Hello folks,
I have a debian box with 2 NICs, on NIC with a public IP and directly connected to the internet, the other NIC is connected to the internal LAN. This box is responsible for firewall and NAT-ing.
I have these set of rules:
Quote:
# iptables-save
... output omited ...
*nat
:PREROUTING ACCEPT [606190:49471309]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [11340:893364]
-A PREROUTING -d my.public.ip.address -j DNAT --to-destination 192.168.0.220
... output omited ...
*filter
:INPUT ACCEPT [227823:212541623]
:FORWARD ACCEPT [24506610:16645789415]
:OUTPUT ACCEPT [13080680:15040350756]
-A FORWARD -d my.public.ip.address -j ACCEPT
... output omited ...
|
Which DNAT anything coming to the specified public IP address to the internal server.
The issue I am facing is that when a host from the internet tries to connect to this NAT-ted server, the client's IP for that host is the internal IP address of my debian box; But I want the client's IP to appear the real client's IP address.
Anyone have any ideas how to fix this issue?
Any advice is very much appreciated.