlooked, finally was the right solution to my seemingly difficult problem.

Soon after I reconfigured my webserver to use ASL(192.168.1.1) as  the default gateway, source IPs are now being logged accurately and in fact.

For those who may run into this same issue, the following is the command I used in my webserver to set my default gateway:
Code:

/sbin/route add default gw 192.168.1.1

where 192.168.1.1 is my ASL's secondary interface

[root@amed logs]# netstat -rn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
192.168.1.0     0.0.0.0         255.255.255.0   U         0 0          0 eth0
192.168.1.0     0.0.0.0         255.255.255.0   U         0 0          0 eth1
0.0.0.0         192.168.1.1     0.0.0.0         UG        0 0          0 eth0

tcp      6 79 TIME_WAIT src=151.nnn.nnn.nnn dst=68.nnn.nn.nnn sport=56546 dport=80 src=192.168.1.3 dst=151.nnn.nnn.nnn sport=80 dport=56546 [ASSURED] use=1

SYN_ACK is sent from the webserver and received from the client and communication continues.

I would have given up if not for everyone's patience and persistence. I've learned a great deal. I appreciate everyone's help and I'm very thankful.

jav
Cancel
Vote Up 0 Vote Down

Cancel
0 BarryG over 20 years ago in reply to javelin

OK.
What you've done will only last until the next reboot of your server.
You should be able to permanently set the gateway on it.

Look at /etc/sysconfig/network on the server.
there should be a
GATEWAY=
line there. put your ASL's DMZ IP into that.

Barry
Cancel
Vote Up 0 Vote Down

Cancel