Le dim 11/01/2004 à 11:21, Romain Moyne a écrit :
I have a http server (debian 3.0) behind a router (debian 3.0). I have a problem when I want to log the visitor's IP of my website with PHP or Perl or all language. I have always the IP of my router ! Somebody tell me that I must do port translation but I have searched and I haven't fand anything.
Can you help me ?
This is the rules of my router :
iptables -t nat -A PREROUTING -d MyIP -p tcp --dport 80 -j DNAT --to-destination 192.168.0.3:80
You have a problem here. This single rule does not prevent your webserver from seeing client IP as source, as you only modify destination IP.
You may have a SNAT rule in POSTROUTING chain that is not restricting enough and also SNAT incoming traffic to your router's IP when it should not.
Ok. I begin to understand... Now I have corrected my rules : iptables -t nat -A POSTROUTING -j SNAT -o ppp0 --to-source My_ip_on_internet
But now I have a new problem : My router, my http server and my workstation are connected with a hub.
ppp0 eth0
INTERNET--------------------192.168.0.1(router) ---------------------------192.168.0.3 (http server)
|
|
|
192.168.0.2 (workstation)
I can't access to my webserver with my workstation and it very painful.... Can you still help me ? :-D
Romain
