No x-forwarded-for with port forward NAT

  • Hi all.
    I have a strange problem , 2.0.1-RELEASE (amd64) . Im using NAT port forward to NAT my web server income traffic
    on to Apache load balancer who is using mod_proxy .
    I have same settings with different other firewalls ( iptable/Forinet/Chechpoint ) and dont have that problem .
    when I look at the headers I see the PFS internal interface IP .
    I googled but found nothing on this , as well as in this forums .
    is there an attribute I need to check in order for that to work , or am I missing something ?


  • NAT won't mess with anything inside your packets, so this is working as expected.

  • Are you trying to verify this from within your network or outside of your network?

  • I have tested both from inside the LAN and from outside , on both cases
    the results where the same , the x-forwarded-for shows one IP and its the LAN interface IP .
    I have also try to hit from behind a proxy that I have set using squid , when i set this squid to other firewalls i have
    the results are as expected , but on 2 cases where I have pfsense the results are LAN interface IP only .

    This are the firewall rules i got from the conf file


    and this is the NAT settings


  • Try just TCP only. Web Traffic does not flow on UDP.

  • Port forwarding by NAT gateways doesn't touch packet content.

    The X-forwarded… you're referring to is only used by L7 http reverse-proxies (load-balancers etc)