port forwarding access.log

KpycNuK asked:

If someone could tell me what to read and where to dig – it will be great. Caus I even can’t formulate keywords for searching in google 🙂

For example there is two servers on Debian.

First one is router with IP 77.121.*.* (static Internet IP) and second one – with IP (internal web-server)

First server doing port forwarding to second on ports 80, 443 + some other.

When open access.log on I’ve got something like that:

77.121.*.* - - [10/Dec/2015:13:31:54 +0200] "GET /SOME_PATH HTTP/1.1" 200 3350 "-" "Mozilla/5.0 (X11; Linux i686; rv:44.0) Gecko/     20100101 Firefox/44.0"

As you see most of IP connected going from router.

I haven’t access to the router server not physical nor over ssh (another department) but I could ask to change some parameters on it if needed.

My answer:

Your outside server is reverse proxying to your inside server, not port forwarding.

You can get the “real” IP addresses in the inside server’s logs by configuring the nginx real IP module on the inside server.

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.