Lan into DMZ interface doesn't show true source IP
When I access my DMZ(third interface) from my LAN the source IP that is passed to my web server is the DMZ interface IP. Is there a way to get it to hand over the true source ip?
From where you're trying to look correct source ip, server in dmz?
As an example: php can detect lot of IP-details, if you're not using proxy
Yes, if I look at the web logs on the server in the dmz it reports the source ip of the dmz interface. I really need this to be the source IP of the lan machine. For example my lan subnet is 172.16.0.0/24 and my dmz is 172.16.1.0/24. When ever a client from the lan accesses the web server located on the dmz it always reports the source ip as 172.16.1.1 which is the dmz interface IP.
do you have proxy in between? that can explain source ip's change
No, no proxy. It's as if everthing is nated from the DMZ inteface ip addy.
How about next test:
Manual outbound nat rule with following settings:
Do not nat: choose
Protocol: what ever traffic you want
Source: LAN subnet
Destination: choose network and you can specify mask bit to 32(applies only one machine)
Description: best solution so far