Lan into DMZ interface doesn't show true source IP



  • When I access my DMZ(third interface) from my LAN the source IP that is passed to my web server is the DMZ interface IP. Is there a way to get it to hand over the true source ip?



  • From where you're trying to look correct source ip, server in dmz?

    As an example: php can detect lot of IP-details, if you're not using proxy



  • Yes, if I look at the web logs on the server in the dmz it reports the source ip of the dmz interface. I really need this to be the source IP of the lan machine.  For example my lan subnet is 172.16.0.0/24 and my dmz is 172.16.1.0/24. When ever a client from the lan accesses the web server located on the dmz it always reports the source ip as 172.16.1.1 which is the dmz interface IP.



  • do you have proxy in between? that can explain source ip's change



  • No, no proxy. It's as if everthing is nated from the DMZ inteface ip addy.



  • How about next test:
    Manual outbound nat rule with following settings:
    Do not nat: choose
    Interface: opt1
    Protocol: what ever traffic you want
    Source: LAN subnet
    Destination: choose network and you can specify mask bit to 32(applies only one machine)
    Description: best solution so far



Locked