Lan into DMZ interface doesn't show true source IP

  • When I access my DMZ(third interface) from my LAN the source IP that is passed to my web server is the DMZ interface IP. Is there a way to get it to hand over the true source ip?

  • From where you're trying to look correct source ip, server in dmz?

    As an example: php can detect lot of IP-details, if you're not using proxy

  • Yes, if I look at the web logs on the server in the dmz it reports the source ip of the dmz interface. I really need this to be the source IP of the lan machine.  For example my lan subnet is and my dmz is When ever a client from the lan accesses the web server located on the dmz it always reports the source ip as which is the dmz interface IP.

  • do you have proxy in between? that can explain source ip's change

  • No, no proxy. It's as if everthing is nated from the DMZ inteface ip addy.

  • How about next test:
    Manual outbound nat rule with following settings:
    Do not nat: choose
    Interface: opt1
    Protocol: what ever traffic you want
    Source: LAN subnet
    Destination: choose network and you can specify mask bit to 32(applies only one machine)
    Description: best solution so far

Log in to reply