DNS forward: remote IP address
I have configured DNS forward on my pfSense box to an internal Apache server.
This works great.
However, in the Apache log file there is always the IP address of the pfSense box as this is the one forwarding the call. Is there a possibility to have the DNS forward pass on the remote IP address to the internal Apache server? The reason is that I have fail2ban installed on the Apache server but when there are a number of invalid login attempts the pfSense box is blacklisted and not the remote IP address…
How did you setup the forward.. A normal port forward would show the actual remote IP. If you are natting it then yes it would show the source IP of what did the nat.
example if I forward 80 to my webserver.. And then do a tail on the apache log
xx.xx.240.67 - - [31/Mar/2014:13:56:54 -0500] "GET / HTTP/1.1" 200 481 "-" "Mozilla/5.0 (Windows NT 6.1; rv:28.0) Gecko/20100101 Firefox/28.0"
xx.xx.240.67 - - [31/Mar/2014:13:56:54 -0500] "GET /favicon.ico HTTP/1.1" 404 501 "-" "Mozilla/5.0 (Windows NT 6.1; rv:28.0) Gecko/20100101 Firefox/28.0"
And it shows me the public IP I came from.
I am using Squid3 for the reverse proxy.
Searching the internet I think I need to set X-forward_on but this is not an option presented in the gui…
yeah if your using a reverse proxy then yes you need to set X-forwarder
Yes, I assumed so.
However there is no option for that in the GUI so I will have to go into some config file? When opening the squid.conf file (not sure if that is the correct one but there is no squid3.conf) it informs that the file should not be changed directly. Would you know in which file I can set this parameter? I did search the pfSense forum on the parameter but there was no info on how to set it…
Love to help - but have not played with squid in a really long time.. Would have to install it on my pfsense box to see what to edit.
What I would suggest is you create a new thread, with the right subject and info. You are not doing a port forward or dns forward. Your using a reverse proxy to send the traffic into your internal box.
Your question would prob be best suited in packages section under squid, etc.
Or are you needing to forward to different IPs based upon host header? If not you could just do a normal port forward of http/https to your web server and not use the reverse proxy.