IPTables and IIS

Hi.

I've a Linux machine acting as a router, and I've a IIS server in my LAN.

I set up these rules to NAT web traffic to IIS server:

iptables -t nat -A POSTROUTING -j MASQUERADE
iptables -t nat -A PREROUTING -p tcp -s ! my_lan_address/24 -d
external_ip --dport 80 -j DNAT --to iis_server_ip:80

it works great, but I cannot see client IP address that is connecting to my
website. IIS shows me Linux IP ethernet address.

How can I setup iptables' rules to show client's IP address to IIS?

Thank you so much for your help.

Tony.

On Fri, 10 Feb 2006 23:03:45 +0100, Tony wrote:

> I set up these rules to NAT web traffic to IIS server:
>
> iptables -t nat -A POSTROUTING -j MASQUERADE
> iptables -t nat -A PREROUTING -p tcp -s ! my_lan_address/24 -d
> external_ip --dport 80 -j DNAT --to iis_server_ip:80
>
> it works great, but I cannot see client IP address that is connecting to my
> website. IIS shows me Linux IP ethernet address.
>
> How can I setup iptables' rules to show client's IP address to IIS?

First things first. The rule with POSTROUTING, you might want to place
the internet facing interface in this rule. This is why you are only
seeing the Linux IP Address. It's MASQUERADing all traffic no matter
which interface it goes out.


--

Regards
Robert

Smile... it increases your face value!


----== Posted via Newsfeeds.Com - Unlimited-Unrestricted-Secure Usenet News==----
http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+ Newsgroups
----= East and West-Coast Server Farms - Total Privacy via Encryption =----