IP rewritten passing from WAN to DMZ interface?

JBNixx · Feb 13, 2017, 10:56 AM

Hi, not sure if this belongs here, but here goes :).

My pfsense has 3 networks attached to it:
LAN - 10.0.0.1
DMZ - 10.1.1.0
WAN - 192.168.1.2

Infront of PFSense if the ISP router. I've put PFSense in the DMZ NAT settings of the ISp router.

I have a webserver running in the 10.1.1.0 network behind PFSense. If i access the webserver from outside my own network (Using 4G or Hide My Ass Proxy) I'm noticing that I'm getting my own public IP in my NGINX logs.

So i took a packet capture in PFSense on both the WAN and the DMZ interface

On the WAN packet capture i'm seeing the real internet routable client IP as the source
On the DMZ interface i'm seeing the same packets, but with my own Public IP as the source (Not the PFSense IP, but my own Public internet routable ip-address).

So it seems that when packets leave the WAN interface destined for the DMZ interface the Source gets rewritten to be my public IP ?

Any ideas? I'd like to get the real client IP right through to my Webserver.

JBNixx · Feb 13, 2017, 12:31 PM

Ah i figured it out. It's the stupid ISP modem.

Packets coming in from a port forwarding rule are stamped with the WAN IP of the modem as the client.

Packets returning from a request initiated from within the network are as they should be. The real client IP is visiable as the source.

So it's the way the ISp router performs port forwarding (Inteno FG500 if anyone is interested.).