Lan into DMZ interface doesn't show true source IP
-
When I access my DMZ(third interface) from my LAN the source IP that is passed to my web server is the DMZ interface IP. Is there a way to get it to hand over the true source ip?
-
From where you're trying to look correct source ip, server in dmz?
As an example: php can detect lot of IP-details, if you're not using proxy
-
Yes, if I look at the web logs on the server in the dmz it reports the source ip of the dmz interface. I really need this to be the source IP of the lan machine. For example my lan subnet is 172.16.0.0/24 and my dmz is 172.16.1.0/24. When ever a client from the lan accesses the web server located on the dmz it always reports the source ip as 172.16.1.1 which is the dmz interface IP.
-
do you have proxy in between? that can explain source ip's change
-
No, no proxy. It's as if everthing is nated from the DMZ inteface ip addy.
-
How about next test:
Manual outbound nat rule with following settings:
Do not nat: choose
Interface: opt1
Protocol: what ever traffic you want
Source: LAN subnet
Destination: choose network and you can specify mask bit to 32(applies only one machine)
Description: best solution so far