Lan into DMZ interface doesn't show true source IP

phospher · Jun 24, 2011, 3:34 AM

When I access my DMZ(third interface) from my LAN the source IP that is passed to my web server is the DMZ interface IP. Is there a way to get it to hand over the true source ip?

Metu69salemi · Jun 24, 2011, 9:04 PM

From where you're trying to look correct source ip, server in dmz?

As an example: php can detect lot of IP-details, if you're not using proxy

phospher · Jun 26, 2011, 4:55 PM

Yes, if I look at the web logs on the server in the dmz it reports the source ip of the dmz interface. I really need this to be the source IP of the lan machine. For example my lan subnet is 172.16.0.0/24 and my dmz is 172.16.1.0/24. When ever a client from the lan accesses the web server located on the dmz it always reports the source ip as 172.16.1.1 which is the dmz interface IP.

Metu69salemi · Jun 26, 2011, 8:06 PM

do you have proxy in between? that can explain source ip's change

phospher · Jun 27, 2011, 5:34 AM

No, no proxy. It's as if everthing is nated from the DMZ inteface ip addy.

Metu69salemi · Jun 30, 2011, 4:30 AM

How about next test:
Manual outbound nat rule with following settings:
Do not nat: choose
Interface: opt1
Protocol: what ever traffic you want
Source: LAN subnet
Destination: choose network and you can specify mask bit to 32(applies only one machine)
Description: best solution so far