The request is coming from the outside, I agree with your "really weird" assessment. The network topology is as follows: ----------DSL "MODEM" --------------->SMC Router ------>Switch --> Webserver Public IP--192.168.2.x-----192.168.2.y--192.168.1.x------------192.168.1.y The address being logged is 192.168.2.y The SMC is an SMC7004ABR. I'm beginning to think the router is misbehaving, but I don't think it has the capability to terminate and initiate a new session. I've never seen any kind of proxy function in it.
The SMC router may be doing NAT (network address translation)
G -----Original Message----- From: Noah [mailto:sitz@xxxxxxxxxxxx] Sent: Wednesday, March 16, 2005 10:04 PM To: users@xxxxxxxxxxxxxxxx Subject: Re: [users@httpd] Access_log shows incorrect remote host address On Wed, Mar 16, 2005 at 05:02:42PM -0700, FloorFLUX wrote:When you access your webserver, are you using an external IP address? If so, It's going to log your hit as coming from your router no matter where it's coming from on the lan because your outgoing request is going through the router. If you access it via an internal IP address (perhaps that's how you're doing it with the other applications), then your request doesn't go through the router, and your internal address will be preserved.Uh...what? If the request is coming from the outside, the logged IP will, 98+% of the time, be the IP of the client (where 'client' may be a proxying system of some kind and not /necessarily/ a browser). If it's logging the IP of a /router/ that's really weird. I could see it logging the IP of a /switch/, depending on the kind of switch it is; some switches and pseudoswitches (things like Wincom (which no longer exists, I believe) and Netscalar gear) can be configured to terminate an incoming request and initiate a new TCP session to the server (with the switch's IP as the source IP); quite possible some firewalls may do this as well; haven't played with any, but they may well be out there. Unless I'm missing something obvious (hardly the first time, and I'm not a routergeek by trade), the above explanation is bogus. What kind of a router are you dealing with? What's your network topology look like (what does a packet have to do to get from the Internet(tm) to your webserver?) --n -- <huey> dd of=/dev/fd0 if=/dev/flippy bs=1024 <huey> ^^^ Making Flippy Floppy --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|