On Thu, 2005-05-19 at 14:31 +0100, Peter Farrow wrote:
> If you're doing true port forwarding, the internal server should see the
> ip address of the external machine in its logs.
>
> This is how my machines log that do this, I use this type of entry in
> iptables:
>
> iptables -t nat -A PREROUTING -p tcp --dport 80 -i eth1 -j DNAT --to
> 10.198.0.17
>
> P.
>
>
Agreed ... I just checked and indeed you should see the external IP in
the logs (and in netstat) ... so just ignore the bunk that I said
before :)
> Johnny Hughes wrote:
>
> >On Thu, 2005-05-19 at 21:08 +0800, Mark Quitoriano wrote:
> >
> >
> >>i'm having a problem viewing logs on forwarded ports from the firewall
> >>to another server, i forwarded mail(port 25) from the firewall to an
> >>internal server. The problem is when i try to view the logs it just
> >>shows the firewall ip as the sender and not the original sender.
> >>
> >>
> >>
> >>
-----------------------------------------------------------------
> >In reality, the firewall may be making the connection to the internal
> >server... and not the external machine. Especially if the internal
> >server is on a 192.168.x.x or 10.x.x.x network and you are connecting
> >via NAT. If that is the case, the external machine is connecting to the
> >firewall and the firewall is connecting to the internal server.
> >
If true port forwarding is set ... then this statement (by me) is
WRONG :)
------------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.centos.org/pipermail/centos/attachments/20050519/bcdceca0/attachment.bin
